Chapter 7 ■ Security Operations (Domain 7) 155
- Gary is preparing to create an account for a new user and assign privileges to the HR data-
base. What two elements of information must Gary verify before granting this access?
A. Credentials and need to know
B. Clearance and need to know
C. Password and clearance
D. Password and biometric scan - Gary is preparing to develop controls around access to root encryption keys and would
like to apply a principle of security designed specifically for very sensitive operations.
Which principle should he apply?
A. Least privilege
B. Defense in depth
C. Security through obscurity
D. Two-person control - When should an organization conduct a review of the privileged access that a user has to
sensitive systems?
A. On a periodic basis
B. When a user leaves the organization
C. When a user changes roles
D. All of the above - Which one of the following terms is often used to describe a collection of unrelated
patches released in a large collection?
A. Hotfix
B. Update
C. Security fix
D. Service pack - Which one of the following tasks is performed by a forensic disk controller?
A. Masking error conditions reported by the storage device
B. Transmitting write commands to the storage device
C. Intercepting and modifying or discarding commands sent to the storage device
D. Preventing data from being returned by a read operation sent to the device- Lydia is processing access control requests for her organization. She comes across a request
where the user does have the required security clearance, but there is no business justifica-
tion for the access. Lydia denies this request. What security principle is she following?
A. Need to know
B. Least privilege
C. Separation of duties
D. Two-person control