C838 Latest Study Guide Questions with Complete Solutions

80. Which of the following entities is most likely to play a vital role in the identity provisioning aspect of a user 's experience in an organization? a. The accounting department b. The human resources (HR) office c. The maintenance team d. The purchasing office - Answer-B 81. Why is the deprovisioning element of the identification component of identity and access management (IAM) so important? a. Extra accounts cost so much extra money. b. Open but unassigned accounts are vulnerabilities. c. User tracking is essential to performance. d. Encryption has to be maintained. - Answer-B 82. All of the following are reasons to perform review and maintenance actions on user accounts except ____________. a. To determine whether the user still needs the same access b. To determine whether the user is still with the organization c. To determine whether the data set is still applicable to the user 's role d. To determine whether the user is still performing well - Answer-D 83. Who should be involved in review and maintenance of user accounts/access? a. The user 's manager b. The security manager c. The accounting department d. The incident response team - Answer-A 84. Which of the following protocols is most applicable to the identification process aspect of identity and access management (IAM)? a. Secure Sockets Layer (SSL) b. Internet Protocol security (IPsec) c. Lightweight Directory Access Protocol (LDAP) d. Amorphous ancillary data transmission (AADT) - Answer-C 85. Privileged user (administrators, managers, and so forth) accounts need to be reviewed more closely than basic user accounts. Why is this? a. Privileged users have more encryption keys. b. Regular users are more trustworthy. c. There are extra controls on privileged user accounts. d. Privileged users can cause more damage to the organization. - Answer-D 86. The additional review activities that might be performed for privileged user accounts could include all of the following except _____________. a. Deeper personnel background checks b. Review of personal financial accounts for privileged users c. More frequent reviews of the necessity for access d. Pat-down checks of privileged users to deter against physical theft - Answer-D 87. If personal financial account reviews are performed as an additional review control for privileged users, which of the following characteristics is least likely to be a useful indicator for review purposes? a. Too much money in the account b. Too little money in the account c. The bank branch being used by the privileged user d. Specific senders/recipients - Answer-C 88. How often should the accounts of privileged users be reviewed? a. Annually b. Twice a year c. Monthly d. More often than regular user account reviews - Answer-D 89. Privileged user account access should be __________. a. Temporary b. Pervasive c. Thorough d. Granular - Answer-A 90. The Cloud Security Alliance (CSA) publishes the Notorious Nine, a list of common threats to organizations participating in cloud computing. According to the CSA 's Notorious Nine list, data breaches can be ____________. a. Overt or covert