A.  Discretionary Access Control model

                    B.  Nondiscretionary access control model


                    C.  Mandatory Access Control model
                    D.  Compliance-based access control model


               15.  What would an organization do to identify weaknesses?

                    A.  Asset valuation

                    B.  Threat modeling

                    C.  Vulnerability analysis

                    D.  Access review

               16.  Which of the following can help mitigate the success of an online
                    brute-force attack?

                    A.  Rainbow table


                    B.  Account lockout
                    C.  Salting passwords


                    D.  Encryption of password

               17.  Which of the following would provide the best protection against
                    rainbow table attacks?

                    A.  Hashing passwords with MD5

                    B.  Salt and pepper with hashing

                    C.  Account lockout

                    D.  Implement RBAC

              18.  What type of attack uses email and attempts to trick high-level
                    executives?


                    A.  Phishing

                    B.  Spear phishing

                    C.  Whaling

                    D.  Vishing