CISSP认证考试（访问控制）模拟试卷1 - 众享搜题网

登录　| 注册　| 充值

首页 > 计算机 > CISSP认证 > CISSP认证考试（访问控制）模拟试卷1

Which of the following does not correctly describe a directory service? It manages objects within a directory by using namespaces. It enforces security policy by carrying out access control and identity management functions. It assigns namespaces to each object in databases that are based on the X.509 standard and are accessed by LDAP. It allows an administrator to configure and manage how identification takes place within the network.

Hannah has been assigned the task of installing Web access management(WAM) software. What is the best description for what WAM is commonly used for? Control external entities requesting access through X.500 databases Control external entities requesting access to internal objects Control internal entities requesting access through X.500 databases Control internal entities requesting access to external objects

There are several types of password management approaches used by identity management systems. Which of the following reduces help-desk call volume, but is also criticized for the ease with which a hacker could gain access to multiple resources if a password is compromised? Management password reset Self-service password reset Password synchronization Assisted password reset

A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn’t try to compromise a flaw or weakness. Which of the following is not a side-channel attack? Differential power analysis Microprobing analysis Timing analysis Electromagnetic analysis

Which of the following does not describe privacy-aware role-based access control? It is an example of a discretionary access control model. Detailed access controls indicate the type of data that users can access based on the data’s level of privacy sensitivity. It is an extension of role-based access control. It should be used to integrate privacy policies and access control policies.

What was the direct predecessor to Standard Generalized Markup Language(SGML)? Hypertext Markup Language (HTML) Extensible Markup Language (XML) LaTeX Generalized Markup Language (GML)

Brian has been asked to work on the virtual directory of his company’s new identity management system. Which of the following best describes a virtual directory? Meta-directory User attribute information stored in an HR database Virtual container for data from multiple sources A service that allows an administrator to configure and manage how identification takes place

Emily is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this? Brute-force attack Dictionary attack Social engineering attack Replay attack

Which of the following correctly describes a federated identity and its role within identity management processes? A nonportable identity that can be used across business boundaries A portable identity that can be used across business boundaries An identity that can be used within intranet virtual directories and identity stores An identity specified by domain names that can be used across business boundaries

Phishing and pharming are similar. Which of the following correctly describes the difference between phishing and pharming? Personal information is collected from victims through legitimate-looking Web sites in phishing attacks, while personal information is collected from victims via e-mail in pharming attacks. Phishing attacks point e-mail recipients to a form where victims input personal information, while pharming attacks use pop-up forms at legitimate Web sites to collect personal information from victims. Victims are pointed to a fake Web site with a domain name that looks similar to a legitimate site’s in a phishing attack, while victims are directed to a fake Web site as a result of a legitimate domain name being incorrectly translated by the DNS server Phishing is a technical attack, while pharming is a type of social engineering.

Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency? User activities are monitored and tracked without negatively affecting system performance. User activities are monitored and tracked without the user knowing about the mechanism that is carrying this out. Users are allowed access in a manner that does not negatively affect business processes. Unauthorized access attempts are denied and logged without the intruder knowing about the mechanism that is carrying this out.

What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules? XML SPML XACML GML

The importance of protecting audit logs generated by computers and network devices is highlighted by the fact that it is required by many of today’s regulations. Which of the following does not explain why audit logs should be protected? If not properly protected, these logs may not be admissible during a prosecution. Audit logs contain sensitive data and should only be accessible to a certain subset of people. Intruders may attempt to scrub the logs to hide their activities. The format of the logs should be unknown and unavailable to the intruder.

Harrison is evaluating access control products for his company. Which of the following is not a factor he needs to consider when choosing the products? Classification level of data Level of training that employees have received Logical access controls provided by products Legal and regulation issues

There are several types of intrusion detection systems (IDSs). What type of IDS builds a profile of an environment’s normal activities and assigns an anomaly score to packets based on the profile? State-based Statistical anomaly-based Misuse detection system Protocol signature-based

A rule-based IDS takes a different approach than a signature-based or anomalybased system. Which of the following is characteristic of a rule-based IDS? Uses IF/THEN programming within expert systems Identifies protocols used outside of their common bounds Compares patterns to several activities at once Can detect new attacks

Sam plans to establish mobile phone service using the personal information he has stolen from his former boss. What type of identity theft is this? Phishing True name Pharming Account takeover

Of the following, what is the primary item that a capability listing is based upon? A subject An object A product An application

Alex works for a chemical distributor that assigns employees tasks that separate their duties and routinely rotates job assignments. Which of the following best describes the differences between these countermeasures? They are the same thing with different titles. They are administrative controls that enforce access control and protect the company’s resources. Separation of duties ensures that one person cannot perform a high-risk task alone, and job rotation can uncover fraud because more than one person knows the tasks of a position. Job rotation ensures that one person cannot perform a high-risk task alone, and separation of duties can uncover fraud because more than one person knows the tasks of a position.

What type of markup language allows company interfaces to pass service requests and the receiving company provision access to these services? XML SPML SGML HTML

相关试卷

CISSP认证考试模拟试卷4
CISSP认证考试模拟试卷3
CISSP认证考试模拟试卷2
CISSP认证考试模拟试卷1
CISSP认证考试（软件开发安全）模拟试卷1
CISSP认证考试（访问控制）模拟试卷1
CISSP认证考试（信息安全治理与风险管理）模拟试卷1
CISSP认证考试（通信安全与网络安全）模拟试卷1
CISSP认证考试（安全体系结构和设计）模拟试卷1
CISSP认证考试（密码学）模拟试卷1
CISSP认证考试（物理安全与环境安全）模拟试卷1
CISSP认证考试（法律、法规、调查与合规）模拟试卷1
CISSP认证考试（业务连续性和灾难恢复）模拟试卷1
CISSP认证考试（安全运营）模拟试卷1