20 Flashcards

1
Q

Which of the following passwords is the most complex?

A

** G$L3tU8wY@z **

It has 3 of the character groups in it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An account policy setting that forces users to come up with a new password every time they are required to change their old password is called:

A

Password history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the account policy settings prevents users from reusing old passwords?

A

Password history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following account management security measures narrows down a user’s computer access to specified hours?

A

Login time restrictions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the account policies listed below provides a countermeasure against malicious users attempting to determine an account password by trial and error?

A

Account lockout

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The term “Password vault” refers to a credential manager program that stores usernames and passwords in an encrypted form. Password vault requires a single master password for accessing a number of different passwords used for different websites or services.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply)

A
  • RFID badge
  • Password key
  • Key fob
  • Smart card
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user’s favorite holiday destination). This type of authentication method is an example of:

A

** KBA **

Knowledge-based authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The difference between static KBA and dynamic KBA is that in the case of static KBA authentication process relies on pre-determined security questions and answers chosen in advance by the user during the account creation process. On the other hand, setting up dynamic KBA does not require user input, i.e. users are not asked to choose security questions during the account creation process. Instead, dynamic KBA relies on various public and private data sources that pertain to the user which makes it a more secure authentication method.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

A

** PAP **

The authentication protocol that sends passwords in cleartext and is considered obsolete and insecure is PAP, which stands for Password Authentication Protocol. PAP transmits the password in plaintext, making it vulnerable to eavesdropping and interception.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the characteristic features of RADIUS?

A
  • Primarily used for network access
  • Combines authentication and authorization
  • Encrypts only the password in the access-request packet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

802.1X is an IEEE standard for implementing:

A

Port-based NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

A

** SSO **

Single sign-on (SSO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?

A

** SAML **

The XML-based markup language for exchanging authentication and authorization data is SAML, which stands for Security Assertion Markup Language. SAML is commonly used in single sign-on (SSO) and identity federation scenarios to enable secure authentication and authorization between different domains, applications, or organizations. It allows for the exchange of assertions (security information) in a standardized XML format, facilitating trust and interoperability between systems and services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the characteristics of TACACS+?

A
  • Encrypts the entire payload of the access-request packet
  • Primarily used for device administration
  • Separates authentication and authorization
16
Q

OAuth is an open standard for:

A

** OAuth **

OAuth (short for “Open Authorization”) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

17
Q

OpenID Connect is a protocol used for:

A

Authentication

18
Q

A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and Oauth 2.0 used in conjunction to provide authentication and authorization services.

A

True

19
Q

Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?

A

** Kerberos **

Kerberos is a widely used authentication protocol in Windows Active Directory environments for achieving SSO. It allows users to log in once and access various network resources without the need to enter their credentials repeatedly. It provides secure authentication and ticket-based authorization, making it a fundamental component of Windows-based SSO solutions.

20
Q

Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of:

A

** Kerberos **

Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of Kerberos.

Kerberos is an authentication protocol that uses tickets to verify the identity of users and provide secure access to network resources. When a user logs on, they receive a ticket that proves their identity to other network services without sending their credentials in plaintext. This ticket-based authentication is a fundamental feature of Kerberos, ensuring secure and efficient authentication in network environments.

21
Q

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

A

Replay attacks

22
Q

Which protocol ensures the reliability of the Kerberos authentication process?

A

NTP

23
Q

Which access control model defines access control rules with the use of statements that closely resemble natural language?

A

** ABAC **

The access control model that defines access control rules with the use of statements that closely resemble natural language is ABAC, which stands for Attribute-Based Access Control.

ABAC is a more flexible and dynamic access control model that uses attributes (characteristics or properties) of users, objects, and the environment to make access control decisions. These attributes can be combined in policies using statements that are more human-readable and resemble natural language, making it easier to define and manage access control rules based on various conditions and attributes.

24
Q

Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:

A
  • Subject (i.e. user or process requesting access)
  • Type of action (for example “read”, “write”, “execute”)
  • Resource type (medical record, bank account etc.)
  • Environment (contextual data, such as time of day or geolocation)
    All of the above