Testout 5

Your page rank:

Total word count: 2542
Pages: 9

Calculate the Price

- -
275 words
Looking for Expert Opinion?
Let us have a look at your work and suggest how to improve it!
Get a Consultant

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system?

Ticket

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (2)

RADIUS, TACACS+

Which of the following authentication methods uses tickets to provide single sign-on?

Kerberos

Which of the following are required when implementing Kerberos for authentication and authorization? (2)

Ticket granting server, Time synchronization.

You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration?

Configure the remote access server as RADIUS clients.

Which of the following are characteristics of TACACS+? (2)

Uses TCP, Allows for a possible of three different servers, one each for authentication, authorization, and accounting.

Which of the following are differences between RADIUS and TACACS+?

RADIUS combines authentication and authorization in a single function, TACACS+ splits them between different servers.

Which of the following are requirements to deploying Kerberos on a Network?

Time Synch between devices, Centralized databases of username/passwords.

Which of the following protocols can be used to centralize remote access authentication?

TACACS

RADIUS is primarily used for what purpose?

Authentication of remote clients before access is granted.

Which ports does LDAP use by default? (2)

636, 389

You want to deploy SSL to protect authentication traffic with your LDAP-Based directory service. Which port would this use?

636

Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication?

Use SSL

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

SASL

Which of the following is a characteristic of TACACS+?

Encrypts the entire packet, not just authentication packets.

A user just authenticated using Kerberos. What object is issued to the user immediately following logon?

Ticket granting ticket

Which of the following uses port 88?

Kerberos

Which of the following ports are used with TACACS?

49

What does a remote access server use for Authorization?

Remote access policies.

You have a network with 3 remote access servers, a RADIUS server used for Authentication/Authorization, and a second RADIUS server used for accounting. Where should you configure remote access policies?

On the RADIUS server used for authentication and authorization

Which of the following is the best example of remote access authentication?

A user establishes a dialup connection to a server to gain access to shared resources.

Which of the following is an example of single sign-on authentication solution?

Kerberos

Which of the following authentication mechanisms is designed to protect a 9-character password form attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

LANMAN

Which security principle prevents any one administrator form having sufficient access to compromise the security of the overall IT solution?

Separation of Duties

By assigning access permissions so that users can only access those resources which are resources which are required to accomplish their specific work tasks, you would be in compliance with…?

Principle of least privelege.

An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automagically prevents access from anyone not on the list?

Implicit Deny

You want to make sure that any reimbursement checks issues by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?

Separation of duties

You are concerned that the accountant in you organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?

Job rotation

You want to implement an access control list where only the users you specifically authorize can have access to the resource. Anyone not on the list should be prevented from having access. Which of the following will the access list use?

Explicit allow, implicit deny.

Which form of access control enforces securities based on user identities and allows individual users to define access controls over owned resources?

DAC

What does the MAC method use to control access?

Sensitivity controls.

Which type of access control focuses on assigning privileges based on security clearance and data sensitive?

MAC

Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?

Need to know

In which form of access control environment is access controlled by rules rather than by identity?

MAC

You have implemented an access control method that allows only users who are managers to access specific data. What type of access control model is used?

RBAC

You have a system that allows the owner of a file to identify users an their permissions to the file. What type of access control model is implemented?

DAC

A router access control list uses information in a packet such as the destination IP address and port number to make allow/deny forwarding decisions. This is an example of what kind of access control method?

RBAC based on rules.

Which of the following identification/authentication factors are often well-known or easy to discover by others on the same network/system?

Username

Which of the following is the most common form of authentication?

Password

Which of the following information is typically not included int he access token?

User account password

Marcus white has just been promoted to manager. To give him access to the files that he needs, you make his user account a part of the manager group, which has access to special shared folders. Later that afternoon, he tells you he is unable to access the files reserved in the managers group. What do you do?

Have him log off and back on.

Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon?

Access token.

Which of the following is the strongest form of multi-factor authentication?

A password, biometric scan, and token.

Which of the following advantages can single sign on? (2)

Access to all authorized resources with a single instance of authentication. The elimination of multiple user accounts and passwords for an individual.

Which of the following is an example of two factor authentication?

Token device and PIN.

Which of the following is an example of three factor authentication?

Token device, keystroke analysis, cognitive question.

Which of the following are examples of type II authentication credentials? (2)

Smart card, Photo ID

Which of the following best describes one factor authentication?

Multiple authentication methods may be required, however they are all one type.

You maintain a network with four servers. Currently, users must provide authentication credentials whenever they access a different server. Which solution allows users to supply authentication credentials once for all servers?

SSO

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Mutual authentication

Which of the following terms is used to describe an event in which a person is denied access to a server when they should be allowed to enter?

False negative

Which of the following are disadvantages to biometrics?

When used alone or solely, they are no more secure than a strong password. They have a potential for numerous false negatives.

What is mutual authentication?

A process by which each party in an online communication verifies the identity of the other party?

Which of the following is not a form of biometric?

Token device.

What is the most important aspect of a biometric device?

Accuracy.

CHAP performs which of the following security functions?

Periodically verifies the identity of a peer using three-way handshake.

Which of the following is the term for the process of validating a subject’s identity?

Authentication.

Which of the following is used for identification?

Username

A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?

Authentication and Authorization.

Which of the following describes privilege auditing?

Rights and privileges of users and groups are checked to guard against creeping privileges.

Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon?

Smart Card

What is the primary purpose of separation of duties?

Prevent conflicts of interets

Separation of duties is an example of which type of access control?

Preventive

Which of the following defines an object as used in access control?

Data, applications, systems, networks, and physical spaces.

Which access control model manages rights and permissions based on job descriptions and possiblities?

RBAC

Which of the following is not used to oversee and/or improve the performance of employees?

Exit interviews

You want to give all managers the ability to view and edit a certain file. To do so you need to edit the discretionary access control list (DACL) associated with the file. You want to be able to easily add and remove managers as their job positions change. What is the best way to accomplish this?

Create a security group for the managers. Add all users as members of the group. Add the group to the file’s DACL.

You have two folders that contain documents used by various departments:
The development group has been given the write permission to the design folder.
The sales group has been given the write permission to the products folder
No other permissions have been given to the group.
User Mark Tillman needs to have the read permission to the design folder and write to products. You want to use groups as much as possible. What should you do?

Make mark a member of the sale’s group, add his user account directly to the ACL for the design folder

You have multiple users who are computer admins. Each admin needs to be able to shut down systems and install drivers. What do you do? (2)

Create a security group for the admins; add all user accounts to the group. Grant the group necessary user rights.

What should be done to a user account if the user goes on an extended vacation?

Disable the account.

Which of the following is an example of a STRONG password?

a8Bt11$yi

Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or types of access allowed?

User ACL

Which of the following is the single best rule to enforce when designing complex passwords?

Longer passwords

Which of the following solutions would you use to control the actions that users can perform on a computer, such as shutting down the system, logging on via network, or loading/unloading device drivers?

Group Policy.

For users who are members of the Sale’s team, you want to force their computers to use a specific desktop background and remove access to administrative tools from the Start menu. Which solution should you use?

Group Policy

For users on your network, you want to automagically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?

Configure account lockout policies in Group Policy

You want to make sure that all users have passwords over 8 characters and that passwords must be changed every 30 days.

Configure account polices in Group Policy

You have hired 10 new temp workers who will be with the company for 3 months. You want to make sure that after that time the user accounts cannot be used for logon. What should you do?

Configure account expiration on the user accounts

You have hired 10 new temporary workers who will be with your company for 3 months. You want to make sure these users can only log on during regular business hours. What should you do?

Configure day/time restrictions in the user accounts.

You are configuring local security policy of Windows 7. You want to prevent users from reusing old passwords, and to use a new password for at least 5 days before changing it again. What polices should you configure? (2)

Minimum password age, enforce password history.

You are configuring local security policy of Windows 7. You want to require local users to create passwords that are at least 10 characters long, and to prevent logon after 3 unsuccessful attempts. What polices should you configure? (2)

Minimum Password Length, Account Lockout Threshold

You have a file server named Srv3 that hold files used by the Dev department. You want to allow users to access the files over the network, and control access to files when files are accessed through the network or through a local logon. Which solution should you implement?

NTFS and share permissions?

You have a shared folder named Reports. Members of managers group have been given write access to the shared folder. Mark Magnum is a member of the manager group. He needs to access the files in the reports folder, but should not have access to the Confidential.xls file. What should you do?

Add him to the ACL for the Confidential.xls file with deny permissions.

In a variation of the brute force attack, an attacker may use a predefined list (dictionary) of commonly used username and passwords to gain access to existing user accounts. Which countermeasure best addresses this issue?

A strong password policy.

The mathematical algorithm used by HMAC-based one time passwords relies on two types of information to generate a new password on the previously generated password. Which information is used to generate the new password? (2)

Counter, Shared secret.

The mathematical algorithm used to generate time-based one time passwords uses a shared secret and a counter to generate unique, one time passwords. Which event causes the counter to increment when creating the passwords?

The passage of time.

A manager has told you that she is concerned about her employees writing heir passwords for websites, network files, and database resources on sticky notes. Your office runs allusively in a windows environment. Which control can be used to prevent this?

Credential manager.

KWalletManager is a Linux Based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? (2)

Blowfish GPG

You are the network administrator in a small nonprofit. Currently, an employee named Craig (lmao) handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can handle alone (wuss), so an additional help desk employee has been hired to lighten the load. Currently, permissions to network resources are assigned directly to Craig. Because the new employee needs exactly the same level of access, you decide to use Craig’s Active Directory domain user object and rename it with the employee’s name. Will this work?

No, permissions are not copied when the user is copied.

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company’s customer database. Which action should you take? (2)

Delete the account that the sales employees are currently using. Train some employees to use their own accounts to update the customer database

Share This
Flashcard

More flashcards like this

NCLEX 10000 Integumentary Disorders

When assessing a client with partial-thickness burns over 60% of the body, which finding should the nurse report immediately? a) ...

Read more

NCLEX 300-NEURO

A client with amyotrophic lateral sclerosis (ALS) tells the nurse, "Sometimes I feel so frustrated. I can’t do anything without ...

Read more

NASM Flashcards

Which of the following is the process of getting oxygen from the environment to the tissues of the body? Diffusion ...

Read more

Unfinished tasks keep piling up?

Let us complete them for you. Quickly and professionally.

Check Price

Successful message
sending