An Access Control List (ACL) represents a set of subjects by using which of the following constructs?
Reference: Fites & Kratz, pg 149
You can easily drop the key and domain answers here. You might be a bit confused by the group and capability options. Again, this is an example of "if you don't know it, it isn't necessarily the right answer." ACLs almost always have options for groups, even if that isn't always the primary use. Capability? Well, that's kind of related. It's an older term for what might now be described as an authorization that is digitally signed.
Which of the following is the LEAST important information to record when logging a security violation?
a. User’s name
c. Type of violation
d. Date and time of the violation
OK, an easy one for you today. Just remember that the usere's name generally isn't known from direct evidence, but inferred from the userid.
What determines the assignment of data classifications in a mandatory access control philosophy?
a. The analysis of the users in conjunction with the audit department.
b. The assessment by the information security department.
c. The steward’s evaluation of the particular information element.
d. The requirement of the organization’s published security policy.
Reference: Computer Security Basics; Russell & Gangemi; pg 72-74
While analysis by users, the audit department, the infosec office, and possibly a steward have places or responsibilities for access control, determination is at the direction of policy.
What role does biometrics have in logical access control?
Reference: Computer Security Basics; Russell & Gangemi; pg 57-58.
OK, I know that there is going to be discussion on this one. Authorization and confirmation are out, of course, but there are instances where biometrics are going to be used for identification (sometimes paired with authentication). The principle to keep in mind here is: don't fight the exam. The point is not to prove that you can come up with a counterexample, the point is what are most security professionals going to say. And most security professionals are going to agree that the most important and significant role biometrics plays is in authentication. After all, biometrics is the "something you are" that is the third pillar of authentication besides something you know and something you have.