4.2 Security Architecture and Tool Sets

Question 1

what is the top-most level of the LDAP hierarchy?

Answer 1

root

Question 2

what is the primary function of LDAP?

Answer 2

lightweight directory access protocol (LDAP) controls client access to directories

Question 3

what are flood guards?

Answer 3

devices that protect denial of service (DoS) attacks

Question 4

what does the acronym RADIUS denote?

Answer 4

remote authentication dial-in user service

Question 5

what are the two types of eye scans?

Answer 5

iris scans and retinal scans

Question 6

which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?

Answer 6

mutual authentication

Question 7

what does the acronym TACACS denote?

Answer 7

terminal access controller access control system

Question 8

which function does a single sign-on (SSO) system provide?

Answer 8

it allows a user to present authentication credentials once and gain access to all computers within the SSO system

Question 9

what is the purpose of federated identity management?

Answer 9

it allows single sign-on (SSO) between companies

Question 10

what does the acronym KDC denote?

Answer 10

key distribution center

Question 11

which authentication protocol uses UDP: TACACS+ or RADIUS?

Answer 11

RADIUS

Question 12

which security-server application and protocol implements authentication and authorization of users from a central server over TCP?

Answer 12

terminal access controller access control system plus (TACACS+)

Question 13

which authentication protocol is an open standard: TACACS+ or RADIUS?

Answer 13

RADIUS

Question 14

which authentication system includes clients, servers, and a key distribution center (KDC)?

Answer 14

kerberos

Question 15

which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?

Answer 15

TACACS+

Question 16

which Cisco implementation is similar to a RADIUS implementation?

Answer 16

TACACS

Question 17

what are the two components of the kerberos key distribution center?

Answer 17

authentication server (AS) and ticket-granting server (TGS)

Question 18

which access control model is based on the data’s owner implementing and administering access control?

Answer 18

discretionary access control (DAC)

Question 19

which eye scan measures the pattern of blood vessels at the back of the eye?

Answer 19

retinal scan

Question 20

scanning fingerprints is an example of which authentication technique

Answer 20

biometrics

Question 21

using role-based access control (RBAC), which entities are assigned roles?

Answer 21

users or subjects

Question 22

which kerberos component holds all users’ and services’ cryptographic keys and generates tickets?

Answer 22

key distribution center (KDC)

Question 23

who has the responsibility for configuring access rights in discretionary access control (DAC)?

Answer 23

the data owner or data custodian

Question 24

what is the most important biometric system characteristic?

Answer 24

accuracy

Question 25

which type of attack can turn a switch into a hub?

Answer 25

MAC flooding

Question 26

what does the acronym MAC denote?

Answer 26

mandatory access control

Question 27

which type of eye scan is considered more intrusive than other eye scans?

Answer 27

retinal scan

Question 28

which fingerprint scan will analyze fingerprint ridge direction?

Answer 28

minutiae matching

Question 29

why is password disclosure a significant security issue in a single sign-on network?

Answer 29

it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission

Question 30

which access control model has the lowest cost?

Answer 30

role-based access control (RBAC)

Question 31

what does the acronym SSO denote?

Answer 31

single sign-on

Question 32

which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?

Answer 32

TACACS+

Question 33

which authentication protocol uses tickets to authenticate users?

Answer 33

Kerberos

Question 34

which function does RADIUS provide?

Answer 34

centralized authentication, authorization, and accounting for remote dial-in users

Question 35

which security-server application and protocol implement authentication of users from a central server over UDP?

Answer 35

remote authentication dial-in user service (RADIUS)

Question 36

which directory protocol does directory-enabled networking (DEN) use?

Answer 36

lightweight directory access protocol (LDAP)

Question 37

which access control model uses security labels for each resource?

Answer 37

mandatory access control (MAC)

Question 38

what are the two advantages of single sign-on (SSO)?

Answer 38

convenience and centralized administration

Question 39

which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?

Answer 39

mandatory access control (MAC)

Question 40

which internet protocol based on X.500 is used to access the data stored in a network directory?

Answer 40

lightweight directory access protocol (LDAP)

Question 41

what is the purpose of RADIUS?

Answer 41

remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database

Question 42

which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?

Answer 42

802.1x

Question 43

which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?

Answer 43

multi-factor authentication

Question 44

which technique is used to prevent network bridging?

Answer 44

network separation

Question 45

on which standard is lightweight directory access protocol (LDAP) based?

Answer 45

X.500