Access Control11Word格式.docx
- 文档编号:16128542
- 上传时间:2022-11-20
- 格式:DOCX
- 页数:80
- 大小:69KB
Access Control11Word格式.docx
《Access Control11Word格式.docx》由会员分享,可在线阅读,更多相关《Access Control11Word格式.docx(80页珍藏版)》请在冰豆网上搜索。
4/5|Relevancy:
3/3
ThereareparallelsbetweenthetrustmodelsinKerberosandinPKI.Whenwecomparethemsidebyside,Kerberosticketscorrespondmostcloselytowhichofthefollowing?
o
publickeys
privatekeys
o
public-keycertificates
private-keycertificates
C.AKerberosticketisissuedbyatrustedthirdparty;
itisanencrypteddatastructurethatincludestheserviceencryptionkey.Inthatsenseitissimilartoapublic-keycertificate.However,theticketisnotakey.Andthereisnosuchthingasaprivatekeycertificate.
Studyareas:
CISSPCBKdomain#1-AccessControl,CISSPCBKdomain#5-Cryptography
Coveredtopics
(2):
Kerberos,X.509Digitalcertificates
Thisquestion©
Copyright2003–2006cccure.org.
2.Question:
423|Difficulty:
1/5|Relevancy:
Whatiscalledapasswordthatisthesameforeachlog-onsession?
"
one-timepassword"
two-timepassword"
staticpassword
dynamicpassword
C.Apasswordthatisthesameforeachlog-oniscalledastaticpassword.
Source:
KRUTZ,RonaldL.&
VINES,RusselD.,TheCISSPPrepGuide:
MasteringtheTenDomainsofComputerSecurity,2001,JohnWiley&
Sons,Page36.
Contributor:
RakeshSud
Studyarea:
CISSPCBKdomain#1-AccessControl
Coveredtopic:
Passwords
Copyright2003–2006RakeshSud,cccure.org.
3.Question:
88|Difficulty:
Atimelyreviewofsystemaccessauditrecordswouldbeanexampleofwhichofthebasicsecurityfunctions?
avoidance.
deterrence.
prevention.
detection.
D.Thecorrectansweris:
Byreviewingsystemlogsyoucandetecteventsthathaveoccured.
Thefollowinganswersareincorrect:
avoidance.Thisisincorrect,avoidanceisadistractor.Byreviewingsystemlogsyouhavenotavoidedanything.
deterrence.Thisisincorrectbecausesystemlogsareahistoryofpastevents.Youcannotdetersomethingthathasalreadyoccurred.
prevention.Thisisincorrectbecausesystemlogsareahistoryofpastevents.Youcannotpreventsomethingthathasalreadyoccurred.
Lastmodified6/08/2007-J.Hajec
Comment:
Atimelyreviewoftheauditlogswouldprovideearlydetectionofpossibleandintentionalabusesbutdoesnothingtopreventoccurrenceofabuses,ifany.Anearlydetectionwouldleadtopreventionofmuchseriousabuseslateron.Auditingcanbeseenasadetectionexercisemorethanapreventiveexercise.
References:
OIGCBKGlossary(page791)
KamrenLee
Account,logandjournalmonitoring
4.Question:
1241|Difficulty:
2/5|Relevancy:
Identificationandauthenticationarethekeystonesofmostaccesscontrolsystems.Identificationestablishes:
useraccountabilityfortheactionsonthesystem.
topmanagementaccountabilityfortheactionsonthesystem.
EDPdepartmentaccountabilityfortheactionsofusersonthesystem.
authenticationforactionsonthesystem
A.Identificationandauthenticationarethekeystonesofmostaccesscontrolsystems.Identificationestablishesuseraccountabilityfortheactionsonthesystem.
Contributors:
RakeshSud,SasaVidanovic
Accesscontrolobjectives
5.Question:
438|Difficulty:
Whichofthefollowingbiometriccharacteristicscannotbeusedtouniquelyauthenticateanindividual'
sidentity?
Retinascans
Irisscans
Palmscans
Skinscans
D.Thefollowingaretypicalbiometriccharacteristicsthatareusedtouniquelyauthenticateanindividual'
sidentity:
-Fingerprints
-Retinascans
-Irisscans
-Facialscans
-Palmscans
-Handgeometry
-Voice
-Handwrittensignaturedynamics
Sons,Page39.
And:
HARRIS,Shon,All-In-OneCISSPCertificationExamGuide,McGraw-Hill/Osborne,2002,chapter4:
AccessControl(pages127-131).
RakeshSud,ChristianVezina,donmurdoch
Biometrics
6.Question:
408|Difficulty:
Whatiscalledtheaccessprotectionsystemthatlimitsconnectionsbycallingbackthenumberofapreviouslyauthorizedlo
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Access Control11
![提示](https://static.bdocx.com/images/bang_tan.gif)