TestOut Quiz Questions 2 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
answer
DAC
question
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?
answer
MAC
question
In which form of access control environment is access controlled by rules rather than by identity?
answer
MAC
question
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?
answer
RBAC
question
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
answer
DAC
question
Which of the following is the term for the process of validating a subject's identity?
answer
Authentication
question
Which of the following is used for identification?
answer
Username
question
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?
answer
Authentication and authorization
question
Which of the following defines an object as used in access control?
answer
Data, applications, systems, networks, and physical space.
question
Which access control model manages rights and permissions based on job descriptions and responsibilities?
answer
Role Based Access Control (RBAC)
question
Which is the star property of Bell-LaPadula?
answer
No write down
question
The Clark-Wilson model is primarily based on?
answer
Controlled intermediary access applications
question
The Brewer-Nash model is designed primarily to prevent?
answer
Conflicts of interest
question
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?
answer
Identity
question
What form of access control is based on job descriptions?
answer
Role-based access control (RBAC)
question
Which of the following authentication methods uses tickets to provide single sign-on?
answer
Kerberos
question
Which of the following is the strongest form of multi-factor authentication?
answer
A password, a biometric scan, and a token device
question
Which of the following advantages can Single Sign-On (SSO) provide? (Select two.)
answer
The elimination of multiple user accounts and passwords for an individual Access to all authorized resources with a single instance of authentication
question
Which of the following is an example of two-factor authentication?
answer
A token device and a PIN
question
Which of the following is an example of three-factor authentication?
answer
Token device, keystroke analysis, cognitive question
question
Which of the following are examples of Type II authentication credentials? (Select two.)
answer
Smart card Photo ID
question
Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?
answer
False negative
question
Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon?
answer
Smart card
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. PIN
answer
Something you know
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Smart card
answer
Something you have
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Password
answer
Something you know
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Retina scan
answer
Something you are
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Fingerprint scan
answer
Something you are
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Hardware token
answer
Something you have
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. User name
answer
Something you know
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Voice recognition
answer
Something you are
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Wi-Fi triangulation
answer
Somewhere you are
question
Match the authentication factor types on the left with the appropriate authentication factor on the right. Each authentication factor type can be used more than once. Typing behaviors
answer
Something you do
question
Which of the following defines the crossover rate for evaluating biometric systems?
answer
The point where the number of false positives matches the number of false negatives in a biometric system.
question
Which of the following are examples of single sign-on authentication solutions? (Select two.)
answer
SESAME Kerberos
question
Which of the following is stronger than any biometric authentication factor?
answer
A two-factor authentication
question
A device which is synchronized to an authentication server uses which type of authentication?
answer
Synchronous token
question
The mathematical algorithm used by HMAC-based One-Time Passwords (HOTP) relies on two types of information to generate a new password based on the previously generated password. Which information is used to generate the new password? (Select two.)
answer
Counter Shared secret
question
The mathematical algorithm used to generate Time-based One-Time Passwords (TOTP) uses a shared secret and a counter to generate unique, one-time passwords. Which event causes the counter to increment when creating TOTP passwords?
answer
The passage of time
question
Which of the following information is typically not included in an access token?
answer
User account password
question
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
answer
Have Marcus log off and log back on
question
Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?
answer
Access token
question
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed?
answer
User ACL
question
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?
answer
Sanitization
question
Which of the following is an example of privilege escalation?
answer
Creeping privileges
question
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?
answer
Separation of duties
question
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?
answer
Principle of least privilege
question
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?
answer
Implicit deny
question
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?
answer
Separation of duties
question
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?
answer
Job rotation
question
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following will the access list use?
answer
Explicit allow, implicit deny
question
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?
answer
Need to know
question
What is the primary purpose of separation of duties?
answer
Prevent conflicts of interest
question
Separation of duties is an example of which type of access control?
answer
Preventive
question
Need to know is required to access which types of resources?
answer
Compartmentalized resources
question
Which of the following is an example of a decentralized privilege management solution?
answer
Workgroup
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Holds a copy of the Active Directory database
answer
Domain Controller
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Manages access for a workstation
answer
Computer Object
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Manages access for an employee
answer
User Object
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Can be created to logically organize network resources
answer
Organizational Unit
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Cannot be moved, renamed, or deleted
answer
Generic Container
question
Match the Active Directory component on the left with the appropriate description on the right. Each component may be used once, more than once, or not at all. Defines a collection of network resources that share a common directory database
answer
Domain
question
Click on the object in the TESTOUTDEMO.com Active Directory domain that is used to manage desktop workstation access.
answer
CORPWS7
question
What should be done to a user account if the user goes on an extended vacation?
answer
Disable the account
question
Tom Plask's user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click the tab in the properties of the Tom Plask user object you would use to unlock his account.
answer
To unlock an account, go to the Account tab in the account object's Properties dialog, and then click Unlock Account.
question
Tom Plask was recently transferred to the Technical Support department. He now needs access to the network resources used by Support employees. To do this, you need to add Tom Plask's user account to the Support group in the Active Directory domain. Click the tab in the properties of the Tom Plask user object you would use to accomplish this.
answer
The Member of tab in the properties of a user account allows an administrator to add or remove a user from an Active Directory group. Once a member of a group, the user is automatically granted access to the network resources that are granted to the group.
question
You are creating a new Active Directory domain user account for the Robert Tracy user account. During the account setup process, you assigned a password to the new account. However, you know that for security reasons the system administrator should not know any user's password. Only the user should know his or her own password—no one else. Click the option you would use in the New Object- User dialog to remedy this situation
answer
When creating a new user account or resetting a forgotten password, a common practice is to reset the user account password, and then select User must change password at next logon. This forces the user to reset the password immediately following logon, ensuring the user is the only person who knows the password.
question
You are the network administrator in a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work?
answer
No, permissions are not copied when a user account is copied.
question
What does a remote access server use for authorization?
answer
Remote access policies
question
Which of the following is the best example of remote access authentication?
answer
A user establishes a dialup connection to a server to gain access to shared resources
question
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?
answer
Mutual authentication
question
CHAP performs which of the following security functions?
answer
Periodically verifies the identity of a peer using a three-way handshake
question
Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks?
answer
PAP
question
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?
answer
CHAP
question
Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two.)
answer
CHAP MS-CHAP
question
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?
answer
Ticket
question
Which of the following are required when implementing Kerberos for authentication and authorization? (Select two.)
answer
Ticket granting server Time synchronization
question
Which of the following are requirements to deploy Kerberos on a network? (Select two.)
answer
A centralized database of users and passwords Time synchronization between devices
question
Which ports does LDAP use by default? (Select two.)
answer
636 389
question
You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port would this use?
answer
636
question
Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?
answer
Use SSL.
question
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?
answer
SASL
question
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?
answer
Ticket granting ticket
question
Which of the following protocols uses port 88?
answer
Kerberos
question
Which of the following authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?
answer
LANMAN
question
What is mutual authentication?
answer
A process by which each party in an online communication verifies the identity of the other party
question
A manager has told you she is concerned about her employees writing their passwords for Web sites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could be used to prevent this?
answer
Credential Manager
question
KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? (Select two.)
answer
Blowfish GPG
question
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying them to a USB drive. Click the option you would use in Credential Manager to do this.
answer
Within Credential Manager, use the Back up Credentials and Restore Credentials links to back up and restore credentials. It is recommended that you back up credentials to a removable device, such as a USB flash drive, to protect them from a hard disk crash on the local system.
question
In an Identity Management System, what is the function of the Authoritative Source?
answer
Specify the owner of a data item.
question
In an Identity Management System, what is the function of the Identity Vault?
answer
Ensure that each employee has the appropriate level of access in each system.
question
You are the network administrator for a small company. Your organization currently uses the following server systems: • A Windows server that functions as a domain controller and a file server. • A Novell Open Enterprise Server that functions as a GroupWise e-mail server. • A Linux server that hosts your organization's NoSQL database server that is used for big data analysis. Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system. In addition, if a user changes his or her password on one system, it is not updated for the user's accounts on the other two systems. Which should you do? (Select two. Each response is a part of the complete solution.)
answer
Implement password synchronization. Implement an Identity Vault.
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Synchronizes user creation across all systems
answer
Automated Provisioning
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Allows users to manage their passwords throughout all systems
answer
Password Synchronization
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Acts as the authoritative source for user credentials for each connected system
answer
Identity Vault
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Serves as repository for the identity of each user
answer
Identity Vault
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Defines a permission a user has to access resources in connected systems
answer
Entitlement
question
Match each Identity Management (IDM) term on the left with the corresponding description on the right. Each term may be used once, more than once, or not at all. Removes a user from all systems and revokes all rights
answer
Automated De-provisioning
