UNIT –2 QUESTION BANK

1) Which of the following is NOT a valid access control mechanism?

A) DAC (Discretionary Access Control) list.

B) SAC (Subjective Access Control) list.
C) MAC (Mandatory Access Control) list.
D) RBAC (Role Based Access Control) list.

2) Which of the following best describes an access control mechanism in which access control
decisions are based on the responsibilities that an individual user or process has in an organization?

A) MAC (Mandatory Access Control)

B) RBAC (Role Based Access Control)
C) DAC (Discretionary Access Control)
D) None of the above.

3) which of the following best describes an access control mechanism that allows the data owner to
create and administer access control?

A) MACs (Mandatory Access Control)

B) RBACs (Role Based Access Control)
C) LBACs (List Based Access Control)
D) DACs (Discretionary Access Control)

4) Which of the following access control methods provides the most granular access to protected
objects?

A) Capabilities
B) Access control lists
C) Permission bits
D) Profiles

5) Which of the following are used to make access decisions in a MAC (Mandatory Access Control)
environment?

A) Access control lists

B) Ownership
C) Group membership
D) Sensitivity labels

6) Which of the following access control methods allows access control decisions to be based on
security labels associated with each data item and each user?

A) MAC (Mandatory Access Control)

B) RBAC (Role Based Access Control)
C) LBAC (List Based Access Control)
D) DAC (Discretionary Access Control)
7) Which of the following is a characteristic of MAC (Mandatory Access Control)?

A) Uses levels of security to classify users and data.

B) Allows owners of documents to determine who has access to specific documents.
C) Uses access control lists which specify a list of authorized users.
D) Uses access control lists which specify a list of unauthorized users.

8) Which of the following terms best represents a MAC (Mandatory Access Control) model?

A) Lattice
B) Bell La-Padula
C) BIBA
D) Clark and Wilson

9) Which of the following password generators is based on challenge-response mechanisms?

A) asynchronous
B) synchronous
C) cryptographic keys
D) smart cards

10. Which of the following OS does not comes under a secured Linux OS list?
a) Qubes OS
b) Tails
c) Tin Hat
d) Ubuntu
11. ____________ is a Debian-Linux based OS that has 2 VMs (Virtual Machines) that help
in preserving users’ data private.
a) Fedora
b) Ubuntu
c) Whonix
d) Kubuntu
12. Subgraph OS is a Debian based Linux distro which provides hardcore anonymity and is
approved by Edward Snowden.
a) True
b) False
13. Using the ______ account of a UNIX system, one can carry out administrative functions.
a) root
b) administrative
c) user
d) client
14. In your Linux-based system, you have to log-in with your root account for managing any
feature of your system.
a) True
b) False
15. MAC is abbreviated as _______________
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Controlling
d) Mandatory Access Control
16. _______________ in a system is given so that users can use dedicated parts of the
system for which they’ve been given access to.
a) Machine Access Control
b) Mandatory Accounts Control
c) Mandatory Access Control
d) Mandatory Access Controlling
17. DTE is abbreviated as ___________________
a) Domain and Type Enforcing
b) Domain and Type Enforcement
c) DNS and Type Enforcement
d) DNS and Type Enforcing
18. RBAC is abbreviated as ______________
a) Rule-Based Accessing Control
b) Role-Based Access Control
c) Rule-Based Access Control
d) Role-Based Accessing Control
19. What is the Bell-Lapadula model?
a) A discretionary access control method
b) A multi user security system
c) A multi level security system
d) A role base access control system
20. What is a Star property rule?
a) If subject wants to read and write to object, then subject clearance and the objects
classification must be equal.
b) A subject cannot read data within an object which is at lower security level
c) A subject cannot write to object which is at higher security level.
d) A subject cannot write to a lower classification.

21. What is system accreditation?

a) Formal acceptance of a stated system configuration
b) A functional evaluation of the manufacturer’s goals for each hardware and software
component to meet integration standards
c) Acceptance of test results that prove the computer system enforces the security policy
d) The process to specify secure communication between machines
22. What is a closed system?
a) A system designed around final, or closed, standards
b) A system that includes industry standards
c) A proprietary system that uses unpublished protocols
d) Any machine that does not run Windows
23. Which best describes a confined process?
a) A process that can run only for a limited time
b) A process that can run only during certain times of the day
c) A process that can access only certain memory locations
d) A process that controls access to an object
24. What is an access object?
a) A resource a user or process wishes to access
b) A user or process that wishes to access a resource
c) A list of valid access rules
d) The sequence of valid access types
25. What is a security control?
a) A security component that stores attributes that describe an object
b) A document that lists all data classification types
c) A list of valid access rules
d) A mechanism that limits access to an object
26. Which security models are built on a state machine model?
a) Bell-LaPadula and Take-Grant
b) Biba and Clark-Wilson
c) Clark-Wilson and Bell-LaPadula
d) Bell-LaPadula and Biba

27. Which security model(s) address(es) data confidentiality?

a) Bell-LaPadula
b) Biba
c) Clark-Wilson
d) Both A and B

28. Which Bell-LaPadula property keeps lower-level subjects from accessing objects with a higher
security level?
a) * (star) Security Property
b) No write up property
c) No read up property
d) No read down property

29. In an open loop control system

a) Output is independent of control input
b) Output is dependent on control input
c) Only system parameters have effect on the control output
d) None of the above

30. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password
31. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done

32. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive

33. Which of the following information security technology is used for avoiding browser-based
hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser

34. Lack of access control policy is a _____________

a) Bug
b) Threat
c) Vulnerability
d) Attack

35. Possible threat to any information cannot be ________________

a) reduced
b) transferred
c) protected
d) ignored

36. Which of the following is not done in gaining access phase?

a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking

37. In which phase, the hackers install backdoors so that his/her ownership with the victim’s system
can be retained later?
a) Scanning
b) Maintaining access
c) Maintaining Access
d) Gaining access

38. In _______ phase, the hackers try to hide their footprints.

a) Scanning
b) Tracks clearing
c) Reconnaissance
d) Gaining access

39. Which of the following is not a footprint-scanning tool?

a) SuperScan
b) TcpView
c) Maltego
d) OWASP Zed

40. Which of the following is not a security exploit?

a) Eavesdropping
b) Cross-site scripting
c) Authentication
d) SQL Injection

ANSWERS

1. B 24. A
2. C 25. D
3. B 26. D
4. B 27. A
5. D 28. C
6. A 29. D
7. A 30. D
8. A 31. A
9. A 32. A
10. D 33. B
11. C 34. C
12. A 35. D
13. A 36. A
14. B 37. C
15. D 38. B
16. C 38. B
17. B 40. C
18. B
19. C
20. A
21. A
22. C
23. C