Chapter 10: Practice Test 2 429
- D. The comparison of a factor to validate an identity is known as authentication.
Identification would occur when Jim presented his user ID. Tokenization is a process that
converts a sensitive data element to a nonsensitive representation of that element. Hashing
transforms a string of characters into a fixed-length value or key that represents the
original string. - B. Decentralized access control empowers people closer to the resources to control access
but does not provide consistent control. It does not provide redundancy, since it merely
moves control points, the cost of access control depends on its implementation and
methods, and granularity can be achieved in both centralized and decentralized models. - C. A mantrap, which is composed of a pair of doors with an access mechanism that
allows only one door to open at a time, is an example of a preventive access control
because it can stop unwanted access by keeping intruders from accessing a facility due to
an opened door or following legitimate staff in. It can serve as a deterrent by discouraging
intruders who would be trapped in it without proper access, and of course, doors with
locks are an example of a physical control. A compensating control attempts to make up
for problems with an existing control or to add additional controls to improve a primary
control. - C. Sally needs to provide nonrepudiation, the ability to provably associate a given email
with a sender. Digital signatures can provide nonrepudiation and are her best option.
IMAP is a mail protocol, encryption can provide confidentiality, and DKIM is a tool for
identifying domains that send email. - D. In most situations, employers may not access medical information due to healthcare
privacy laws. Reference checks, criminal records checks, and credit history reports are all
typically found during pre-employment background checks. - C. In a land attack, the attacker sends a packet that has identical source and destination
IP addresses in an attempt to crash systems that are not able to handle this out-of-
specification traffic. - The testing tools match with the descriptions of their purpose as follows:
- nmap: B. Port scanning.
- QualysGuard: A. Network vulnerability scanning.
- Metasploit: E. Exploitation framework.
- Nikto: D. Web vulnerability scanning.
- aircrack-ng: C. Wireless encryption assessment.
- A. When a data stream is converted into a segment (TCP) or a datagram (UDP), it
transitions from the Session layer to the Transport layer. This change from a message sent
to an encoded segment allows it to then traverse the Network layer. - C. The user has successfully explained a valid need to know the data—completing
the report requested by the CFO requires this access. However, the user has not yet
demonstrated that he or she has appropriate clearance to access the information. A note
from the CFO would meet this requirement.