156-110 Online Practice Questions and Answers

Which of the following is NOT an auditing function that should be performed regularly?

A. Reviewing IDS alerts

B. Reviewing performance logs

C. Reviewing IDS logs

D. Reviewing audit logs

E. Reviewing system logs

Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?

A. Private data must remain internal to an organization.

B. Data must be consistent between ROBO sites and headquarters.

C. Users must be educated about appropriate security policies.

D. Improvised solutions must provide the level of protection required.

E. Data must remain available to all remote offices.

_______ is the process of confirming that implemented security safeguards work as expected.

A. Penetration testing

B. Exploitation

C. Baselining

D. A vulnerability

E. A countermeasure

____________________ is the state of being correct, or the degree of certainty a person or process can have, that the data in an information asset is correct.

A. Confidentiality

B. Integrity

C. Authenticity

D. Privacy

E. Availability

____________________ educate(s) security administrators and end users about organizations' security policies.

A. Security-awareness training

B. Information Security (INFOSEC) briefings

C. Acceptable-use policies

D. Continuing education

E. Nondisclosure agreements

Which type of access management uses information about job duties and positions, to indicate subjects' clearance levels?

A. Discretionary

B. Role-based

C. Nondiscretionary

D. Hybrid

E. Mandatory

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

A. significantly reduce the chance information will be modified by unauthorized entities.

B. only be used to protect data in transit. Encryption provides no protection to stored data.

C. allow private information to be sent over public networks, in relative safety.

D. significantly reduce the chance information will be viewed by unauthorized entities.

E. prevent information from being destroyed by malicious entities, while in transit.

Which of the following is an example of a simple, physical-access control?

A. Lock

B. Access control list

C. Background check

D. Token

E. Firewall

Which of the following best describes an external intrusion attempt on a local-area network (LAN)?

A. Internal users try to gain unauthorized access to information assets outside the organizational perimeter.

B. External-intrusion attempts from sources outside the LAN are not granted permissions or rights to an organization's information assets.

C. External users attempt to access public resources.

D. External intruders attempt exploitation of vulnerabilities, to remove their own access.

E. Internal users perform inappropriate acts on assets to which they have been given rights or permissions.

A(n) _______________ is an abstract machine, which mediates all access subjects have to objects.

A. ACL

B. Reference monitor

C. State machine

D. TCB

E. Router