C726 Cyber security Architecture and Engineering Questions AND Correct Answers EXAM
A capability corresponds to a row in the access control matrix. A capability is a list of all the access
permission that a subject has been granted. - ✔✔
A company plans to implement a new authentication system for customers accessing the company
website. When customers log on, the website indicates that it sent a text message that includes a
code to the customer's mobile phone. To complete the log-on process, the customer is required to
enter the appropriate code within five minutes. - ✔✔ Time-Based one-time password
A computer-assisted crime occurs when a computer is the tool that is used to carry out the crime.
An example of many of the current identity theft attacks that take place today. Computers make it
much easier to carry out this type of attack, and often a computer is used as the means to obtain
the identity information. - ✔✔
A contactless smart card has an antenna that surrounds the card to allow the card to be read by
the reader. When the card enters the electronic field of the reader, the card antenna powers the
card's internal chip and communicates with the reader.
A smart card is a card that can store and process information. Not all smart cards contain an
antenna. A contact smart card has a gold seal on the card's face, instead of an antenna inside the
card. This type of smart card requires physical insertion into the card reade - ✔✔
A critical application serves as a core to an organization's business operations, and should remain
operational all the time for an organization's ongoing operation and revenue generation. - ✔✔
A data aggregator is a company that compiles, stores, and sells personal information. Often these
companies compile profiles of this information. - ✔✔
A employment candidate screening process should include all of the following actions: - ✔✔ A
employment candidate screening process should include all of the following actions:
Check all references.
Verify all education.
Review military records and experience.
Perform a background check.
,A fence is an example of a deterrent physical control because it attempts to deter or discourage
security breaches. A fence is also considered a compensative control. - ✔✔
A multi-level security policy is usually associated with mandatory access control (MAC). In MAC,
sensitivity labels, also called security labels, are attached to all objects. These sensitivity labels
contain a classification. For a subject to have write access to an object in a multi-level security
policy, the subject's sensitivity label must dominate the object's sensitivity label - ✔✔
A privacy notice should be provided via a posted copy, a printed copy at the first service delivery,
and a printed copy available upon request by a covered entity to the patient. - ✔✔
A retina scan is a biometric system that examines the unique pattern of the blood vessels at the
back of an individual's eye. In a retina scan, a beam is projected inside the eye to capture the
pattern, and compare it with the reference records of the individual. The employee is
authenticated only if a match is found. Retina scan provides better accuracy than iris scan. - ✔✔
A security awareness program promotes acceptable use and behavior, enforces compliance to the
information security program, and communicates ramifications of violating the security policy. -
✔✔
A signature dynamic biometric system is an example of a behavioral biometric system. A
behavioral biometric system analyzes what a person does and how they do it to control access. -
✔✔
A static password, also called a user-generated password, is one created by the user. It is usually
very easy for the user to remember. In most companies, the password policy ensures that the
static passwords expire after a certain amount of time.
A cognitive password is a password that is based on some personal fact or opinion. One of the
most popular uses is for security purposes to obtain confidential information. Cognitive passwords
are things like your mother's maiden name, your favorite color, or the school you graduated from.
- ✔✔
A trade secret is something a company owns, such as a formula or device, which is vital for its
survival in the competitive market. A chemical formula for a new drug is a trade secret. A trade
,secret secures and maintains the confidentiality of proprietary technical or business-related
information that is adequately protected from disclosure by the owner. - ✔✔
Access aggregation - ✔✔ The collective entitlements granted by multiple systems to one user; can
lead to authorization creep.
example
An attacker uses multiple websites to collect public information and pieces together a profile to be
used for identity impersonation.
Accountability - ✔✔ security concept includes the process of reviewing the activities of an identity
All business units must be represented in the business continuity plan committee. This will ensure
that all systems vital to the operation of the business units are identified.
Senior management must be represented. Senior business management is ultimately responsible
for identifying and prioritizing critical systems. In the business continuity and disaster recovery
process, senior management should perform the following:
Delegate recovery roles.
Publicly praise successes.
Closely control media and analyst communications. - ✔✔
An access control list (ACL) is a list of subjects that have been granted access to a specific object,
including the level of access granted. An ACL must include the subjects, the objects, and the level
of access. - ✔✔
An armored virus includes protective code that prevents examination of critical elements, such as
scans by anti-virus software. The armor attempts to make it difficult to destroy the virus.
, A phage virus modifies other programs and databases. The only way to remove the virus is to
reinstall the infected applications.
A stealth virus prevents detection by hiding from applications. It may report a different file size
than the actual file size as a method of preventing detection. - ✔✔
An asset is the operations security triples component that is used to group all hardware, software,
and informational resources. Asset, threats, and vulnerabilities are the components of operation
security are sometimes referred to as the operations security triples. - ✔✔ A threat is defined as a
potential hazard that can exploit vulnerabilities in the information system. A vulnerability is a
weakness in the system, software, hardware, or procedure. This weakness can be exploited by a
threat agent, leading to a risk of loss potential. Media and systems are not defined as the
components of operations security triples
An IDaaS solution via a cloud provider usually includes the following:
Single sign-on
Provisioning
Password management
Access governance - ✔✔
An object is an entity in the access control matrix to which subjects can be granted permissions. A
column in an access control matrix corresponds to the access control list (ACL) for an object. - ✔✔
An offsite facility agreement - ✔✔ An offsite facility agreement is an agreement between a
company and a vendor in which the vendor agrees to provide an offsite facility in the event a
disaster occurs. The following is the ranking of offsite facilities, from most expensive
implementation to least expensive implementation:
Hot site
Warm site
Cold site
Mutual aid agreement
A capability corresponds to a row in the access control matrix. A capability is a list of all the access
permission that a subject has been granted. - ✔✔
A company plans to implement a new authentication system for customers accessing the company
website. When customers log on, the website indicates that it sent a text message that includes a
code to the customer's mobile phone. To complete the log-on process, the customer is required to
enter the appropriate code within five minutes. - ✔✔ Time-Based one-time password
A computer-assisted crime occurs when a computer is the tool that is used to carry out the crime.
An example of many of the current identity theft attacks that take place today. Computers make it
much easier to carry out this type of attack, and often a computer is used as the means to obtain
the identity information. - ✔✔
A contactless smart card has an antenna that surrounds the card to allow the card to be read by
the reader. When the card enters the electronic field of the reader, the card antenna powers the
card's internal chip and communicates with the reader.
A smart card is a card that can store and process information. Not all smart cards contain an
antenna. A contact smart card has a gold seal on the card's face, instead of an antenna inside the
card. This type of smart card requires physical insertion into the card reade - ✔✔
A critical application serves as a core to an organization's business operations, and should remain
operational all the time for an organization's ongoing operation and revenue generation. - ✔✔
A data aggregator is a company that compiles, stores, and sells personal information. Often these
companies compile profiles of this information. - ✔✔
A employment candidate screening process should include all of the following actions: - ✔✔ A
employment candidate screening process should include all of the following actions:
Check all references.
Verify all education.
Review military records and experience.
Perform a background check.
,A fence is an example of a deterrent physical control because it attempts to deter or discourage
security breaches. A fence is also considered a compensative control. - ✔✔
A multi-level security policy is usually associated with mandatory access control (MAC). In MAC,
sensitivity labels, also called security labels, are attached to all objects. These sensitivity labels
contain a classification. For a subject to have write access to an object in a multi-level security
policy, the subject's sensitivity label must dominate the object's sensitivity label - ✔✔
A privacy notice should be provided via a posted copy, a printed copy at the first service delivery,
and a printed copy available upon request by a covered entity to the patient. - ✔✔
A retina scan is a biometric system that examines the unique pattern of the blood vessels at the
back of an individual's eye. In a retina scan, a beam is projected inside the eye to capture the
pattern, and compare it with the reference records of the individual. The employee is
authenticated only if a match is found. Retina scan provides better accuracy than iris scan. - ✔✔
A security awareness program promotes acceptable use and behavior, enforces compliance to the
information security program, and communicates ramifications of violating the security policy. -
✔✔
A signature dynamic biometric system is an example of a behavioral biometric system. A
behavioral biometric system analyzes what a person does and how they do it to control access. -
✔✔
A static password, also called a user-generated password, is one created by the user. It is usually
very easy for the user to remember. In most companies, the password policy ensures that the
static passwords expire after a certain amount of time.
A cognitive password is a password that is based on some personal fact or opinion. One of the
most popular uses is for security purposes to obtain confidential information. Cognitive passwords
are things like your mother's maiden name, your favorite color, or the school you graduated from.
- ✔✔
A trade secret is something a company owns, such as a formula or device, which is vital for its
survival in the competitive market. A chemical formula for a new drug is a trade secret. A trade
,secret secures and maintains the confidentiality of proprietary technical or business-related
information that is adequately protected from disclosure by the owner. - ✔✔
Access aggregation - ✔✔ The collective entitlements granted by multiple systems to one user; can
lead to authorization creep.
example
An attacker uses multiple websites to collect public information and pieces together a profile to be
used for identity impersonation.
Accountability - ✔✔ security concept includes the process of reviewing the activities of an identity
All business units must be represented in the business continuity plan committee. This will ensure
that all systems vital to the operation of the business units are identified.
Senior management must be represented. Senior business management is ultimately responsible
for identifying and prioritizing critical systems. In the business continuity and disaster recovery
process, senior management should perform the following:
Delegate recovery roles.
Publicly praise successes.
Closely control media and analyst communications. - ✔✔
An access control list (ACL) is a list of subjects that have been granted access to a specific object,
including the level of access granted. An ACL must include the subjects, the objects, and the level
of access. - ✔✔
An armored virus includes protective code that prevents examination of critical elements, such as
scans by anti-virus software. The armor attempts to make it difficult to destroy the virus.
, A phage virus modifies other programs and databases. The only way to remove the virus is to
reinstall the infected applications.
A stealth virus prevents detection by hiding from applications. It may report a different file size
than the actual file size as a method of preventing detection. - ✔✔
An asset is the operations security triples component that is used to group all hardware, software,
and informational resources. Asset, threats, and vulnerabilities are the components of operation
security are sometimes referred to as the operations security triples. - ✔✔ A threat is defined as a
potential hazard that can exploit vulnerabilities in the information system. A vulnerability is a
weakness in the system, software, hardware, or procedure. This weakness can be exploited by a
threat agent, leading to a risk of loss potential. Media and systems are not defined as the
components of operations security triples
An IDaaS solution via a cloud provider usually includes the following:
Single sign-on
Provisioning
Password management
Access governance - ✔✔
An object is an entity in the access control matrix to which subjects can be granted permissions. A
column in an access control matrix corresponds to the access control list (ACL) for an object. - ✔✔
An offsite facility agreement - ✔✔ An offsite facility agreement is an agreement between a
company and a vendor in which the vendor agrees to provide an offsite facility in the event a
disaster occurs. The following is the ranking of offsite facilities, from most expensive
implementation to least expensive implementation:
Hot site
Warm site
Cold site
Mutual aid agreement
