ISC2 Cybersecurity Certification Post Assessment & Pre- Assessment Exams (New 2024/ 2025 Update) Questions and Verified Answers| 100% Correct| A Grade
... [Show More]
QUESTION
In order for a biometric security to function properly, an authorized per- son's physiological data must be
A) Broadcast
B) Stored
C) Deleted
D) Modified
Answer:
B is correct. A biometric security system works by capturing and recording a physiological trait of the authorized person and storing it for comparison whenever that person presents the same trait in the future. A is incorrect; access control information should not be broadcast. C is incorrect; if all biometric data is erased, the data cannot be used for comparison purposes to grant access later. D is incorrect; biometric data should not be modified, or it may become useless for comparison purposes.
QUESTION
All visitors to a secure facility should be
A) Fingerprinted B) Photographed C) Escorted
D) Required to wear protective equipment
Answer:
C is correct. In a secure facility, visitors should be escorted by an authorized person. A is incorrect; it is not feasible to fingerprint every visitor to a facility. Moreover, it might not be legal, depending on the
jurisdiction. B is incorrect; some facilities may be in jurisdictions that restrict the use of photographic surveillance in the workplace. D is incorrect; not all secure facilities require the use of protective equipment.
QUESTION
Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a
A) Turnstile
B) Fence
C) Vacuum
D) Firewall
Answer:
A firewall is a solution used to filter traffic between networks, including between the internal environment and the outside world. D is the correct answer. A and B are incorrect; a turnstile and a fence are physical access control mechanisms. C is incorrect; a vacuum does not affect network traffic, and the term is used here only as a distractor.
QUESTION
Which of these is an example of a physical access control mechanism?
A) Software-based firewall at the perimeter of the network
B) A lock on a door
C) Network switches that filter according to MAC addresses
D) A process that requires two people to act at the same time to perform a function
Answer:
B is correct. A lock on a door restricts physical access to the area on the other side of the door to only those personnel who have the appropriate entry mechanism (key, badge, etc.). A and C are both technical/logical controls. D is an administrative control.
QUESTION
Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: 3.1)
A) Role-based access controls (RBAC) B) Mandatory access controls (MAC)
C) Discretionary access controls (DAC)
D) Alleviating threat access controls (ATAC)
Answer:
A is correct. Role-based access controls often function in this manner, where the employee's job responsibilities dictate exactly which kinds of access the employee has. This also enforces the concept of "least privilege." B and C are incorrect; those access control models don't
function in the same way as RBAC. D is incorrect; there is no ATAC in this context, and the term is only used here as a distractor.
QUESTION
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? 3.1)
A) Role-based access controls (RBAC) B) Mandatory access controls (MAC)
C) Discretionary access controls (DAC)
D) Logging
Answer:
A is correct. RBAC can aid in reducing "privilege creep," where em- ployees who stay with the company for a long period of time might get excess permissions within the environment. B and C are incorrect; MAC and DAC do not offer this type of assurance. D is incorrect; logging will demonstrate user activity, but doesn't aid in reducing excess permissions.
QUESTION
Guillermo logs onto a system and opens a document file. In this example, Guillermo is: 1.1)
A) The subject B) The object C) The process
D) The software
Answer:
A is correct. Guillermo is the subject in this example. B is incorrect; in this example, the file is the object. C is incorrect; in this example, the process is logging on and opening the file. D is incorrect; in this example, the application used to open the file is the software.
QUESTION
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.
In this situation, what is the database? 1.1)
A) The object
B) The rule
C) The subject
D) The site
Answer:
A is correct. Prachi is manipulating the database, so the database is the object in the subject-object-rule relationship in this case. B and C are incorrect, because the database is the object in this situation. D is incorrect because "site" has no meaning in this context.
QUESTION
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this?
A) Suvid broke the law
B) Suvid's password has expired
C) Suvid made the manager angry
D) Someone hacked Suvid's machine
Answer:
B is correct. Typically, users are required to reset passwords when the password has reached a certain age. Permanent passwords are more likely to be compromised or revealed. A, C and D are incorrect; these are not likely reasons to require password refresh.
QUESTION
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a "classification." Every person in the agency is assigned a "clearance" level, which determines the classification of data each person can access.
What is the access control model being implemented in Tekila's agency? 3.1)
A) MAC (mandatory access control)
B) DAC (discretionary access control) C) RBAC (role-based access control)
D) FAC (formal access control)
Answer:
A is correct. This is an example of how MAC can be implemented. B is incorrect; in discretionary access control, operational managers are granted authority to determine which [Show Less]