Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Plus > Access Control and Identity Management > Flashcards

Access Control and Identity Management Flashcards

1
Q

Most of your client’s sales force have been told that they should no longer report to the office
on a daily basis. From now on, they’re to spend the majority of their time on the road calling
on customers. Each member of the sales force has been issued a laptop computer and told to
connect to the network nightly through a remote connection. Which of the following protocols
is widely used today as a transport protocol for remote Internet connections?

A. SMTP
B. PPP
C. PPTP
D. L2TP

A

B. PPP can pass multiple protocols and is widely used today as a transport protocol for
remote connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which protocol is unsuitable for WAN VPN connections?

A. PPP
B. PPTP
C. L2TP
D. IPSec

A

A. PPP provides no security, and all activities are unsecure. PPP is primarily intended for
remote connections and should never be used for VPN connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You’ve been given notice that you’ll soon be transferred to another site. Before you leave,
you’re to audit the network and document everything in use and the reason why it’s in use.
The next administrator will use this documentation to keep the network running. Which
of the following protocols isn’t a tunneling protocol but is probably used at your site by
tunneling protocols for network security?

A. IPSec
B. PPTP
C. L2TP
D. L2F

A

A. IPSec provides network security for tunneling protocols. IPSec can be used with many
different protocols besides TCP/IP, and it has two modes of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The present method of requiring access to be strictly defined on every object is proving too
cumbersome for your environment. The edict has come down from upper management that
access requirements should be reduced slightly. Which access model allows users some flexibility
for information-sharing purposes?

A. DAC
B. MAC
C. RBAC
D. MLAC

A

A. DAC allows some flexibility in information-sharing capabilities within the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A newly hired junior administrator will assume your position temporarily while you attend
a conference. You’re trying to explain the basics of security to her in as short a period of
time as possible. Which of the following best describes an ACL?

A. ACLs provide individual access control to resources.
B. ACLs aren’t used in modern systems.
C. The ACL process is dynamic in nature.
D. ACLs are used to authenticate users.

A

A. Access control lists allow individual and highly controllable access to resources in a network.
An ACL can also be used to exclude a particular system, IP address, or user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

LDAP is an example of which of the following?

A. Directory access protocol
B. IDS
C. Tiered model application development environment
D. File server

A

A. Lightweight Directory Access Protocol (LDAP) is a directory access protocol used to
publish information about users. This is the computer equivalent of a phone book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Upper management has suddenly become concerned about security. As the senior network
administrator, you are asked to suggest changes that should be implemented. Which of the
following access methods should you recommend if the method is to be one that is primarily
based on preestablished access and can’t be changed by users?

A. MAC
B. DAC
C. RBAC
D. Kerberos

A

A. Mandatory Access Control (MAC) is oriented toward preestablished access. This access
is typically established by network administrators and can’t be changed by users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your office administrator is being trained to perform server backups. Which authentication
method would be ideal for this situation?

A. MAC
B. DAC
C. RBAC
D. Security tokens

A

C. Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles
with specific privileges. A backup operator would need administrative privileges to back
up a server. This privilege would be limited to the role and wouldn’t be present during the
employee’s normal job functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You’ve been assigned to mentor a junior administrator and bring him up to speed quickly.
The topic you’re currently explaining is authentication. Which method uses a KDC to
accomplish authentication for users, programs, or systems?

A. CHAP
B. Kerberos
C. Biometrics
D. Smart cards

A

B. Kerberos uses a key distribution center (KDC) to authenticate a principal. The KDC
provides a credential that can be used by all Kerberos-enabled servers and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After a careful risk analysis, the value of your company’s data has been increased. Accordingly,
you’re expected to implement authentication solutions that reflect the increased value
of the data. Which of the following authentication methods uses more than one authentication
process for a logon?

A. Multifactor
B. Biometrics
C. Smart card
D. Kerberos

A

A. A multifactor authentication method uses two or more processes for logon. A two-factor
method might use smart cards and biometrics for logon.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You’re the administrator for Mercury Technical. Due to several expansions, the network has
grown exponentially in size within the past two years. Which of the following is a popular
method for breaking a network into smaller private networks that can coexist on the same
wiring and yet be unaware of each other?

A. VLAN
B. NAT
C. MAC
D. Security zone

A

A. Virtual local area networks (VLANs) break a large network into smaller networks.
These networks can coexist on the same wiring and be unaware of each other. A router
or other routing-type device would be needed to connect these VLANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which technology allows a connection to be made between two networks using a
secure protocol?

A. Tunneling
B. VLAN
C. Internet
D. Extranet

A

A. Tunneling allows a network to make a secure connection to another network through the
Internet or other network. Tunnels are usually secure and present themselves as extensions
of both networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your company provides medical data to doctors from a worldwide database. Because of the
sensitive nature of the data you work with, it’s imperative that authentication be established
on each session and be valid only for that session. Which of the following authentication
methods provides credentials that are valid only during a single session?

A. Tokens
B. Certificate
C. Smart card
D. Kerberos

A

A. Tokens are created when a user or system successfully authenticates. The token is
destroyed when the session is over.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is the term used whenever two or more parties authenticate
each other?

A. SSO
B. Multifactor authentication
C. Mutual authentication
D. Tunneling

A

C. Whenever two or more parties authenticate each other, this is known as
mutual authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following security areas encompasses network access control (NAC)?

A. Physical security
B. Operational security
C. Management security
D. Triad security

A

B. Operational security issues include network access control (NAC), authentication, and
security topologies after the network installation is complete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have added a new child domain to your network. As a result of this, the child has
adopted all the trust relationships with other domains in the forest that existed for its
parent domain. What is responsible for this?

A. LDAP access
B. XML access
C. Fuzzing access
D. Transitive access

A

D. Transitive access exists between the domains and creates this relationship.

17
Q

What is invoked when a person claims they are the user but cannot be authenticated—such
as when they lose their password?

A. Identity proofing
B. Social engineering
C. Directory traversal
D. Cross-site requesting

A

A. Identity proofing is invoked when a person claims they are the user but cannot be
authenticated, such as when they lose their password.

18
Q

Which of the following is a client-server-oriented environment that operates in a manner
similar to RADIUS?

A. HSM
B. TACACS
C. TPM
D. ACK

A

B. Terminal Access Controller Access-Control System (TACACS) is a client-server-oriented
environment, and it operates in a manner similar to how RADIUS operates.

19
Q

What is implied at the end of each access control list?

A. Least privilege
B. Separation of duties
C. Implicit deny
D. Explicit allow

A

C. An implicit deny clause is implied at the end of each ACL, and it means that if the proviso
in question has not been explicitly granted, then it is denied.

20
Q

Which of the following is a type of smart card issued by the Department of Defense as a
general identification/authentication card for military personnel, contractors, and non-DoD
employees?

A. PIV
B. POV
C. DLP
D. CAC

A

D. One type of smart card is the Common Access Card (CAC). These cards are issued by the
Department of Defense as a general identification/authentication card for military personnel,
contractors, and non-DoD employees.

Security Plus (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions