Access Control Flashcards

1
Q

A network administrator must grant the appropriate network permissions to a new employee. Which of the following is the best strategy?

Give the new employee user account the necessary rights and permissions.

Add the new employee user account to a group. Ensure that the group has the necessary rights and permissions.

Ask the new employee what network rights she would like.

A

Add the new employee user account to a group. Ensure that the group has the necessary rights and permissions.

The best strategy for assigning rights and permissions is to add users to groups. Working with rights and permissions for individual users becomes unmanageable beyond a small number of users. New employees can then simply be added to the appropriate group to acquire the needed access to network resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In securing your network, you enforce complex user passwords. Users express concern about forgetting their passwords. What should you configure to allay those concerns?

Password expiration

Periodic password change

Password hints

A

Password hints

Password hints can help a user remember a password, without revealing the actual password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To give a contractor network access, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?

Separation of duties

Least privilege

Job rotation

A

Least privilege

The least privilege principle states users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group grants too much privilege to the contractor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

James is the branch network administrator for ABC, Inc. Recently the company headquarters requested a network security audit, so James performed an audit himself using freely available Linux tools. What is the problem with James’s actions?

The chief security officer should have conducted the audit.

Freely available tools are not reliable and should not have been used.

A third party should have been hired to conduct the audit.

A

A third party should have been hired to conduct the audit.

No one person should have control of implementing, maintaining, and auditing an IT infrastructure—this violates the separation of duties principle and presents a conflict of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A secure computing environment labels data with various security classifications. Authenticated users must have clearance to read this classified data. What type of access control model is this?

Mandatory access control

Discretionary access control

Role-based access control

A

Mandatory access control

Mandatory access control (MAC) models can use security labels to classify data. These labels are then compared to a user’s sensitivity level to determine whether access is allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To ease giving access to network resources for employees, you decide there must be an easier way than granting users individual access to files, printers, computers, and applications. What security model should you consider using?

Mandatory access control

Discretionary access control

Role-based access control

A

Role-based access control

Role-based access control (RBAC) would enable you to group access privileges for files, printers, computers, and applications into a single entity (a role). Users needing these rights are then simply added as occupants of the appropriate role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Linda creates a folder called Budget Projections in her home account and shares it with colleagues in her department. Which of the following best describes this type of access control system?

Mandatory access control

Discretionary access control

Role-based access control

A

Discretionary access control

Discretionary access control enables the data owner—in this case, Linda—to grant other people access to the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You require that users not be logged on to the network after 6 p.m. while you analyze network traffic during nonbusiness hours. What should you do?

Unplug their stations from the network.

Tell users to press ctrl-alt-del to lock their stations.

Configure time-of-day restrictions to ensure nobody can be logged in after 6 p.m.

A

Configure time-of-day restrictions to ensure nobody can be logged in after 6 p.m.

Network operating systems (NOSs) can control when users can and cannot log on, as well as end existing logon sessions based on time of day

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

One of your users, Matthias, is taking a three-month sabbatical because of a medical condition, after which he will return to work. What should you do with Matthias’s user account?

Delete the account and re-create it when he returns.

Disable the account and enable it when he returns.

Export his account properties to a text file for later import and then delete it.

A

Disable the account and enable it when he returns.

Disabling his account will prevent anyone from logging on with the account but will preserve all of the account settings. When he returns, you can simply enable the account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

During an IT security meeting, the topic of account lockout surfaces. When you suggest all user accounts be locked for 30 minutes after three incorrect logon attempts, your colleague Phil states that this is a serious problem when applied to administrative accounts. What types of issues might Phil be referring to?

Dictionary attacks could break into administrative accounts.

Administrative accounts are placed into administrative groups.

DoS attacks could render administrative accounts unusable.

A

DoS attacks could render administrative accounts unusable.

Denial-of-service (DoS) attacks render a legitimate network service unusable. Attempting three incorrect logon attempts every half hour to privileged administrative accounts would effectively keep those accounts locked, thus preventing legitimate use of those accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your VPN appliance is configured to disallow user authentication unless the user or group is listed as allowed. Regarding blocked users, what best describes this configuration?

Implicit allow

Implicit deny

Explicit allow

A

Implicit deny

Implicit denial means all are denied unless specifically allowed; there are no specific listings of users or computers that are denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Margaret is the head of Human Resources for Emrom, Inc. An employee does not want to use his annual vacation allotment, but Margaret insists it is mandatory. What IT benefit is derived from mandatory vacations?

Irregularities in job duties can be noticed when another employee fills that role.

Users feel recharged after time off.

Emrom, Inc., will not be guilty of labor violations.

A

Irregularities in job duties can be noticed when another employee fills that role.

It is easy for another employee to spot inconsistencies or irregularities when someone is on vacation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of attack is mitigated by strong, complex passwords?

DoS

Dictionary

Brute force

A

Dictionary

Stronger passwords make it more difficult for dictionary password attacks to succeed. A stronger password is a minimum of eight characters, where those characters might be a combination of uppercase letters, lowercase letters, symbols, and numerals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A government contract requires your computers to adhere to mandatory access control methods and multilevel security. What should you do to remain compliant with this contract?

Patch your current operating system.

Purchase new network hardware.

Use a trusted OS.

A

Use a trusted OS.

A trusted OS uses a secured OS kernel that supports mandatory access control (MAC), which applies security centrally to adhere with security policies. This type of OS is considered too strict for general use and is typically applicable only in high-security environments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which term is best defined as an object’s list of users, groups, processes, and their permissions?

ACE

ACL

Active Directory

A

ACL

Access control lists (ACLs) detail which users, groups, or processes have permissions to an object, such as a file or folder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Users complain that they must remember passwords for a multitude of user accounts to access software required for their jobs. How can this be solved?

SSO

ACL

PKI

A

SSO

Single sign-on (SSO) enables a user to authenticate once to multiple resources that would otherwise require separate logins

17
Q

What security model uses data classifications and security clearances?

DAC

PKI

MAC

A

MAC

MAC is a security model that classifies data according to sensitivity that enables access only to those with proper clearance

18
Q

Which of the following is an example of physical access control?

Encrypting the USB flash drive

Disabling USB ports on a computer

Using cable locks to secure laptops

A

Using cable locks to secure laptops

Locking laptops down with a cable lock physically prevents the theft of laptops

19
Q

A technician notices unauthorized computers accessing a sensitive protected network. What solution should the technician consider?

Network encryption

VPN

NAC

A

NAC

Network Access Control (NAC) is software or a network appliance that can verify that connecting computers are allowed to access the network. This can be done by checking PKI certificates, checking that antivirus software is installed and updated, and so on

20
Q

A network administrator, Justin, must grant various departments read access to the Corp_Policies folder and grant other departments read and write access to the Current_Projects folder. What strategy should Justin employ?

Add all departmental users to the shared folder ACLs with the appropriate permissions.

Create one group, add members, and add the group to the folder ACLs with the appropriate permissions.

Create a group for each department and add members to the groups. Add the groups to the folder ACLs with the appropriate permissions.

A

Create a group for each department and add members to the groups. Add the groups to the folder ACLs with the appropriate permissions.

Each department should have its own group with department employees as members. This facilitates granting group members access to the appropriate resources

21
Q

What provides secure access to corporate data in accordance with management policies?

SSL

Technical controls

Integrity

A

Technical controls

Technical controls include any hardware or software solution using access control in adherence with established security policies

22
Q

Which of the following are considered administrative controls? (Choose two.)

Personnel hiring policy

VPN policy

Disk encryption policy

Separation of duties

A

Personnel hiring policy

Separation of duties

Hiring correct personnel and ensuring no single employee has control of a business transaction (separation of duties) are part of creating a business management foundation; these are examples of administrative controls

23
Q

What is the difference between security clearances and classification labels? (Choose two.)

There is no difference.

Classification labels identify data sensitivity.

Security clearances identify data sensitivity.

Security clearances are compared with classification labels.

A

Classification labels identify data sensitivity.

Security clearances are compared with classification labels.

Data sensitivity is referred to with classification labels. Security clearances are compared against these labels to determine whether access is granted

24
Q

Complex passwords are considered which type of security control?

Management

Technical

Physical

A

Technical

Technical security controls are put in place to protect computing resources such as files, web sites, databases, and so on. Passwords prevent everybody from accessing network resources

25
Q

A legitimate e-mail message ends up being flagged as spam. Which term best describes this situation?

False positive

True negative

False negative

A

False positive

A false positive is triggered when an occurrence is incorrectly determined to be malicious

26
Q

Traveling employees are given a cable lock and told to lock down their laptops when stepping away from the device. To which class of security control does this apply?

Deterrent

Preventative

Detective

A

Preventative

Preventative security controls prevent security breaches, such as the theft as a laptop

27
Q

Which type of access control type does a router use to allow or deny network traffic?

Role-based access control

Mandatory access control

Rule-based access control

A

Rule-based access control

Routers use rules to determine whether to allow or deny network traffic

28
Q

As a server administrator, you configure security settings such that complex passwords at least eight characters long must be used by all user accounts. What type of management practice is this?

Expiration

Recovery

Credential

A

Credential

The management of usernames, passwords, security certificates, and so on, is considered credential management

29
Q

You are a security auditing professional. After evaluating Linux server and file usage, you determine that members of the IT administrative team regularly log in to Linux servers using the root account while performing regular computer tasks. Which recommendations should you make based on your findings? (Choose three.)

Do not allow multiple users to use generic credentials.

Conduct periodical user access reviews.

Monitor Linux server use continuously.

Encrypt all files on Linux servers.

A

Do not allow multiple users to use generic credentials.

Conduct periodical user access reviews.

Monitor Linux server use continuously.

Each member of the IT team should use his or her own user account when performing regular computer tasks. Periodically reviewing user access and server usage will ensure that security controls are effective for the Linux servers

30
Q

At which point should an employee sign a nondisclosure agreement (NDA)?

When the user is promoted

When the user is moved to a lower security clearance level

During the user onboarding process

A

During the user onboarding process

User onboarding involves user training, orientation, and, if required, the signing of a nondisclosure agreement (NDA). The NDA is necessary if the user will be working with private or secret information

31
Q

You are responsible for configuring the use of tablets in a medical clinic. Doctors would like patient charts to be available only from within the facility. What should you configure?

Encryption policy

Location-based policy

VPN policy

A

Location-based policy

Location-based policies can use GPS and/or beacons to determine the location of a mobile device such as a tablet; this allows access to IT systems and data only from within a specific physical area

32
Q

Ana is the Windows Server administrator for a federal government department. All departmental Windows servers are joined to a single Active Directory domain. New regulations require user password history to be retained to prevent password reuse. Using the least amount of administrative effort, how can Ana enforce the new settings to all departmental users?

PowerShell

Group Policy

Local Group Policy

A

Group Policy

In an Active Directory environment, Group Policy allows the central configuration of settings (including password settings) that can apply to many users and computers

33
Q

Your IT team has documented a disaster recovery plan in the event of a web application failure. What type of control is this?

Preventative

Deterrent

Corrective

A

Corrective

Corrective actions mitigate damage once it has occurred, such as a disaster recovery plan