Identity and Access Management Flashcards

1
Q

John is a network administrator for ACME company. He is trying to explain least privileges to a new technician. Which of the following is the basic premise of least privilege?

Always assign responsibilities to the administrator who has the minimum permissions required.

When assigning permissions, give users only the permissions they need to do their work and no more.

Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing.

A

When assigning permissions, give users only the permissions they need to do their work and no more.

Least privileges means to grant just enough privileges to do the job and no more. The other answers do not describe least privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes?

DAC

MAC

RBAC

A

DAC

Discretionary access control allows users to define access. Answer B is incorrect, as this would be more restrictive. Answer C is role-based access control. Answer D is not an access control mechanism

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ahmed has been directed to ensure that LDAP on his network is secure. LDAP is an example of which of the following?

Directory access protocol

IDS

Tiered model application development environment

A

Directory access protocol

LDAP, or Lightweight Directory Access Control, is a directory access protocol. The other answers are simply not related to directory access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can’t be changed by users?

MAC

DAC

RBAC

A

MAC

Mandatory Access Control cannot be modified by users and is considered more secure. Answer B is incorrect—DAC provides the users flexibility and is less secure. Answer C is incorrect. RBAC is not based on pre-established access, but rather roles. Answer D is incorrect. Kerberos is an authentication protocol, not an access method

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your office administrator is being trained to perform server backups. Which access control method would be ideal for this situation?

MAC

DAC

RBAC

A

RBAC

Role-Based Access Control is based on the user’s role, in this case the office administrator. Answers A and B are incorrect and are not based on user roles. Answer D is not related to access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You’ve been assigned to mentor a junior administrator and bring her up to speed quickly. The topic you’re currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?

CHAP

Kerberos

Biometrics

A

Kerberos

Kerberos uses a KDC or Key Distribution Center. The other answers do not

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

After a careful risk analysis, the value of your company’s data has been increased. Accordingly, you’re expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?

Multifactor

Biometrics

Smartcard

Kerberos

A

Multifactor

Multifactor authentication uses more than one method. Answers B, C, and D are all one-factor methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it’s imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?

Tokens

Certificate

Smartcard

Kerberos

A

Tokens

Tokens are secure and can be one-time tokens. Answers B, C, and D can all be used more than once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is the term used whenever two or more parties authenticate each other?

SSO

Multifactor authentication

Mutual authentication

A

Mutual authentication

Two parties authenticating each other is mutual authentication. The other answers do not describe this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?

LDAP access

Fuzzing access

Transitive access

A

Transitive access

This is a classic example of transitive access. Answer A is incorrect. LDAP is a directory access protocol. Answers B and C are not access descriptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is a type of smartcard issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?

POV

DLP

CAC

A

CAC

The CAC is the smart card used by the U.S. Department of Defense

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

You are working as a security administrator for a small financial institution. You want to use an authentication method that will periodically reauthenticate clients. Which protocol is best suited for this?

PAP

SPAP

KERBEROS

CHAP

A

CHAP

CHAP periodically re-authenticates. Answers A, B, and C are all authentication methods but do not re-authenticate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

John is trying to determine the origin of an email. He has captured the email headers and knows the IP address of the originating email server. What command would show John the complete path to that IP address?

ping -a

arp

tracert

nslookup

A

tracert

tracert (or traceroute in Linux) will show the complete path to the IP address. Answer A is incorrect—pi ng shows if a site is reachable, but not the path to it. Answer B is incorrect—arp shows address resolution protocol tables. Answer D is incorrect; nslookup is used with DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Juanita is the security administrator for a large university. She is concerned about copyright issues and wants to ensure that her university does not violate copyrights. What would be her main concern regarding unauthorized software?

It might be copyrighted.

It might be used to circumvent copyright protection.

That should not be a copyright concern.

A

It might be copyrighted

Software is subject to copyright, and unauthorized software might be copyrighted software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Terrance is examining an authentication system that was developed at MIT and uses tickets for authentication. What system is Terrance most likely examining?

CHAP

MS-CHAP

KERBEROS

OATH

A

KERBEROS

Kerberos was invented at MIT and uses tickets for authentication. Answers A and B are Challenge Handshake Authentication Protocol, which does not use tickets. Answer D also is an authentication protocol that does not use tickets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects?

High FRR, low FAR

High FAR, low FRR

Low CER

A

Low CER

You want a crossover error rate, also called equal error rate, and you want it to be low

17
Q

Jarod is evaluating web-based, single sign-on solutions. Which of the following technologies is most associated with web page authorization?

SAML

PIV

CHAP

RBAC

A

SAML

SAML is used with web page authorization. Answer B is incorrect—PIV is a type of smart card. Answer C is incorrect—CHAP is a type of authentication protocol. Answer D is incorrect—RBAC is an access control protocol

18
Q

You are a network administrator for ACME Corporation. You want to implement a new access control mechanism. The mechanism you are considering takes into account the entire environment/scenario of the access request. What does this describe?

MAC

DAC

RBAC

ABAC

A

ABAC

Attribute Based Authentication looks at the entire environment. Answers A, B, and C are all access control methods but do not consider the entire environment

19
Q

Dennis has implemented an authentication system that uses a password, a PIN, and the user’s birthday. What best describes this system?

Single factor

Two factor

Three factor

A

Single factor

Although three items are used, they are all Type I, something you know. Two-factor or strong, authentication requires two authentication methods from two different categories (Type I, II, or III)