Testout Practice Questions (2.3.4 – 4.10.3)

Flashcard maker : Lily Taylor
Which of the follow information is typically not included in an access token?
Group membership
User security identifier
User rights
*User account password*
Marcus White has just been promoted to a manger. To give him access to the files that needs, you make his user account a member of the Managers group which has access to a special shared folder.

Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Manually refresh Group Policy settings on his computer
” ” on the file server
*Have Marcus log off and log back on*
Add his user account to the ACL for the shared folder
Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?
*Access token*
Account policy
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
*User ACL*
Mandatory Access Control
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
Which of the following is an example of privilege escalation?
Principle of least privileges
Mandatory vacations
*Creeping privileges*
Separation of duties
Which security principle prevents any one admin from having sufficient access to compromise the security of the overall IT solution?
Need to know
*Separation of Duties*
Principle of least privilege
Dual admin accounts
By assigning access permissions so that users can only access those resources which are req to accomplish their specific work tasks, you would be in compliance with?
Need to know
*Principle of least privilege*
Cross training
Job rotation
An access control list contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone *not* on the list?
Implicit allow
Explicit allow
Explicit deny
*Implicit deny*
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
Job rotation
Mandatory vacations
Least privilege
Implicit deny
*Separation of duties*
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities.
Which solution should you implement?
Need to know
Separation of duties
Least privilege
*Job rotation*
Explicit deny
You want to implement an ACL where only the users you specifically authorize have access to the resources. Anyone not on the list should be prevented from having access.
Which of the following will the access list use?
Implicit allow, explicit deny
*Explicit allow, implicit deny*
Implicit allow, implicit deny
Explicit allow, explicit deny
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
Separation of duties
*Need to know*
Least privilege
What is the primary purpose of separation of duties?
*Prevents conflicts of interest*
Grant a greater range of control to senior management
Increase the difficulty in performing administration
Inform managers that they are not trusted
Separation of duties is an example of which type of access control?
Need to know is req to access which types of resources?
Resources with unique ownership
*Compartmentalized resources*
Low-security resources
High-security resources
Which of the following is an example of a decentralized privilege management solution?
Active Directory
Match the Active Directory component on the left w/ the appropriate description on the right.
Holds a copy.. *Domain Controller*
Manages access for a workstation.. *Computer Object*
Manages access for an employee.. *User Object*
Can be created.. *Organizational Unit*
Cannot be move.. *Generic Container*
Defines a collection.. *Domain*

Get instant access to
all materials

Become a Member