2 cissp ® Official Study Guide Eighth Edition

D. Compliance-based access control model 15

Download 19,3 Mb.

Pdf ko'rish

bet	618/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 614 615 616 617 618 619 620 621 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

D.
Compliance-based access control model
15.
What would an organization do to identify weaknesses?
A.
Asset valuation
B.
Threat modeling
C.
Vulnerability analysis
D.
Access review
16.
Which of the following can help mitigate the success of an online brute-force attack?
A.
Rainbow table
B.
Account lockout
C.
Salting passwords
D.
Encryption of password
17.
Which of the following would provide the best protection against rainbow table attacks?
A.
Hashing passwords with MD5
B.
Salt and pepper with hashing
C.
Account lockout
D.
Implement RBAC
18.
What type of attack uses email and attempts to trick high-level executives?
A.
Phishing
B.
Spear phishing
C.
Whaling
D.
Vishing
Refer to the following scenario when answering questions 19 and 20:
An organization has recently suffered a series of security breaches that have damaged
its reputation. Several successful attacks have resulted in compromised customer data-
base files accessible via one of the company’s web servers. Additionally, an employee
had access to secret data from previous job assignments. This employee made copies of
the data and sold it to competitors. The organization has hired a security consultant to
help them reduce their risk from future attacks.

660
Chapter 14
■
Controlling and Monitoring Access
19.
What would the consultant use to identify potential attackers?
A.
Asset valuation
B.
Threat modeling

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 614 615 616 617 618 619 620 621 ... 881