Chapter 12 ■ Practice Test 4 299
- What access control scheme labels subjects and objects, and allows subjects to access
 objects when the labels match?
 A. DAC
 B. M AC
 C. Rule-based access control (RBAC)
 D. Role-based access control (RBAC)
- A cloud-based service that provides account provisioning, management, authentication,
 authorization, reporting, and monitoring capabilities is known as what type of service?
 A. PaaS
 B. IDaaS
 C. IaaS
 D. SaaS
- Sally wants to secure her organization’s VoIP systems. Which of the following attacks is
 one that she shouldn’t have to worry about?
 A. Eavesdropping
 B. Denial of service
 C. Blackboxing
 D. Caller ID spoofing
- Marty discovers that the access restrictions in his organization allow any user to log into
 the workstation assigned to any other user, even if they are from completely different
 departments. This type of access most directly violates which information security principle?
 A. Separation of duties
 B. Two-person control
 C. Need to know
 D. Least privilege
- Fred needs to transfer files between two servers on an untrusted network. Since he knows
 the network isn’t trusted, he needs to select an encrypted protocol that can ensure that his
 data remains secure. What protocol should he choose?
 A. SSH
 B. TCP
 C. SFTP
 D. IPsec
- Chris uses a packet sniffer to capture traffic from a TACACS+ server. What protocol
 should he monitor, and what data should he expect to be readable?
 A. UDP; none—TACACS+ encrypts the full session
 B. TCP; none—TACACS+ encrypts the full session
 C. UDP; all but the username and password, which are encrypted
 D. TCP; all but the username and password, which are encrypted
