156-110 Online Practice Questions and Answers

What is mandatory sign-on? An authentication method that:

A. uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication

B. requires the use of one-time passwords, so users authenticate only once, with a given set of credentials

C. requires users to re-authenticate at each server and access control

D. stores user credentials locally, so that users need only authenticate the first time a local machine is used

E. allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts

_______ intrusion detection involves comparing traffic to known characteristics of malicious traffic, known as attack signatures.

A. Pattern matching

B. Statistical anomaly

C. Behavioral analysis

D. Host

E. Network

Virtual corporations typically use a(n) _______ for maintaining centralized information assets.

A. Off-line repository

B. Floppy disk

C. Data warehouse

D. CD-ROM burner

E. Colocation

Enterprise employees working remotely require access to data at an organization's headquarters. Which of the following is the BEST method to transfer this data?

A. Standard e-mail

B. Faxed information

C. Dial-in access behind the enterprise firewall

D. Virtual private network

E. CD-ROMs shipped with updated versions of the data

Which of the following entities review partner-extranet requirements?

A. Information systems

B. Shipping and receiving

C. Marketing

D. Requesting department

E. Chief Information Officer

At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments' directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?

A. Centralized access management

B. Role-based access management

C. Hybrid access management

D. Decentralized access management

E. Privileged access management

You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?

A. No, because the software vendor could have changed the code after testing, which is not verifiable.

B. No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.

C. Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.

D. Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.

E. No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

The items listed below are examples of ___________________ controls.

*Smart cards *Access control lists *Authentication servers *Auditing

A. Role-based

B. Administrative

C. Technical

D. Physical

E. Mandatory

Which of the following is NOT a concern for enterprise physical security?

A. Network Intrusion Detection Systems

B. Social engineering

C. Dumpster diving

D. Property theft

E. Unauthorized access to a facility

What type of document contains information on alternative business locations, IT resources, and personnel?

A. End-user license agreement

B. Nondisclosure agreement

C. Acceptable use policy

D. Security policy

E. Business continuity plan