Recent

  • Show all results for ""
40 Questions
1 Views
3.7 Stars

Week 3

Test your knowledge on regular examination of audit and event logs, detecting unwanted events like attempted break-ins, system malfunctions, and account abuse. Explore audit log protection techniques such as write-once media and centralized audit logs.

Created by
@LowRiskBlack
Study Flashcards Play Quiz
1/40
Find out if you were right!
Create an account to continue playing and access all the benefits such as generating your own quizzes, flashcards and much more!
Get started for free
Quiz Team

Access to a Library of 520,000+ Quizzes & Flashcards

Explore diverse subjects like math, history, science, literature and more in our expanding catalog.

Get started for free
Study Flashcards Play Quiz

Questions and Answers

What is the difference between identification and authentication?

Identification verifies the user's identity, while authentication provides a proven assertion of identity.

Which of the following is an example of biometric authentication?

Fingerprint scan

What does multi-factor authentication rely on?

At least two factors: knowledge-based, possession-based, or entity-based

In terms of access controls, what does Single Sign-On (SSO) provide?

<p>Centralized identity for multiple applications with session management</p> Signup and view all the answers

Which of the following is not an authentication standard mentioned in the text?

<p>IMAP</p> Signup and view all the answers

What is the main advantage of Single Sign-On (SSO) in identity management?

<p>Allows authentication once to access multiple systems</p> Signup and view all the answers

Which authentication weakness arises if an intruder compromises a password in a Single Sign-On (SSO) environment?

<p>Access to all participating systems</p> Signup and view all the answers

What technology is NOT typically used for centralized management of access controls?

<p>Two-factor authentication</p> Signup and view all the answers

Which of the following is not a common issue related to password management?

<p>Single Sign-On integration</p> Signup and view all the answers

What is a potential drawback of Single Sign-On (SSO) implementation in practice?

<p>It may be harder to achieve in practice due to integration issues</p> Signup and view all the answers

Which authentication method relies on something the user has?

<p>Fingerprint</p> Signup and view all the answers

What type of assertion of identity is authentication?

<p>Proven assertion</p> Signup and view all the answers

Which factor of authentication does a token fall under?

<p>Something the user has</p> Signup and view all the answers

What does multi-factor authentication typically combine?

<p>Various types of authentication factors</p> Signup and view all the answers

Which standard is commonly associated with biometric authentication implementation?

<p>Biometric Identification Protocol</p> Signup and view all the answers

What is a common weakness of traditional userid + password authentication?

<p>Easily guessed passwords</p> Signup and view all the answers

Which of the following is an example of multi-factor authentication?

<p>Iris scan</p> Signup and view all the answers

What makes biometric authentication stronger than traditional userid + password authentication?

<p>Measures a part of user's body</p> Signup and view all the answers

Which type of authentication requires what the user knows and has?

<p>Token-based authentication</p> Signup and view all the answers

What is the purpose of multi-factor authentication in defeating password guessing/cracking?

<p>To ensure the user has a second factor besides a password</p> Signup and view all the answers

What is the purpose of hashing a user's password in the authentication process?

<p>To compare the hash with the stored hash for user authentication</p> Signup and view all the answers

Why is it recommended to store user passwords encrypted or hashed in a system?

<p>To prevent unauthorized access to user passwords</p> Signup and view all the answers

What security measure should be implemented for better protection against rainbow table attacks when storing passwords?

<p>Using 'salting' in password hashing</p> Signup and view all the answers

How does multi-factor authentication differ from traditional username and password authentication?

<p>Multi-factor authentication requires multiple forms of verification</p> Signup and view all the answers

In which scenario would using biometric authentication be most appropriate?

<p>High-security facilities where physical access is restricted</p> Signup and view all the answers

What is the main weakness associated with Reduced Sign-On compared to Single Sign-On (SSO)?

<p>No inter-system session management</p> Signup and view all the answers

Why is it recommended to combine Reduced Sign-On with two-factor authentication?

<p>To enhance security by adding an extra layer beyond passwords</p> Signup and view all the answers

What is a common issue that arises when access rights are not properly managed during internal transfers?

<p>Accumulation of privileges</p> Signup and view all the answers

Which of the following is a key step in the Access Requests and Provisioning process?

<p>Conducting a periodic access review</p> Signup and view all the answers

Why is two-factor authentication considered more secure than single-factor authentication?

<p>It combines two different forms of identification</p> Signup and view all the answers

Which type of attack method involves attempting to interfere with or gain control of a system using malicious code?

<p>Buffer overflow</p> Signup and view all the answers

What process includes activities such as access requests, internal transfers, terminations, periodic reviews, and audits?

<p>Access management</p> Signup and view all the answers

Which type of control aims to protect assets using various layers of security measures?

<p>Defense in depth control</p> Signup and view all the answers

What kind of testing is used to evaluate access controls through the examination of system vulnerabilities?

<p>Application vulnerability testing</p> Signup and view all the answers

Which method of attack aims to deceive individuals into disclosing sensitive information?

<p>Phishing</p> Signup and view all the answers

What principle advocates limiting user access rights to only what is essential for performing job functions?

<p>Least privilege</p> Signup and view all the answers

Which type of control is used to identify and respond to security incidents after they have occurred?

<p>Corrective control</p> Signup and view all the answers

What mechanism is employed to verify an individual's claimed identity using unique biological traits?

<p>Biometric authentication</p> Signup and view all the answers

'Separation of duties' in access controls refers to:

<p>Dividing tasks between different employees</p> Signup and view all the answers

Which type of authentication involves providing something you have (like an ID card) and something you know (like a password)?

<p>Multi-factor authentication</p> Signup and view all the answers

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Get started for free
Quiz Team

More Quizzes Like This

CISSP Attack Identification Quiz
6 questions

CISSP Attack Identification Quiz

RevolutionaryMossAgate avatar
RevolutionaryMossAgate
Master the Eight CISSP Security Domains
5 questions

CISSP Exam Prep: Master the 8 Security Domains Quiz & Flashcards

EnergeticTriumph avatar
EnergeticTriumph
Master the Eight CISSP Security Domains
50 questions

Master the Eight CISSP Security Domains

EnergeticTriumph avatar
EnergeticTriumph
CISSP Domains Quiz
20 questions

CISSP Shared Responsibility Quiz: Core Concept Domains

AmusingPeridot avatar
AmusingPeridot
Use Quizgecko on...
Browser
Open
Browser
Browser