Chapter 1 Test Bank

Multiple Choice Questions

1. Fundamentally, __________ refers to the ability of a subject and an object to

interact.

A. authorization
B. access
C. biometrics
D. identification

Answer: B Reference: p 2

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

2. ____________ define the allowable interactions between subjects and

objects.

A. Credentials
B. Responsibilities
C. Procedures
D. Access controls

Answer: D Reference: p 4

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

3. There are three principal components of any access control scenario:

policies, subjects, and ____________. <<AU: This essentially duplicates
the next question.>>

A. tools
B. procedures
C. objects
D. access
Answer: C Reference: p 4

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

4. There are three principal components of any access control scenario:

subjects, objects, and ___________.
A. Credentials
B. Passwords
C. tokens
D. policies

Answer: D Reference: p 4

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

5. There are three types of subjects when it comes to access control for a
specific resource: authorized, unauthorized, and __________________.

A. unknown
B. authenticated
C. objects
D. unauthenticated

Answer: A Reference: p 5

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

6. What term is used to describe the process or mechanism of granting or

denying use of a resource, typically applied to users or generic network
traffic? <<AU: This duplicates MC question 16.>>

A. identification
B. passphrase
C. procedure
D. access control

Answer: D Reference: p 4

Explanation:

Type: Multiple Choice Difficulty: Medium Category: Understand

7. The process known as AAA (or triple A) security involves three

components. _____________ means ensuring that an authenticated user is
allowed to perform the requested action.

A. Authentication
B. Authorization
C. Access
D. Accounting

Answer: B Reference: p 5

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

8. The process known as AAA (or triple A) security involves three

components. _____________ means ensuring that users are who they claim to
be.

A. Accounting
B. Access
C. Authorization
D. Authentication

Answer: D Reference: p 5

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

9. Users are not the only subjects in access control systems. Technological
resources may also serve as subjects. A(n) ___________ can be a subject when
it attempts to access other resources on the same computer or over the
network.

A. application
B. system
C. process
D. network

Answer: A Reference: p 6

Explanation:

Type: Multiple Choice Difficulty: Medium Category: Understand

10. There are three main categories of objects to be protected by access

controls: information, technology, and _____________.

A. applications
B. processes
C. physical location
D. networks

Answer: C Reference: p 6

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

11. There are three main categories of objects to be protected by access

controls: ___________, technology, and physical location.
A. information
B. tokens
C. processes
D. networks

Answer: A Reference: p 6

Explanation:

Type: Multiple Choice Difficulty: Medium Category: Understand

12. Passwords, tokens, and fingerprint scans are all examples of ________.

A. identification
B. authentication
C. authorization
D. credentials

Answer: B Reference: p 8

Explanation:

Type: Multiple Choice Difficulty: Medium Category: Understand

13. _____________ is a set of rights defined for a subject and an object. They
are based on the subjects identity.

A. Authentication
B. Authorization
C. Credentials
D. Passwords

Answer: B Reference: p 9

Explanation:

Type: Multiple Choice Difficulty: Medium Category: Understand

14. You can define objects at many levels, depending on your business
needs. An example of an object is a(n) ______________. For example, you may
restrict access to the CEOs laptop so that only the CEO and his or her
administrative assistant have permission to log on to it. correct

A. application
B. system
C. operating system
D. network

Answer: B Reference: p 12

Explanation:
Type: Multiple Choice Difficulty: Medium Category: Understand

15. There are two primary types of biometric authentication systems:

physical and ______________.

A. mnemonic
B. physiological
C. psychological
D. behavioral

Answer: D Reference: p 15

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

16. What name is given to the process or mechanism of granting or denying

use of a resource typically applied to users or generic network traffic?

A. access control
B. authentication
C. biometrics
D. identificationpassword

Answer: A Reference: p 4

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

17. Which of the following is the definition of authentication factor?

A. A secret combination of characters known only to the subject.

B. A way of confirming the identity of a subject. The three authentication
factors are something you know, something you have, and something you
are.
C. The user, network, system, process, or application requesting access to a
resource.
D. Something only the subject and the authentication system know.
Answer: B Reference: p 8

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

18. What is meant by authorization? different question genre, allowable.

A. The decision to allow or deny a subject access to an object.

B. The ability of a subject and an object to interact.
C. The user, network, system, process, or application requesting access to a
resource.
D. A secret combination of characters known only to the subject.

Answer: A Reference: p 9

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

19. What term is used to describe the user, network, system, process, or
application requesting access to a resource?Different question genre,
allowable.

A. shared secret
B. object
C. access control
D. subject

Answer: D Reference: p 5

Explanation:

Type: Multiple Choice Difficulty: Easy Category: Understand

20. What term is used to describe a technical method or control used to

complete a task or achieve a goal, such as enforcing policies?

A. password
B. identification
C. tool
D. shared secret

Answer: C Reference: p 5

Explanation:

Type: Multiple Choice Difficulty: Hard Category: Understand

True/False Questions

1. The subject in an access control scenario is a person or another

application requesting access to a resource such as the network, a file
system, or a printer.

A. True
B. False

Answer: A Reference: p 5

Explanation:

Type: True/False

2. Someone allowed to access the resource moves to the control state.

A. True
B. False

Answer: B Reference: p 5

Explanation: They move to the authorized state. confirmed

Type: True/False

3. Identification builds on authentication by requiring that the subject provide

proof of its identity.

A. True
B. False

Answer: B Reference: p 8

Explanation: Authentication builds on identification by requiring that the

subject provide proof of its identity.

Type: True/False

4. Authorization is a set of rights defined for a subject and an object. They

are based on the subjects identity.Different question genre.

A. True
B. False

Answer: A Reference: p 9

Explanation:

Type: True/False

5. Granting access by groups rather than by individuals reduces individual

accountability for activities.

A. True
B. False

Answer: B Reference: p 11

Explanation:

Type: True/False

6. A password is the most common authentication tool.

A. True
B. False

Answer: A Reference: p 13

Explanation:

Type: True/False

7. Access control is an authentication system based on physical

characteristics or behavioral tendencies of an individual.

A. True
B. False
Answer: B Reference: p 4

Explanation:

Type: True/False

8. The term authentication describes the process of confirming the identity of

a user. It also means ensuring that a sender and a recipient are who they say
they are.

A. True
B. False

Answer: A Reference: p 8

Explanation:

Type: True/False

9. The term authentication factor refers to the decision to allow or deny a

subject access to an object.

A. True
B. False

Answer: B Reference: p 8

Explanation: The term authentication factor refers to a way of confirming the

identity of a subject.

Type: True/False

10. An authentication system based on the physical characteristics or

behavioral tendencies of an individual is the definition of biometrics.

A. True
B. False

Answer: A Reference: p 15
Explanation:

Type: True/False

11. The term passphrase refers to something only the subject and the
authentication system know.

A. True
B. False

Answer: B Reference: p 14

Explanation: The term passphrase refers to a phrase or sentence used in

place of a password.

Type: True/False

12. The process of ensuring that no one without the proper credentials can
physically access resources is the definition of physical security.

A. True
B. False

Answer: A Reference: p 6

Explanation:

Type: True/False

13. The term procedures describes the process by which a subject or object
identifies itself to the access control system.

A. True
B. False

Answer: B Reference: p 5

Explanation: The term procedures describes a defined series of steps or

actions for achieving an objective or result.
Type: True/False

14. Subject is the user, network, system, process, or application requesting

access to a resource.

A. True
B. False

Answer: A Reference: p 4

Explanation:

Type: True/False
Test Bank Statistics Summary

Multiple Choice
Category Stats
Analyze: 0
Apply: 0
Evaluate: 0
Remember: 0
Understand: 20

Difficulty Stats
Easy: 13 Medium: 6 Hard: 1

Total Multiple Choice Questions: 20

True/False
Total True/False Questions: 14

All Questions
Category Stats
Analyze: 0
Apply: 0
Evaluate: 0
Remember: 0
Understand: 20

Difficulty Stats
Easy: 13 Medium: 6 Hard: 1

Total Questions in Test Bank: 34