Access Management Principles

Question 1

What are the three components of the AAA concept in cybersecurity?

Answer 1

Authorization, authentication, accounting.

Question 2

When you arrive at the front desk of a secured building, you are required to verify your identification. What is the purpose of this requirement?

Answer 2

Authentication

Question 3

You are visiting the Web portal of your bank. You use your username and password to access your account. And another prompt appears and asks you to enter the answer to a secret question. Which authentication factor is the bank using?

Answer 3

Something you know

Question 4

Yes or no? “ answer to a secret question” belongs to the authentication factor of something you have.

Answer 4

No, because the answer to a secret question is something you know

Question 5

Yes or no? “email token” belongs to the authentication factor of something you have.

Answer 5

Yes, because after you initiate the authentication, you will receive an email that contains the token.

Question 6

Yes or no? “Fingerprint” belongs to the authentication factor of something you have

Answer 6

No because it is something you are

Question 7

Yes or no? “key” belongs to the authentication factor of something you have.

Answer 7

Yes because a key is something you have

Question 8

Yes or no? “retinal scan” belongs to the authentication factor of “something you have”

Answer 8

No because it is something you are

Question 9

Yes or no? “ smart card” belongs to the authentication factor of “something you have”

Answer 9

Yes, because a smart card is something you have

Question 10

______ is something you have because it is a password that is sent to you.

Answer 10

Sms token

Question 11

________ is something you know, because a _______ is something that you have memorized.

Answer 11

Pin number

Question 12

_________ is something you are because it is something that is unique to you.

Answer 12

Facial recognition

Question 13

Your company has a VPN server. And a few routers that allow remote access by authorized employees, you are a network administrator and ready to implement the AAA framework for access control. Which server component should you install and configure to support a centralized AAA solution?

Answer 13

RADIUS server

Question 14

You are reviewing window security logs and notice a series of suspicious failed login attempts against the administrator user. You believe these attempts might be from a brute force attack .Which password policy should you review and modify to protect the window system from this attack?

Answer 14

Limit the number of login retries

Question 15

You are a network administrator at a company you are deploying a VPN solution to allow sales representatives to access the internal network while visiting partner stores. You need to be able to verify the identity of a person who makes the VPN connection. What should you do to modify the connection policy?

Answer 15

Require an OTP mobile application with user credentials. By using a one time password, the VPN user is verified through multiple methods.