216 Chapter 9 ■ Practice Test 1
- During a security audit, Susan discovers that the organization is using hand geometry
scanners as the access control mechanism for their secure data center. What recommenda-
tion should Susan make about the use of hand geometry scanners?
A. They have a high FRR and should be replaced.
B. A second factor should be added because they are not a good way to reliably distin-
guish individuals.
C. The hand geometry scanners provide appropriate security for the data center and
should be considered for other high-security areas.
D. They may create accessibility concerns, and an alternate biometric system should be
considered. - Colleen is conducting a business impact assessment for her organization. What metric
provides important information about the amount of time that the organization may be
without a service before causing irreparable harm?
A. MTD
B. ALE
C. RPO
D. RTO - An attack that changes a symlink on a Linux system between the time that an account’s
rights to the file are verified and the file is accessed is an example of what type of attack?
A. Unlinking
B. Tick/tock
C. setuid
D. TOCTOU
6 7. An authentication factor that is “something you have,” and that typically includes a micro-
processor and one or more certificates, is what type of authenticator?
A. A smart card
B. A token
C. A Type I validator
D. A Type III authenticator- What term best describes an attack that relies on stolen or falsified authentication creden-
tials to bypass an authentication mechanism?
A. Spoofing
B. Replay
C. Masquerading
D. Modification