248 Chapter 10 ■ Practice Test 2
- What access control system lets owners decide who has access to the objects they own?
A. Role-based access control
B. Task-based access control
C. Discretionary access control
D. Rule-based access control - Using a trusted channel and link encryption are both ways to prevent what type of access
control attack?
A. Brute force
B. Spoofed login screens
C. Man-in-the-middle attacks
D. Dictionary attacks - Which one of the following is not one of the canons of the (ISC)^2 Code of Ethics?
A. Protect society, the common good, necessary public trust and confidence, and the
infrastructure.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Provide diligent and competent service to principals.
D. Maintain competent records of all investigations and assessments. - Which one of the following components should be included in an organization’s emergency
response guidelines?
A. Immediate response procedures
B. Long-term business continuity protocols
C. Activation procedures for the organization’s cold sites
D. Contact information for ordering equipment
8 7. Ben is working on integrating a federated identity management system and needs to
exchange authentication and authorization information for browser-based single sign-on.
What technology is his best option?
A. HTML
B. X ACML
C. SAML
D. SPML- What is the minimum interval at which an organization should conduct business continu-
ity plan refresher training for those with specific business continuity roles?
A. Weekly
B. Monthly
C. Semiannually
D. Annually