Chapter 2 Info Security

question

Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
answer

DAC
question

Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
answer

MAC
question

In which form of access control environment is access controlled by rules rather than by identity?
answer

MAC
question

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
answer

DAC
question

Which is the star property of Bell-LaPadula?
answer

No write down
question

Which of the following terms for the process of validating a subject’s identity?
answer

Authentication
question

Which of the following is used for identification?
answer

Username
question

A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?
answer

Authentication and authorization.
question

Which access control model manages rights and permissions based on job description and responsibilities?
answer

Role Based Access Control (RBAC)
question

You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?
answer

RBAC
question

The Clark-Wilson model is primarily based on?
answer

Controlled intermediary access applications
question

The Brewer-Nash model is designed primarily to prevent?
answer

Conflicts of interest
question

Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
answer

Identity
question

Which form of access control is based on job descriptions?
answer

Role-based access control (RBAC)
question

Which of the following defines an object as used in access control?
answer

Data, applications, systems, networks, and physical space.
question

Which of the following authentication methods uses tickets to provide single sign-on?
answer

Kerberos
question

Which of the ff. is the strongest form of multi-factor authentication?
answer

A password, a biometric scan, and a token device
question

Which of the ff. advantages can Single Sign-On (SSO) provide? (Select two).
answer

Access to all authorized resources with a single instance of authentication, The elimination of multiple user accounts and passwords for an individual.
question

Which of the following is an example of two-factor authentication?
answer

A Token device and a PIN
question

Which of the following is an example of three-factor authentication?
answer

Token device, Keystroke analysis, Cognitive question
question

Which of the following are examples of Type II authentication credentials? (Select two).
answer

Photo ID, Smart card
question

Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
answer

False negative
question

Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon?
answer

Smart Card
question

Which of the following defines the crossover rate for evaluating biometric systems?
answer

The point where the number of false positives matches the number of false negatives in a biometric system.
question

Which of the following are examples of Single Sign-on authentication (Select two).
answer

SESAME Kerberos
question

Which of the following is stronger than any biometric authentication factor?
answer

A two-factor authentication
question

A device which is synchronized to an authentication server is which type of authentication?
answer

Synchronous token
question

The mathematical algorithm used by HMAC-based One-Time Passwords (HOTP) relies on two types of information to generate a new password based on the previously generated password. Which information is used to generate the new password. (Select two)
answer

Counter Shared secret
question

The mathematical algorithm used to generate Time-based One-Time Passwords (TOTP) uses a shared secret and a counter to generate unique, one-time passwords. Which even causes the counter to increment when creating TOTP passwords?
answer

The passage of time
question

Which of the following information is typically not included in an access token?
answer

User account password
question

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group to access to a special folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
answer

Have Marcus log off and log back on
question

Which of the following terms describes the component that is generated ff. authentication and which is used to gain access to resources following logon?
answer

Access token
question

Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subject has access to certain objects and the level or type of access allowed?
answer

User ACL
question

Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
answer

Sanitization
question

Which of the ff. is an example of privilege escalation?
answer

Creeping privileges
question

You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
answer

Separation of duties
question

By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?
answer

Principle of least privilege
question

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?
answer

Implicit deny
question

Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
answer

Separation of duties
question

You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?
answer

Job rotation
question

You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.
answer

Explicit allow, implicit deny
question

Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
answer

Need to know
question

What is the primary purpose of separation of duties?
answer

Prevent conflicts of interest
question

Separation of duties is an example of which type of access control?
answer

Preventive
question

Need to know is required to access which types of resources?
answer

Compartmentalized resources
question

Which of the following is an example of a decentralized privilege management solution?
answer

Workgroup
question

What should be done to a user account if the user goes on an extended vacation?
answer

Disable the account
question

Tom Plask’s user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click on the tab in the properties of the Tom Plask user object you would use to unlock his account.
answer

Account
question

Tom Plask recently transferred to the Tech Support department. He now needs access to the network resources used by Support employees. To do this, you need to add Tom Plasks user account to the Support group in the Active Directory domain. Click the tab in the properties of Tom Plask user object you would use to accomplish this.
answer

Member of
question

You are creating a new Active Directory domain user account for the Robert Tracy user account. During the account setup process, you assigned a password to the new account. However, you know that for security reasons the system administrator should not know any users passwords. Only the user should know his or her own password-no one else. Click on the option you would use in the new object user dialog to remedy this situation.
answer

User must change password at net logon
question

You are the network administrator in a small nonprofit organization, currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months the volume of help…. will this strategy work?
answer

NO, permissions are not copied when a user account is copied.
question

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the ff. commands will accomplish this?
answer

usermod -l kjones kscott
question

An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the ff. commands would produce the required outcome? (Choose all that apply.)
answer

userdel bsmith;rm -rf /home/bsmith userdel -r bsmith,
question

You have performed an audit and have found active accounts from employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account?
answer

usermod -L joer
question

A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory?
answer

userdel -r larry
question

In the /etc/shadow file, which character in the password field indicates that a standar user account is locked?
answer

!
question

Which of the following utilities would you typically use to lock a user account? (Select two).
answer

passwd usermod
question

You suspect that the gshant user account is locked. Which command will show the status of user account? (Tip: Enter the command as if at the command prompt.)
answer

passwd -S gshant
question

You are the administrator for a small company. You need to add a new group user, named sales, to the system. Which command will accomplish this?
answer

groupadd sales
question

You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the ff. commands should you use?
answer

groupdel temp_sales
question

Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the ff. commands will accomplish this?
answer

groupmod -n marketing sales
question

What is the effect of the ff. command? chage -M 60 -W 10 jsmith?
answer

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
question

What “chage” command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)
answer

chage -M 60 -W 10 jsmith
question

Which “chage” option keeps a user from changing password every two weeks?
answer

-m 33
question

Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.)
answer

/etc/security/limits.conf
question

Within the “/etc/security/limits.conf file”, you notice the ff. entry: @guest hard maxlogins 3
answer

Limits the number of max logins from the guest group of three.
question

You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use?
answer

Create a GPO computer policy for the computers in the Development OU.
question

Computer policies include a special category called user rights. Which action do they allow an administrator to perform?
answer

Identify users who can perform maintenance tasks on computers in the OU.
question

Which statement is true regarding application of GPO settings?
answer

If a settings is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the settings will be applied.
question

Which of the following is the single best rule to enforce when designing complex passwords?
answer

Longer passwords
question

For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?
answer

Configure account lockout policies in Group Policy
question

You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?
answer

Configure account policies in Group policy
question

You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?
answer

Configure day/time restrictions in the user accounts
question

You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)
answer

Minimum password age Enforce password history
question

You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.)
answer

Minimum password length Account lockout threshold
question

Which of the following is not important aspect of password management?
answer

Enable account lockout
question

You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?
answer

User cannot change the password for 10 days.
question

You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?
answer

The account will be locked after 4 incorrect attempts.
question

You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?
answer

T1a73gZ9
question

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company customer database. Which action should you take.
answer

Delete the account that the sales employees are currently using Train sales employees to user their own user accounts to update the customer database.
question

You manage a single domain named widgets.com. Ohs have been created for each company department. Users and computer accounts have been moved into there OUs. you need to make the change as easily as possible. what should you do.
answer

Implement a granular password policy for the users in the directors OU.
question

You manage a single domain named widgets.com. Ohs have been created for each company department. Users and computer accounts have been moved into there OUs. you would like to define a granular password policy. which tool should you use?
answer

ADSI edit
question

You manage a single domain named widgets.com. Ohs have been created for each company department. Users and computer accounts have been moved into there OUs. you need to make the change as easily as possible. what should you do.
answer

Create a granular password policy. apply the policy to all users in the directors OU
question

You manage a single domain named widgets.com. Ohs have been created for each company department. Users and computer accounts have been moved into there OUs. what should you do.
answer

Create a granular password policy for Matt. apply the new policy to Matts user account.
question

Which of the following are methods for providing centralized authentication, authorization for remote access? (Select two.)
answer

RADIUS TACACS+
question

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the ff. would be a required part of your configuration?
answer

Configure the remote access servers as RADIUS clients.
question

Which of the following are characteristics of TACACS+? (Select two.)
answer

Allows for a possible of three different servers, one each for authentication, authorization, and accounting. Uses TCP
question

Which of the following are differences between RADIUS and TACACS+?
answer

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.
question

Which of the following protocols can be used to centralize remote access authentication?
answer

TACACS
question

RADUIS is primarily used for what purpose?
answer

Authenticating remote clients before access to the network is granted
question

Which of the following is a characteristic of TACACS+?
answer

Encrypts the entire packet, not just authentication packets
question

Which of the following ports are used with TACACS?
answer

49
question

What does a remote access server use for authorization?
answer

Remote access policies
question

Which of the following is the best example of remote access authentication?
answer

A user establishes a dialup connection to a server to gain access to shared resources
question

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?
answer

Mutual authentication
question

Chap performs which of the following security functions?
answer

Periodically verifies the identity of a peer using a three-way handshake.
question

Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks?
answer

PAP
question

Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?
answer

CHAP
question

Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two.)
answer

MS-CHAP CHAP
question

When using Kerberos authentication, which of the ff. terms is used to describe the token that verifies the identity of the user to the target system?
answer

Ticket
question

Which of the following are required when implementing Kerberos for authentication and authorization? (Select two.)
answer

Ticket granting server Time synchronization
question

Which of the following are requirements to deploy Kerberos on a network? (Select two.)
answer

Time synchronization between devices A centralized database of users and password
question

Which ports does LDAP use by default? (Select two.)
answer

636 389
question

You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?
answer

636
question

Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?
answer

Use SSL.
question

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
answer

SASL
question

A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?
answer

Ticket granting ticket
question

Which of the following protocols uses port 88?
answer

Kerberos
question

Which of the following authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
answer

LANMAN
question

What is mutual authentication?
answer

A process by which each party in an online communication verifies the identity of the other party
question

KWalletManager is a linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? Select two
answer

Blowfish GPG
question

A manager has told you she is concerned about her employees writing their password for websites, network files, and database resources on sticky notes. Your office runs exclusively in a windows eviroment. Which tool could be used to prevent this?
answer

Credential Manager
question

You want to protect the authentication credentials you use to connect to the LAB server in your network by copying then to a usb drive. click the option you want to use in Credential Manager to do this.
answer

Back up Credentials
question

In an Identity Management System, What is the function of the Authoritative Source?
answer

Specify the owner of a data item.
question

In an Identity Management System, What is the function of the Identity Vault?
answer

Ensure that each employee has the appropriate level of access in each system.
question

You are a network administrator for a small company. Your organization currently uses the following server system.
answer

Implement password synchronization implement an identity vault

Get instant access to
all materials

Become a Member