Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ > Authentication > Flashcards

Authentication Flashcards

1
Q

Which server file stores SSH public keys for users?
A. id_rsa
B. /etc/resolv.conf
C. id_rsa.pub
D. authorized_keys

A

D. authorized_keys
The SSH protocol leverages public-key cryptography for secure authentication.
When a user attempts to log in to a server via SSH, the server retrieves their public key from the authorized_keys file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where are Microsoft Azure cloud user accounts configured?
A. Within a virtual machine
B. Microsoft Active Directory
C. IAM
D. Azure AD

A

D. Azure AD.
Azure AD (Azure Active Directory) is the identity and access management service provided by Microsoft. It’s where you manage user accounts, groups, and other identity-related settings for your Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You have configured Group Policy password settings in Active Directory. You want to test the settings on a domain-joined computer. Which command forces the computer to pull down the latest Group policy settings?
A. certutil
B. gpupdate
C. gpedit.msc
D. ipconfig

A

B. gpupdate
To force an immediate update, you can use the following command:
gpupdate /force
This will cause the computer to immediately retrieve the latest Group Policy settings from the domain controller.

Here’s a breakdown of the other options:
A. certutil: Used for managing certificates.
C. gpedit.msc: A graphical tool for editing local Group Policy settings, not for updating them from a domain controller.
D. ipconfig: Used for managing network settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where are Linux user password hashes stored?
A. /etc/passwd
B. /etc/shadow
C. /etc/pam.d
D. /etc/resolv.conf

A

B. /etc/shadow.
The /etc/shadow file stores encrypted password hashes for all user accounts on a Linux system. This file has strict permissions, typically only readable by the root user, to enhance security. 1 The /etc/passwd file contains general user information like usernames, user IDs, and home directories, but it no longer stores actual passwords in modern Linux systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You are configuring MFA for an AWS IAM user. Which MFA device options are available? Choose more than one option.
A. Smartcard
B. Authenticator app
C. Hardware token
D. DVD

A

B. Authenticator app
C. Hardware token

These are the two primary methods for enabling MFA for AWS IAM users:
Authenticator App: Users can use a mobile app like Google Authenticator or Microsoft Authenticator to generate time-based one-time passwords (TOTP) that they can enter along with their username and password.
Hardware Token: A physical device that generates TOTP codes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which configuration is commonly used to establish trust between an identity provider and a resource provider?
A. The identity provider is configured with the resource provider public key.
B. The identity provider is configured with the resource provider private key.
C. The resource provider is configured with the identity provider public key
D. The resource provider is configured with the identity provider private key

A

C. The resource provider is configured with the identity provider public key.

This configuration allows the resource provider to verify the authenticity of tokens issued by the identity provider. The identity provider signs tokens with its private key, and the resource provider can verify the signature using the identity provider’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of authentication is based on physical characteristics?
A. Biometric
B. Multifactor
C. Something you have
D. Something you know

A

A. Biometrics
Biometric authentication relies on unique physical characteristics such as fingerprints, facial recognition, voice recognition, or iris scans to verify identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the benefit of Microsoft Active Directory user accounts? Choose more than one option.
A. The accounts must be secured with MFA
B. The accounts are replicated among domain controllers
C. Ability to sign in from any domain-joined computer
D. Enhanced user sign-in security

A

B. The accounts are replicated among domain controllers
C. Ability to sign in from any domain-joined computer
Here’s a breakdown:

B. The accounts are replicated among domain controllers: This ensures that user accounts are available across the entire domain, even if one domain controller fails.
C. Ability to sign in from any domain-joined computer: Users can log in to any computer within the domain using their domain credentials, providing flexibility and convenience.
While MFA can enhance security, it’s not a mandatory requirement for all Active Directory accounts. Additionally, while Active Directory can provide enhanced security features, it’s not the primary reason for using it. The main benefits are centralized management and seamless user access across the domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You need to verify that the OpenLDAP server daemon is running. What should you type?
A. sudo slapd status
B. sudo service slapd status
C. sudo service openldap status
D. sudo openldap status

A

B. sudo service slapd status.

This command specifically checks the status of the OpenLDAP server daemon, which is typically named slapd.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Microsoft Azure dynamic group membership constitutes which type of access control?
A. DAC
B. RBAC
C. ABAC
D. Mac

A

C. ABAC.
Azure Dynamic Groups leverage Attribute-Based Access Control (ABAC). This means that membership in the group is determined based on attributes of the users or devices, such as their job title, department, or device type.

Here’s a brief explanation of the other options:
A. DAC (Discretionary Access Control): This is a traditional access control model where the owner of a resource determines who can access it.
B. RBAC (Role-Based Access Control): This model assigns permissions based on roles, such as “administrator” or “user.”
D. MAC (Mandatory Access Control): A highly restrictive model where access is determined by security labels assigned to users and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which command is used to set a password for an LDAP user?
A. usermod
B. slapcat
C. slapd
D. idappasswd

A

D. idappasswd.

This command is specifically designed for modifying user passwords in OpenLDAP environments. It allows you to securely set new passwords for existing users.

Here’s a brief explanation of the other options:

A. usermod: Primarily used for modifying user accounts on a local system, not directly for LDAP password changes.
B. slapcat: Used for reading LDAP entries, not for modifying them.
C. slapd: The OpenLDAP server daemon itself, not a command-line tool for password management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions