APPENDIX |
Answer Key |
CHAPTER 1 Access Control Framework
1. Policies 2. B 3. C 4. A 5. Unknown 6. B 7. D 8. C 9. B 10. D 11. A 12. Administrative 13. B 14. Behavioral
CHAPTER 2 Business Drivers for Access Controls
1. A 2. Confidential 3. A 4. A 5. A 6. B 7. A 8. A 9. A
CHAPTER 3 Human Nature and Organizational Behavior
1. Status, wealth 2. A 3. F 4. C 5. A 6. B 7. Disgruntled 8. E 9. A 10. A and C 11. Two-person control 12. A 13. B 14. A
CHAPTER 4 Assessing Risk and Its Impact on Access Control
1. Probability of occurrence 2. A 3. Quantitative 4. B 5. B 6. A 7. A, B, and C 8. B 9. B 10. A 11. A 12. B 13. B 14. $150,000 15a. $1.5 million 15b. 10% 15c. $150,000 15d. 3 15e. $450,000
CHAPTER 5 Access Control in the Enterprise
1. D 2. Mandatory access control (MAC), discretionary access control (DAC), role-based access control (RBAC), attribute-based access control (ABAC) 3. B and C 4. B 5. B, C, and E 6. A 7. A and C 8. C 9. C 10. A 11. A 12. C 13. A 14. C 15. B
CHAPTER 6 Mapping Business Challenges to Access Control Types
1. A 2. Risk avoidance 3. Risk acceptance 4. Risk transference 5. Risk mitigation 6. Integrity 7. A 8. Sensitive 9. D 10. C 11. B 12. B 13. View full record
CHAPTER 7 Access Control System Implementations
1. B 2. ISO 3. A 4. B and C 5. D 6. Federal Financial Institutions Examinations Council (FFEIC) 7. A 8. C 9. NIST
CHAPTER 8 Access Control for Information Systems
1. Industrial control system (ICS) 2. B 3. ACL 4. System-audit 5. Binary large objects, or BLOBs 6. B 7. A 8. A 9. B 10. Linux 11. B 12. A and C
CHAPTER 9 Physical Security and Access Control
1. B 2. C 3. B 4. B and D 5. D 6. A 7. Dark 8. D 9. Physiological, behavioral 10. B 11. The point at which Type I and Type II errors are equal 12. D 13. A 14. D 15. B
CHAPTER 10 Access Control Solutions for Remote Workers
1. B 2. Authentication, Authorization, and Accounting 3. B 4. B, C, and E 5. A 6. C 7. A, C, and D 8. B 9. A 10. D 11. Two-way 12. Three-way 13. C 14. B
CHAPTER 11 Public Key Infrastructure and Encryption
1. B 2. B 3. B and C 4. A 5. B 6. A, B, and C 7. Certificate Practice Statement (CPS) 8. C 9. C 10. B and E
CHAPTER 12 Testing Access Control Systems
1. A 2. D 3. B and C 4. Nonintrusive 5. Intrusive 6. C 7. A 8. E 9. A 10. A 11. B 12. C 13. C 14. A, C, and D
CHAPTER 13 Access Control Assurance
1. Confidentiality, integrity, availability 2. C 3. A, C, and D 4. B 5. A 6. Blacklist 7. Whitelist 8. A 9. C 10. B 11. B 12. B 13. C
CHAPTER 14 Access Control Laws, Policies, and Standards
1. A 2. C 3. B 4. A 5. A 6. Administrative 7. Publicly traded 8. A 9. B 10. Acceptable Use 11. Guidelines
CHAPTER 15 Security Breaches and the Law
1. B 2. A 3. B 4. Privacy impact assessment 5. E 6. A and C 7. A, B, D, and E 8. A 9. A 10. Vandalism 11. A
18.118.226.105