Home
You may like this!
1.
What is the definition of the principle of least privilege?

  • A.
    Allowing all users full control over a network to keep administrative responsibilities to a minimum
  • B.
    Keeping the number of system users with access to a minimum
  • C.
    Granting users only the minimum privileges needed to accomplish assigned work tasks
  • D.
    Designing applications that do not have high levels of privilege
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
The defi nition of the principle of least privilege is granting users only the minimum privileges needed to accomplish assigned work tasks.
Report
Name Email  
2.
What is the process of assigning groups of tasks to different users to prevent collusion and avoid conflicts of interest?
  • A.
    Principle of least privilege
  • B.
    Separation of duties
  • C.
    Mandatory access control
  • D.
    Integrity assurance
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
Separation of duties is the process of assigning groups of tasks to different users to prevent collusion and to avoid confl icts of interest. The principle of least privilege is assigning users the minimal amount of access required to accomplish their work tasks. Mandatory access control is a means to control access by using classifi cations of subjects and objects. Integrity assurance is the process that ensures the controls put in place to maintain data integrity are operating properly.
Report
Name Email  
3.
To prevent any one person from having too much control or power, or performing fraudulent acts, which of the following solutions should not be implemented?
  • A.
    M of N control
  • B.
    Job rotation
  • C.
    Multiple key pairs
  • D.
    Separation of duties
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
Job rotation isn’t appropriate because one person is still in charge of a particular position. M of N control, multiple key pairs, and separation of duties should be used to prevent a single person from compromising an entire system.
Report
Name Email  
4.
What is the primary goal of risk management?
  • A.
    Reduce risk to an acceptable level
  • B.
    Remove all risks from an environment
  • C.
    Minimize security cost expenditures
  • D.
    Assign responsibilities to job roles
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
The correct answer is to reduce or mitigate risk to an acceptable level. It’s virtually impossible to remove all risks from an environment. It may be a goal of upper management in general to minimize security cost. Assigning responsibilities to job roles might be accomplished by the department heads.
Report
Name Email  
5.
Which of the following best describes the use of a PIN number?
  • A.
    Authentication
  • B.
    Authorization
  • C.
    Auditing
  • D.
    Access control
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
A PIN provides authentication. It is something you know.
Report
Name Email