Access Control11Word格式.docx

1、 4/5 | Relevancy: 3/3 There are parallels between the trust models in Kerberos and in PKI. When we compare them side by side, Kerberos tickets correspond most closely to which of the following?o public keys private keys o public-key certificates private-key certificates C. A Kerberos ticket is issue

2、d by a trusted third party; it is an encrypted data structure that includes the service encryption key. In that sense it is similar to a public-key certificate. However, the ticket is not a key. And there is no such thing as a private key certificate.Study areas: CISSP CBK domain #1 - Access Control

3、, CISSP CBK domain #5 - CryptographyCovered topics （2）: Kerberos, X.509 Digital certificates This question Copyright 20032006 cccure.org. 2. Question: 423 | Difficulty: 1/5 | Relevancy:What is called a password that is the same for each log-on session?one-time passwordtwo-time passwordstatic passwor

4、d dynamic password C. A password that is the same for each log-on is called a static password.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 36.Contributor: Rakesh SudStudy area: CISSP CBK domain #1 - A

5、ccess ControlCovered topic: Passwords Copyright 20032006 Rakesh Sud, cccure.org. 3. Question: 88 | Difficulty:A timely review of system access audit records would be an example of which of the basic security functions?avoidance. deterrence. prevention. detection. D. The correct answer is:By reviewin

6、g system logs you can detect events that have occured.The following answers are incorrect:avoidance. This is incorrect, avoidance is a distractor. By reviewing system logs you have not avoided anything.deterrence. This is incorrect because system logs are a history of past events. You cannot deter s

7、omething that has already occurred.prevention. This is incorrect because system logs are a history of past events. You cannot prevent something that has already occurred. Last modified 6/08/2007 - J. HajecComment:A timely review of the audit logs would provide early detection of possible and intenti

8、onal abuses but does nothing to prevent occurrence of abuses, if any. An early detection would lead to prevention of much serious abuses later on. Auditing can be seen as a detection exercise more than a preventive exercise.References:OIG CBK Glossary （page 791） Kamren Lee Account, log and journal m

9、onitoring 4. Question: 1241 | Difficulty: 2/5 | Relevancy:Identification and authentication are the keystones of most access control systems. Identification establishes:user accountability for the actions on the system. top management accountability for the actions on the system. EDP department acco

10、untability for the actions of users on the system. authentication for actions on the system A. Identification and authentication are the keystones of most access control systems. Identification establishes user accountability for the actions on the system.Contributors: Rakesh Sud, Sasa Vidanovic Acc

11、ess control objectives 5. Question: 438 | Difficulty:Which of the following biometric characteristics cannot be used to uniquely authenticate an individuals identity?Retina scans Iris scans Palm scans Skin scans D. The following are typical biometric characteristics that are used to uniquely authent

12、icate an individuals identity:- Fingerprints- Retina scans- Iris scans- Facial scans- Palm scans- Hand geometry- Voice- Handwritten signature dynamics Sons, Page 39.And: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 4: Access Control （pages 127-131）. Rakesh Sud, Christian Vezina, don murdoch Biometrics 6. Question: 408 | Difficulty:What is called the access protection system that limits connections by calling back the number of a previously authorized lo