CIW secrity 安全分析师1D0-470(修正版).pdf

Q. 1 Why is password lockout an effective deterrent to cracking attempts? A. Passwords cannot be changed through brute-force methods B. A limited number of login attempts before lockout reduces the number of guesses the potential cracker can made C. Passwords protected in this manner are impossible to find because they are locked out of the main flow of information on the WAN D. Password lockout provides no real improvement over traditional locking methods. Answer: B Q. 2 Which of the following choices best defines the Windows NT security account manager? A. It is the portion of the GINA DLL that controls security B. It is the database containing the identity of the users and their credentials C. It is the name of the machine responsible for the management of all the security of the LAN D. It is the interface that is responsible for logging on and user IDs Answer: B Q. 3 Under the level C2 security classification, what does “discretionary access control” mean? A. Discretionary access control means that the owner of a resource must be able to use that resource B. Discretionary access control is the ability of the system administrator to limit the time any user spends on a computer C. Discretionary access control is a policy that limits the use of any resource to a group or a security profile D. Discretionary access control is a rule set by the security auditor to prevent others from downloading unauthorized scripts or programs. Answer: A Q. 4 Michel wants to write a computer virus that will cripple UNIX systems. What is going to be the main obstacle preventing him from success? A. UNIX computers are extremely difficult to access illicitly over the internet, and therefore computer viruses are not an issue with UNIX systems B. Due to the file permission structure and the number of variations in the UNIX hardware architectures, a virus would have to gain root privileges