Testout Practice Questions (2.3.4 – 4.10.3) – Flashcards

Unlock all answers in this set

Unlock answers
question
eut
answer
thx
question
Which of the follow information is typically not included in an access token?
answer
Group membership User security identifier User rights *User account password*
question
Marcus White has just been promoted to a manger. To give him access to the files that needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
answer
Manually refresh Group Policy settings on his computer " " on the file server *Have Marcus log off and log back on* Add his user account to the ACL for the shared folder
question
Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?
answer
Cookie *Access token* Account policy Proxy
question
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
answer
Hashing *User ACL* Kerberos Mandatory Access Control
question
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
answer
*Sanitization* Formatting Deleting Destruction
question
Which of the following is an example of privilege escalation?
answer
Principle of least privileges Mandatory vacations *Creeping privileges* Separation of duties
question
Which security principle prevents any one admin from having sufficient access to compromise the security of the overall IT solution?
answer
Need to know *Separation of Duties* Principle of least privilege Dual admin accounts
question
By assigning access permissions so that users can only access those resources which are req to accomplish their specific work tasks, you would be in compliance with?
answer
Need to know *Principle of least privilege* Cross training Job rotation
question
An access control list contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone *not* on the list?
answer
Implicit allow Explicit allow Explicit deny *Implicit deny*
question
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
answer
Job rotation Mandatory vacations Least privilege Implicit deny *Separation of duties*
question
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?
answer
Need to know Separation of duties Least privilege *Job rotation* Explicit deny
question
You want to implement an ACL where only the users you specifically authorize have access to the resources. Anyone not on the list should be prevented from having access. Which of the following will the access list use?
answer
Implicit allow, explicit deny *Explicit allow, implicit deny* Implicit allow, implicit deny Explicit allow, explicit deny
question
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
answer
Ownership Separation of duties *Need to know* Least privilege Clearance
question
What is the primary purpose of separation of duties?
answer
*Prevents conflicts of interest* Grant a greater range of control to senior management Increase the difficulty in performing administration Inform managers that they are not trusted
question
Separation of duties is an example of which type of access control?
answer
*Preventative* Compensative Corrective Detective
question
Need to know is req to access which types of resources?
answer
Resources with unique ownership *Compartmentalized resources* Low-security resources High-security resources
question
Which of the following is an example of a decentralized privilege management solution?
answer
TACACS+ *Workgroup* Active Directory Radius
question
Match the Active Directory component on the left w/ the appropriate description on the right.
answer
Holds a copy.. *Domain Controller* Manages access for a workstation.. *Computer Object* Manages access for an employee.. *User Object* Can be created.. *Organizational Unit* Cannot be move.. *Generic Container* Defines a collection.. *Domain*
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New