Chapter 5 ■ dentity and Access Management (Domain 5)I 111
A. RBAC
B. DAC
C. M AC
D. TBAC
- Which of the following is not a valid LDAP DN (distinguished name)?
A. cn=ben+ou=sales
B. ou=example
C. cn=ben,ou=example;
D. ou=example,dc=example,dc=com+dc=org
- When a subject claims an identity, what process is occurring?
A. Login
B. Identification
C. Authorization
D. Token presentation
- Dogs, guards, and fences are all common examples of what type of control?
A. Detective
B. Recovery
C. Administrative
D. Physical
- Susan’s organization is updating its password policy and wants to use the strongest pos-
sible passwords. What password requirement will have the highest impact in preventing
brute-force attacks?
A. Change maximum age from 1 year to 180 days.
B. Increase the minimum password length from 8 characters to 16 characters.
C. Increase the password complexity so that at least three character classes (such as
uppercase, lowercase, numbers, and symbols) are required.
D. Retain a password history of at least four passwords to prevent reuse. - What is the stored sample of a biometric factor called?
A. A reference template
B. A token store
C. A biometric password
D. An enrollment artifact
- When might an organization using biometrics choose to allow a higher FRR instead of a
higher FAR?
A. When security is more important than usability
B. When false rejection is not a concern due to data quality
C. When the CER of the system is not known
D. When the CER of the system is very high