USA: +1(669)289-8683 
Sign in
1) This access control model permits the user to decide to decide how to protect the information andlevel of sharing.
A. Role based access control
B. Attribute based Access control
C. Discretionary access control
D. Mandatory access control
2)_____ refers to cloud computing services that supply a on demand environment for developing,
testing, and managing software appliances
A. Platform, as a Service (PaaS)
B. Software as a Service (SaaS
C. Infrastructure as a Service (IaaS)
D. Security as a service (SECaaS)
3)This access control model does not permit the user to pass privileges onto other users.
A. Mandatory Access control
B. Attributed bases Access control
C. Role based Access Control
D. Discretionary Access control
4) A ______ defines rules and conventions for how networks communicate within one another.
A. Security policy
B. Network Diagram
C. Security Framework
D. Network Protocol
5) This is a mechanism to verify that a message came from the sender, providing nonrepudiation.
A. Digital Signatures and Certificates
B. Role-based Access control
C. Authentication
D. Attribute based Access Control
6) This access control model assigns access privileges based on the allowed actions the used and
is independent of the user’s identity.
A. Mandatory Access control
B. Role-based Access Control
C. Discretionary Access control
D. Attribute based Access Control
7) What is the most difficult aspect of the security in a virtualized environment?
A. Securing the hardware
B. VM sprawl
C. Lack of visibility into the virtual network
D. Data confidentiality
8) What is used to hide the internal network addresses from external entities?
A. Network Intrusion Detection System (NIDS)
B. Firewall
C. Network Address Translation (NAT)
D. None of the listed choices are correct
9) With a ______, all hardware, software, and other supporting infrastructure are owned and managed
by the cloud provider.
A. Community cloud
B. Private cloud
C. Public cloud
D. Hybrid cloud
10) This defines the process used by a system to verify the identity of a user, process, or service
before granting access.
A. Auditing
B. Authorization
C. None of the listed choices are correct
D. Authentication
11)At which layer of the OSI model ate the topologies s of a bus, star, ring, and mesh implemented?
A. Layer 1: Physical layer
B. Layer 2: Data-link layer
C. Layer 4: Transport layer
D. Layer 3: Network layer
12) Which access control model is the most restrictive model typically used in defense or military
organizations where data classification and confidentiality are of prime importance?
A. Role-based access control
B. Discretionary Access control
C. Mandatory Access control
D. Attribute-based Access control
13) Which of the following is not an access control type?
A. Role-based
B. Attribute- based
C. Separation of duties
D. Discretionary
14) A cryptosystem is a suite of cryptographic algorithms needed to implement a security service, most
commonly for achieving confidentiality(encryption). Typically, a cryptosystem consists of three
algorithms: one for the decryption, one for the encryption and one for:
A. Key generation
B. Nonrepudiation
C. Digital Signatures and certificates
D. Generating ciphertext
15) Which of the following is a symmetric encryption algorithm?
A. Message-Digest algorithm version 5 (MD5)
B. Advanced Encryption Standard (AES)
C. Diffie-Hellman algorithm
D. RSA algorithm
16) Of the following, which is least important fr a CISO to be knowledgeable in?
A. Digital Forensics
B. Network Security Controls
C. Networking protocols
D. Security Standards
17) You are analyzing a packet and see that it was being routed using a media access control (MAC)
address. AT which layer of the OSI model was the packet captured?
A. Data-link layer
B. Network layer
C. Transport layer
D. Session layer
18) Which access control model is most flexible and fine grained of all access control types. Access can
be granted by IP address, time, dates, resources, objects, privileges, or any combination?
A. Role0based Access control
B. Discretionary Access control
C. Attribute-based Access control
D. Mandatory Access Control
