|
Which of the ff. is the term process of validating a subject’s identity? |
Authentication |
|
Which is the star property of Bell-LaPadula? |
No write down |
|
Which of the ff. is used for identification? |
Username |
|
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used? |
RBAC |
|
Which access control model manages rights and permissions based on job description and responsibilities? |
Role Based Access Control (RBAC) |
|
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources? |
DAC |
|
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity? |
MAC |
|
Which form of access control is based on job descriptions? |
Role-based access control (RBAC) |
|
In which form of access control environment is access controlled by rules rather than by identity? |
MAC |
|
The Brewer-Nash model is designed primarily to prevent? |
Conflicts of interest |
|
Which of the ff. defines an object as used in access control? |
Data, applications, systems, networks, and physical space. |
|
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources? |
Authentication and authorization. |
|
The Clark-Wilson model is primarily based on? |
Controlled intermediary access applications |
|
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect? |
Identity |
|
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? |
DAC |
|
Which of the ff. are examples of Single Sign-on authentication (Select two). |
Kerberos, SESAME |
|
Which of the ff. is an example of two-factor authentication? |
A Token device and a PIN |
|
Which of the ff. Identification and authentication factors are often well-known or easy to discover by others on the same network or system? |
Username |
|
Which of the ff. is stronger than any biometric authentication factor? |
A two-factor authentication |
|
Which of the ff. advantages can Single Sign-On (SSO) provide? (Select two). |
Access to all authorized resources with a single instance of authentication, The elimination of multiple user accounts and passwords for an individual. |
|
Which of the ff. is a hardware device that contains identification information and which can be used to control building access or computer logon? |
Smart Card |
|
Which of the ff. defines the crossover rate for evaluating biometric systems? |
The point where the number of false positives matches the number of false negatives in a biometric system. |
|
Which of the ff. terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter? |
False negative |
|
Which of the ff. is the most common form of authentication? |
Password |
|
Which of the ff. is a password that relates to things that people know, such as a mother’s maiden name, or the name of a pet? |
Cognitive |
|
Which of the ff. authentication methods uses tickets to provide single sign-on? |
Kerberos |
|
Which of the ff. is an example of three-factor authentication? |
Token device, Keystroke analysis, Cognitive question |
|
Which of the ff. are examples of Type II authentication credentials? (Select two). |
Photo ID, Smart card |
|
Which of the ff. is the strongest form of multi-factor authentication? |
A password, a biometric scan, and a token device |
|
A device which is synchronized to an authentication server is which type of authentication? |
Synchronous token |
|
Mr. White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group to access to a special folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? |
Have Mr. White log off and log back on |
|
Which of the ff. information is typically not included in an access token? |
User account password |
|
Which of the ff. terms describes the component that is generated ff. authentication and which is used to gain access to resources following logon? |
Access token |
|
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed? |
User ACL |
|
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. |
Explicit allow, implicit deny |
|
Which of the ff. principles is implemented in a mandatory access control model to determine access to an object using classification levels? |
Need to know |
|
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement? |
Job rotation |
|
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal? |
Separation of duties |
|
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization? |
Sanitization |
|
Which of the ff. is an example of privilege escalation? |
Creeping privileges |
|
What is the primary purpose of separation of duties? |
Prevent conflicts of interest |
|
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? |
Separation of duties |
|
Need to know is required to access which types of resources? |
Compartmentalized resources |
|
Separation of duties is an example of which type of access control? |
Preventive |
|
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list? |
Implicit deny |
|
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with? |
Principle of least privilege |
|
Which of the ff. is an example of a decentralized privilege management solution? |
Workgroup |
|
What should be done to a user account if the user goes on an extended vacation? |
Disable the account |
|
A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory? |
userdel -r larry |
|
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the ff. commands will accomplish this? |
usermod -l kjones kscott |
|
Which of the ff. utilities would you typically use to lock a user account? (Select two). |
passwd, usermod |
|
You have performed an audit and have found active accounts from employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account? |
usermod -L joer |
|
An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the ff. commands would produce the required outcome? (Choose all that apply.) |
userdel -r bsmith, userdel bsmith; rm -rf /home/bsmith |
|
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the ff. commands will accomplish this? |
groupmod -n marketing sales |
|
You suspect that the gshant user account is locked. Which command will show the status of user account? (Tip: Enter the command as if at the command prompt.) |
passwd -S gshant |
|
You are the administrator for a small company. You need to add a new group user, named sales, to the system. Which command will accomplish this? |
groupadd sales |
|
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the ff. commands should you use? |
groupdel temp_sales |
|
In the /etc/shadow file, which character in the password field indicates that a standar user account is locked? |
! |
|
What is the effect of the ff. command? chage -M 60 -W 10 jsmith? |
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires. |
|
Within the "/etc/security/limits.conf file", you notice the ff. entry: @guest hard maxlogins 3 |
Limits the number of max logins from the guest group of three. |
|
Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.) |
/etc/security/limits.conf |
|
Which "chage" option keeps a user from changing password every two weeks? |
-m 33 |
|
What "chage" command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.) |
chage -M 60 -W 10 jsmith |
|
Computer policies include a special category called user rights. Which action do they allow an administrator to perform? |
Identify users who can perform maintenance tasks on computers in the OU. |
|
You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use? |
Create a GPO computer policy for the computers in the Development OU. |
|
Which statement is true regarding application of GPO settings? |
If a settings is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the settings will be applied. |
|
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attemps. Which policies should you configure? (Select two.) |
Minimum password length, Account lockout threshold |
|
You have implemented lockout with a clipping level of 4. What will be the effect of this setting? |
The account will be locked after 4 incorrect attempts. |
|
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration? |
User cannot change the password for 10 days. |
|
Which of the ff. is not important aspect of password management? |
Enable account lockout |
|
Which of the ff. is the single best rule to enforce when designing complex passwords? |
Longer passwords |
|
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do? |
Configure account lockout policies in Group Policy |
|
You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do? |
Configure account policies in Group policy |
|
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do? |
Configure day/time restrictions in the user accounts |
|
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password? |
T1a73gZ9 |
|
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.) |
Enforce password history, Minimum password age |
|
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the ff. would be a required part of your configuration? |
Configure the remote access servers as RADIUS clients. |
|
Chap performs which of the ff. security functions? |
Periodically verifies the identity of a peer using a three-way handshake. |
|
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? |
CHAP |
|
Which of the ff. protocols can be used to centralize remote access authentication? |
TACACS |
|
Which of the ff. authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two.) |
CHAP and MS-CHAP |
|
Which of the ff. is a feature of MS-CHAP v2 that is not included in CHAP? |
Mutual authentication |
|
Which of the ff. is an example of a decentralized privilege management solution? |
Workgroup |
|
Which of the ff. are characteristics of TACACS+? (Select two.) |
Uses TCP, Allows for a possible of three different servers, one each for authentication, authorization, and accounting. |
|
Which of the ff. is the best example of remote access authentication? |
A user establishes a dialup connection to a server to gain access to shared resources |
|
Which of the ff. ports are used with TACACS? |
49 |
|
RADUIS is primarily used for what purpose? |
Authenticating remote clients before access to the network is granted |
|
Which of the ff. are methods for providing centralized authentication, authorization for remote access? (Select two.) |
TACACS+ , RADIUS |
|
What does a remote access server use for authorization? |
Remote access policies |
|
Which of the ff. is a characteristic of TACACS+? |
Encrypts the entire packet, not just authentication packets |
|
Which of the ff. are differences between RADIUS and TACACS+? |
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. |
|
Which of the ff. protocols uses ports 389 and 636? |
LDAP |
|
Which of the ff. are required when implementing Kerberos for authentication and authorization? (Select two.) |
Time synchronization, Ticket granting server |
|
Which ports does LDAP use by default? (Select two.) |
389 and 636 |
|
Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication? |
Use SSL. |
|
Which of the ff. protocols uses port 88? |
Kerberos |
|
When using Kerberos authentication, which of the ff. terms is used to describe the token that verifies the identity of the user to the target system? |
Ticket |
|
What is mutual authentication? |
A process by which each party in an online communication verifies the identity of the other party |
|
Which of the ff. authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash? |
LANMAN |
|
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use? |
636 |
|
Which of the ff. are requirements to deploy Kerberos on a network? (Select two.) |
A centralized database of users and password, Time synchronization between devices |
|
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? |
SASL |
|
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon? |
Ticket granting ticket |
|
In an Identity Management System, What is the function of the Identity Vault? |
Ensure that each employee has the appropriate level of access in each system. |
|
In an Identity Management System, What is the function of the Authoritative Source? |
Specify the owner of a data item. |
Share This
Flashcard
