MIS 4850 Systems Security
Review Questions | Chapter 5-2 Access Control
Student Name: ______
Chapter 5: Physical/Site Security (p.251-260)
1.Allowing a second person to follow someone through a secure door without the second person being authenticated is _____.
a.piggybacking
b.two-factor authentication
c.sequential access
d.Dumpster diving
e.unfortunate but generally acceptable to security professionals
2.It may be possible to find media containing sensitive corporate data through _____.
a.piggybacking
b.two-factor authentication
c.sequential access
d.Dumpster diving
e.Shredding
3.Which of the following is not one of the rules for working in secure areas?
A) Unsupervised work in secure areas should be avoided.
B) When no one is in a secure area, it should be locked and verified periodically.
C) No one should be allowed to work in secure areas for more than four hours in a row.
D) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas.
4.Which of the following should be forbidden in secure areas?
A) cameras
B) USB flash drives
C) Both A and B
D) Neither A nor B
5. Placing sensitive equipment in secure areas to minimize potential threats and damage is called siting. a) TRUE b) FALSE
6. If a laptop needs to be taken off premises, ______.
A) it should first be logged out.
B) it should be logged in when returned
C) all sensitive information should be removed
D) All of the above
7. ______is a social engineering trick where an intruder may follow an authorized user through a door that the authorized user opens with an access device.
A) Shoulder surfing
B) Shadowing
C) Trailing
D) Piggybacking
8. It is illegal to go through a company's trash bins even if the trash bins are outside the corporation. a) TRUE b) FALSE
Ch 5: Verification, Identification, Watch lists, Biometric security (p. 278-287)
9. Identification is the process where the verifier determines whether the supplicant is a particular person that the supplicant claims who he or she is.
a) TRUEb) FALSE
10. Verification is the process where the verifier determines the identity of the supplicant.
a) TRUEb) FALSE
11. The verifier itself determines the identity of the supplicant in ______.
A) verification
B) identification
C) Both A and B
D) Neither A nor B
12. ______is a form of identification that identifies a person as being a member of a group.
A) RBAC
B) Watch list matching
C) Group ID matching
D) Group acceptance
13.A user types his or her user name and password. This is an example of _____.
a.verification or authentication
b.identification
14.A user walks up to a door, has his or her fingerprint scanned, and is admitted through the door. Assume nothing else. This is an example of _____.
a.verification
b.identification
15. When an attacker deliberately attempts to fool the system, this is called ______.
A) deception
B) a false acceptance
C) a false rejection
D) All of the above.
16. Fingerprint scanning, which is often deceived, may be acceptable for entry into a non-sensitive supplies cabinet. a) TRUE b) FALSE
17.Which of the following statements accurately describes fingerprint recognition?
A) fingerprint recognition scanners are very expensive
B) fingerprint recognition is easily deceived
C) fingerprint recognition is rarely used
D) All of the above
18. Which of the following statements accurately describes iris recognition?
A) iris recognition has high FARs
B) iris recognition technology is expensive
C) iris recognition scans the eye with lasers
D) All of the above
19. Iris recognition technology is ______and ______.
A) expensive, has low FARs
B) expensive, has high FARs
C) inexpensive, has low FARs
D) inexpensive, has high FARs
20.Hand geometry recognition is used heavily for ______.
A) PC access
B) watch list access
C) door access
D) server access
21.The most widely used form of biometrics is ______.
A) retinal scanning
B) iris scanning
C) fingerprint scanning
D) face recognition
ReadingQuestionsCh5-2(SiteSecurity).doc1/3