Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Advanced Information Security > Chapter 6 > Flashcards

Chapter 6 Flashcards

1
Q

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and accounting

Authentication and authorization

Authorization and accounting

Identity proofing and authorization

Identity proofing and authentication

A

Authentication and authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Audit trails produced by auditing activities are which type of security control?

Detective
Directive
Preventative
Deterrent

A

Detective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is used for identification?

Password
PIN
Username
Cognitive question

A

Username

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?

Principle of least privilege
Cross-training
Need to know
Job rotation

A

Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.

Which of the following methods of access control should the access list use?

Implicit allow, explicit deny
Explicit allow, implicit deny
Implicit allow, implicit deny
Explicit allow, explicit deny

A

Explicit allow, implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Principle of least privilege
Need to Know
Separation of duties
Ownership
Clearance

A

Need to Know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is an example of privilege escalation?

Separation of duties
Principle of least privilege
Privilege creep
Mandatory vacations

A

Privilege creep

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the primary purpose of separation of duties?

Inform managers that they are not trusted

Grant a greater range of control to senior management

Prevent conflicts of interest

Increase the difficulty of performing administrative duties

A

Prevent conflicts of interest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?

Rule-Based Access Control
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Mandatory Access Control (MAC)

A

Attribute-Based Access Control (ABAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?

RBAC
MAC
DACL
DAC

A

RBAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is an example of rule-based access control?

A member of the accounting team that is given access to the accounting department documents.

A computer file owner who grants access to the file by adding other users to an access control list.

A subject with a government clearance that allows access to government classification labels of Confidential, Secret, and Top Secret.

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

A

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following are examples of Something You Have authentication controls? (Select two.)

Voice recognition
Smart card
Handwriting analysis
Photo ID
PIN
Cognitive question

A

Smart card
Photo ID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?

PGP secret key
Password
Username
Biometric reference profile

A

Username

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is a password that relates to things that people know, such as a mother’s maiden name or a pet’s name?

Dynamic
One-time
Passphrase
Cognitive

A

Cognitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What type of password is maryhadalittlelamb?

Static
Passphrase
Composition
Cognitive

A

Passphrase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

smart card can be used to store all but which of the following items?

Digital signature
Identification codes
Biometric template original
Cryptography keys

A

Biometric template original

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following are disadvantages of biometrics? (Select two.)

Biometric factors for identical twins are the same.

When used alone, they are no more secure than a strong password.

They can be circumvented using a brute force attack.

They require time synchronization.

They have the potential to produce numerous false negatives.

A

When used alone, they are no more secure than a strong password.

They have the potential to produce numerous false negatives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the MOST important aspect of a biometric device?

Accuracy
Size of the reference profile
Enrollment time
Throughput

A

Accuracy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following defines the crossover error rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.

The number of subjects or authentication attempts that can be validated.

The rate of people who are given access when they should be denied access.

The rate of people who are denied access when they should be allowed access.

A

The point where the number of false positives matches the number of false negatives in a biometric system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following terms is used to describe an event in which a person who should be allowed access is denied access to a system?

False positive
False acceptance
False negative
Error rate

A

False negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which security mechanism uses a unique list that meets the following specifications:

The list is embedded directly in the object itself.

The list defines which subjects have access to certain objects.

The list specifies the level or type of access allowed to certain objects.

Mandatory access control
Hashing
User ACL
Conditional access

A

User ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the process of controlling access to resources such as computers, files, or printers called?

Mandatory access control
Conditional access
Authorization
Authentication

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following objects identifies a set of users with similar access needs?

SACL
Permissions
Group
DACL

A

Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following identifies the type of access that is allowed or denied for an object?

DACL
SACL
Permissions
User rights

A

Permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?

User rights
Permissions
SACL
DACL

A

SACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which type of group can be used for controlling access to objects?

DACL
Distribution
Authorization
Security

A

Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder.

Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Manually refresh Group Policy settings on the file server.

Have Marcus log off and log back in.

Add his user account to the ACL for the shared folder.

Manually refresh Group Policy settings on his computer.

A

Have Marcus log off and log back in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?

Cookie
Proxy
Account policy
Access token

A

Access token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Lori Redford, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group.

Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system.

What is MOST likely preventing her from accessing this system?

She is still a member of the Project Management group, which has been denied permission to this system. However, being a member of the Managers group should allow her to access this system. Allow permissions always override Deny permissions. There must be an explicit permission entry that is preventing her from accessing the management system.

She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.

Her user object has been assigned an explicit Allow permission to the performance management system, but she inherited the Deny permission assigned to the Project Management group (which she still belongs to). Inherited Deny permissions override explicit Allow permissions.

Her user object has been assigned an explicit Deny permission to the performance management system.

A

She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following is a privilege or action that can be taken on a system?

Permissions
User rights
SACL
DACL

A

User Rights

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the following account types is a cloud-based identity and access management service that provides access to both internal and external resources?

Domain
Administrator
Microsoft
Azure AD

A

Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

You are consulting a small startup company that needs to know which kind of Windows computer network model they should implement.

The company intends to start small with only 12 employees, but they plan to double or triple in size within 12 months. The company founders want to make sure they are prepared for growth.

Which networking model should they implement?

Public
Workgroup
Standalone
Wired
Client-server
Wireless

A

Client-server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following account types uses a single sign-on system that lets you access Windows, Office 365, Xbox Live, and more?

Domain
Microsoft
Administrator
Azure AD

A

Microsoft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Mary, a user, is attempting to access her OneDrive from within Windows and is unable to.

Which of the following would be the MOST likely cause?

Mary has a local administrator account.

Mary needs to connect to Azure AD.

Mary needs to log in with a Microsoft account.

Mary has a local standard user account.

A

Mary needs to log in with a Microsoft account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Which networking model is based on peer-to-peer networking?

Workgroup
None
Client-server
Standalone

A

Workgroup

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

You are a contract support specialist managing the computers in a small office. You see that all the computers are only using local user accounts.

Which of the following models could this office be using? (Select two.)

Workgroup
Client-server
Active Directory
Azure AD
Domain
Standalone

A

Workgroup

Standalone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

John, a user, is attempting to install an application but receives an error that he has insufficient privileges. Which of the following is the MOST likely cause?

John has a local standard user account.

John has a local administrator account.

John needs to log in with a Microsoft account.

The application is not a valid Windows application.

A

John has a local standard user account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Which of the following are networking models that can be used with the Windows operating system? (Select two.)

Domain controller
Organizational unit
Client-server
Workgroup
Active Directory

A

Client-server
Workgroup

39
Q

You manage a group of 20 Windows workstations that are currently configured as a workgroup. You have been thinking about switching to an Active Directory configuration.

Which advantages would there be to switching to Active Directory? (Select two.)

Increased local control of workstation settings
Centralized configuration control
Centralized authentication
Decreased implementation cost
Reduced need for specialized hardware

A

Centralized configuration control

Centralized authentication

40
Q

What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information? ________

A

Active Directory

41
Q

What should you do to a user account if the user goes on an extended vacation?

Disable the account
Monitor the account more closely
Remove all rights from the account
Delete the account

A

Disable the account

42
Q

There are registry-based settings that can be configured within a GPO to control the computer and the overall user experience, such as:

Use Windows features such as BitLocker, Offline Files, and Parental Controls
Customize the Start menu, taskbar, or desktop environment
Control notifications
Restrict access to Control Panel features
Configure Internet Explorer features and options
What are these settings known as?

Administrative templates
Account policies
Software restriction policies
Local policies/security options

A

Administrative templates

43
Q

You want to ensure that all users in the Development OU have a common set of network communication security settings applied.

Which action should you take?

Create a GPO user policy for the Development OU.

Create a GPO computer policy for the computers in the Development OU.

Create a GPO computer policy for the Computers container.

Create a GPO folder policy for the folders containing the files.

A

Create a GPO computer policy for the computers in the Development OU.

44
Q

The Hide Programs and Features page setting is configured for a specific user as follows:

Policy

Setting

Local Group Policy

Enabled

Default Domain Policy GPO

Not configured

GPO linked to the user’s organizational unit

Disabled

After logging in, the user is able to see the Programs and Features page. Why does this happen?

A

The GPO linked to the user’s organizational unit is applied last, so this setting takes precedence.

45
Q

Group Policy Objects (GPOs) are applied in which of the following orders?

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (lowest to highest).

GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest), Local Group Policy.

GPO linked to site, GPO linked to domain, GPO linked to organizational unit (lowest to highest), Local Group Policy.

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest).

A

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (lowest to highest).

46
Q

ou manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options.

What should you do?

Create a Local Group Policy on the computers used by members of the Administrators OU.

Create a GPO user policy for the domain.

Create a GPO user policy for the Administrators OU.

Create a GPO computer policy for the Administrators OU.

A

Create a GPO user policy for the Administrators OU.

47
Q

You want to make sure that all users have passwords over eight characters in length and that passwords must be changed every 30 days.

What should you do?

Configure expiration settings in user accounts

Configure account policies in Group Policy

Configure day/time settings in user accounts

Configure account lockout policies in Group Policy

A

Configure account policies in Group Policy

48
Q

You are teaching new users about security and passwords.

Which of the following is the BEST example of a secure password?

8181952
JoHnSmITh
Stiles_2031
T1a73gZ9!

A

T1a73gZ9!

49
Q

You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again.

Which policies should you configure? (Select two.)

Maximum password age
Password must meet complexity requirements
Minimum password age
Enforce password history

A

Minimum password age
Enforce password history

50
Q

For users on your network, you want to automatically lock user accounts if four incorrect passwords are used within ten minutes.

What should you do?

Configure password policies in Group Policy

Configure account lockout policies in Group Policy

Configure the enable/disable feature in user accounts

Configure account expiration in user accounts

Configure day/time restrictions in user accounts

A

Configure account lockout policies in Group Policy

51
Q

You have just configured the password policy and set the minimum password age to 10.

What is the effect of this configuration?

The previous 10 passwords cannot be reused.

Users must change the password at least every 10 days.

The password must be entered within 10 minutes of the login prompt being displayed.

Users cannot change the password for 10 days.

The password must contain 10 or more characters.

A

Users cannot change the password for 10 days.

52
Q

Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company’s customer database.

Which action should you take? (Select two. Each response is part of a complete solution.)

Apply the Group Policy Object (GPO) to the container where the sales user accounts reside.

Implement a Group Policy Object (GPO) that restricts simultaneous logins to one.

Implement a Group Policy Object (GPO) that implements time-of-day login restrictions.

Delete the account that the sales employees are currently using.

Train sales employees to use their own user accounts to update the customer database.

A

Delete the account that the sales employees are currently using.

Train sales employees to use their own user accounts to update the customer database.

53
Q

You have hired ten new temporary employees to be with the company for three months.

How can you make sure that these users can only log on during regular business hours?

Configure day/time restrictions in user accounts

Configure account lockout in Group Policy

Configure account policies in Group Policy

Configure account expiration in user accounts

A

Configure day/time restrictions in user accounts

54
Q

You manage a single domain named widgets.com.

Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs.

You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users.

You need to make the change as easily as possible. Which of the following actions should you take?

Go to Active Directory Users and Computers. Select all user accounts in the Directors OU, and then edit the user account properties to require the longer password.

Create a GPO linked to the Directors OU. Configure the password policy in the new GPO.

Create a new domain. Move the contents of the Directors OU to the new domain and then configure the necessary password policy on the domain.

Implement a granular password policy for the users in the Directors OU.

A

Implement a granular password policy for the users in the Directors OU.

55
Q

You manage a single domain named widgets.com.

Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. Members of the Directors OU want to enforce longer passwords than are required for the rest of the users.

You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, which is a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officer, and he would like his account to have even more strict password policies than are required for other members in the Directors OU.

What should you do?

Create a granular password policy for Matt. Apply the new policy directly to Matt’s user account. Remove Matt from the DirectorsGG group.

Create a granular password policy for Matt. Create a new group, make Matt a member of the group, and then apply the new policy directly to the new group. Make sure the new policy has a higher precedence value than the value for the existing policy.

Edit the existing password policy. Define exceptions for the required settings. Apply the exceptions to Matt’s user account.

Create a granular password policy for Matt. Apply the new policy directly to Matt’s user account.

A

Create a granular password policy for Matt. Apply the new policy directly to Matt’s user account.

56
Q

You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company.

Which command can you use to disable this account?

usermod -L joer
usermod -l joer
usermod -d joer
usermod -u joer

A

usermod -L joer

57
Q

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones with no other values changed. Which of the following commands would accomplish this?

usermod -l kscott kjones
usermod -u kscott kjones
usermod -u kjones kscott
usermod -l kjones kscott

A

usermod -l kjones kscott

58
Q

An employee named Bob Smith, whose username is bsmith, has left the company. You have been instructed to delete his user account and home directory.

Which of the following commands would produce the required outcome? (Select two.)

userdel -h bsmith

userdel bsmith

userdel bsmith;rm -rf /home/bsmith

userdel -r bsmith

userdel -x bsmith

A

userdel -r bsmith
userdel bsmith;rm -rf /home/bsmith

59
Q

In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?

____

A

!

60
Q

Which of the following utilities could you use to lock a user account? (Select two.)

usermod
useradd
passwd
userdel
ulimit

A

usermod
passwd

61
Q

You suspect that the gshant user account is locked.

Enter the command you would use in a shell to show the status of the user account.

____

A

passwd -S gshant

62
Q

What is the effect of the following command?

chage -M 60 -W 10 jsmith

Sets the password for jsmith to expire after 60 days and sets a minimum of 10 days before a user can change the password again.

Deletes the jsmith user account after 60 days and gives a warning 10 days before expiration.

Sets the password for jsmith to expire after 10 days and gives a warning 60 days before expiration.

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration.

Forces jsmith to keep the password for 60 days before changing it while also giving a warning 10 days before expiration.

A

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration.

63
Q

Which chage option keeps a user from changing their password every two weeks?

-m 33
-W 33
-M 33
-a 33

A

-m 33

64
Q

Which account type in Linux can modify hard limits using the ulimit command?

Standard
User
Root
Administrator

A

Root

65
Q

Which of the following commands would you use to view the current soft limits on a Linux machine?

ulimit -c
ulimit -a
ulimit -u
ulimit -n

A

ulimit -a

66
Q

You are the administrator for a small company, and you need to add a new group of users to the system. The group’s name is sales. Which command accomplishes this task?

addgroup -x sales
groupadd sales
groupadd -r sales
addgroup sales

A

groupadd sales

67
Q

You have a group named temp_sales on your system. The group is no longer needed, so you should remove it. Which of the following commands should you use?

groupmod -n temp_sales
newgroup -R temp_sales
groupdel temp_sales
groupmod -R temp_sales

A

groupdel temp_sales

68
Q

Which of the following commands creates a new group and defines the group password?

groupadd -g
groupadd -c
groupadd -p
groupadd -r

A

groupadd -p

69
Q

You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.

___

A

groups dredford

70
Q

Using the groupadd -p command overrides the settings found in which file?

/root/logins.defs
/etc/login.defs
/usr/logins.txt
/etc/logins.txt

A

/etc/login.defs

71
Q

Which of the following commands is used to change the current group ID during a login session?

usermod
newgrp
groups
groupmod

A

newgrp

72
Q

You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?

newpasswd Research
gpasswd Research
groupmod -p Research
gpasswd research

A

gpasswd Research

73
Q

You are attempting to delete the temp group but are unable to.

Which of the following is the MOST likely cause?

All users have already been deleted.

Groups cannot be deleted.

The primary group of an existing user cannot be deleted.

The secondary group of an existing user cannot be deleted.

A

The primary group of an existing user cannot be deleted.

74
Q

Which of the following commands removes a user from all secondary group memberships?

usermod -aG

usermod -g

usermod -G

usermod -G “”

A

usermod -G “”

75
Q

Which of the following commands assigns a user to a primary group?

usermod -g

groupadd -g

usermod -G

groupadd - r

A

usermod -g

76
Q

Which of the following are methods for providing centralized authentication, authorization, and accounting for remote access? (Select two.)

PKI
AAA
RADIUS
EAP
TACACS+

A

RADIUS
TACACS+

77
Q

Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Three-way handshake
Mutual authentication
Hashed shared secret
Certificate-based authentication

A

Mutual authentication

78
Q

What does a remote access server use for authorization?

Usernames and passwords
SLIP or PPP
Remote access policies
CHAP or MS-CHAP

A

Remote access policies

79
Q

Which of the following authentication protocols transmits passwords in cleartext and, therefore, is considered too unsecure for modern networks?

RADIUS
PAP
CHAP
EAP

A

PAP

80
Q

You often travel away from the office. While traveling, you would like to use your laptop computer to connect directly to a server in your office and access files.

You want the connection to be as secure as possible. Which type of connection do you need?

Remote access
Intranet
Virtual private network
Internet

A

Remote access

81
Q

RADIUS is primarily used for what purpose?

Managing access to a network over a VPN

Authenticating remote clients before access to the network is granted

Managing RAID fault-tolerant drive configurations

Controlling entry-gate access using proximity sensors

A

Authenticating remote clients before access to the network is granted

82
Q

Which of the following are characteristics of TACACS+? (Select two.)

Allows two different servers (one for authentication and authorization and another for accounting)

Allows three different servers (one each for authentication, authorization, and accounting)

Uses UDP

Can be vulnerable to buffer overflow attacks

Uses TCP

A

Allows three different servers (one each for authentication, authorization, and accounting)

Uses TCP

83
Q

Which of the following is a characteristic of TACACS+?

Encrypts the entire packet, not just authentication packets

Uses UDP ports 1812 and 1813

Supports only TCP/IP

Requires that authentication and authorization are combined in a single server

A

Encrypts the entire packet, not just authentication packets

84
Q

Which of the following are differences between RADIUS and TACACS+?

RADIUS supports more protocols than TACACS+.

RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password.

RADIUS uses TCP; TACACS+ uses UDP.

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

A

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

85
Q

Which of the following ports are used with TACACS?

22
49
50 and 51
1812 and 1813
3389

A

49

86
Q

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user’s identity to the target system?

Voucher
Hashkey
Ticket
Coupon

A

Ticket

87
Q

You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

EAP
Mutual
SASL
Simple

A

SASL

88
Q

A user has just authenticated using Kerberos. Which object is issued to the user immediately following login?

Ticket-granting ticket
Digital certificate
Digital signature
Client-to-server ticket

A

Ticket-granting ticket

89
Q

You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port does this action use?

60
80
389
443
636
2208

A

636

90
Q

Your LDAP directory-services solution uses simple authentication. What should you always do when using simple authentication?

Add SASL and use TLS

Use Kerberos

Use IPsec and certificates

Use SSL

A

Use SSL

91
Q

Which ports does LDAP use by default? (Select two.)

69
161
110
636
389

A

636
389

92
Q

What is mutual authentication?

The use of two or more authentication factors.

A process by which each party in an online communication verifies the identity of the other party.

Deploying CHAP and EAP on remote access connections.

Using a certificate authority (CA) to issue certificates.

A

A process by which each party in an online communication verifies the identity of the other party.

93
Q

A manager has told you she is concerned about her employees writing their passwords for websites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment.

Which tool could you use to prevent this behavior?

Local Users and Groups
Key Management Service
Credential Manager
Computer Management

A

Credential Manager

94
Q

KWalletManager is a Linux-based credential management system that stores encrypted account credentials for network resources.

Which encryption methods can KWalletManager use to secure account credentials? (Select two.)

GPG
Twofish
HMAC-SHA1
Kerberos
Blowfish

A

GPG
Blowfish

Advanced Information Security (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions