Identity and Access Management

Question 1

Which of the following terms describes the process of allowing access to different resources?

Authorization

Authentication

Accountability

Answer 1

Authorization

Authorization describes the process of allowing access to different resources

Question 2

Which of the following states that users should be given only the level of access needed to perform their duties?

Separation of duties

Accountability

Principle of least privilege

Answer 2

Principle of least privilege

The principle of least privilege states that users should be given only the level of access needed to perform their duties

Question 3

Which of the following access control models allows object creators and owners to assign permissions to users?

Rule-based access control

Discretionary access control

Mandatory access control

Answer 3

Discretionary access control

The discretionary access control model allows object creators and owners to assign permissions to users

Question 4

An administrator wants to restrict access to a particular database based upon a stringent set of requirements. The organization is using a discretionary access control model. The database cannot be written to during a specified period when transactions are being reconciled. What type of restriction might the administrator impose on access to the database?

Access based upon membership in a logical group

Access from a particular workstation

Time-of-day and object permission restrictions

Answer 4

Time-of-day and object permission restrictions

The administrator would want to impose both a time-of-day and object permission restriction on users to prevent them from writing to the database during a specified time period

Question 5

Which of the following allows a user to use one set of credentials throughout an enterprise?

TACACS

RADIUS

Single sign-on

Answer 5

Single sign-on

Single sign-on allows a user to use one set of credentials throughout an enterprise to access various resources without having to reauthenticate with a different set of credentials

Question 6

Which of the following is used to prevent the reuse of passwords?

Disabling accounts

Account lockout

Password history

Answer 6

Password history

The password history setting in the account policy is used to prevent the reuse of older passwords

Question 7

Which of the following are the best ways to ensure that user accounts are being used appropriately and securely? (Choose two.)

Periodically review assigned privileges.

Allow users to maintain their privileges indefinitely, even during promotion or transfer.

Continuously monitor accounts, through auditing, to ensure accountability and security.

Ensure that users permissions stay cumulative, regardless of which group or job role they occupy.

Answer 7

Periodically review assigned privileges.

Continuously monitor accounts, through auditing, to ensure accountability and security.

Periodic reviews and continuous monitoring are two ways to ensure that accounts and privileges are used in accordance with organizational policy and in a secure manner

Question 8

Which of the following authentication factors would require that you input a piece of information from memory in addition to using a smart card?

Possession

Knowledge

Inherence

Answer 8

Knowledge

The knowledge factor would require that you input a piece of information, such as a password or PIN, from memory in addition to using a smart card

Question 9

You are implementing an authentication system for a new company. This is a small company, and the owner has requested that all users be able to create accounts on their own individual workstations. You would like to explain to the owner that centralized authentication might be better to use. Which of the following are advantages of centralized authentication? (Choose two.)

Centralized security policies and account requirements.

Ability of individuals to set their own security requirements.

Ability to use single sign-on capabilities within the entire organization.

Requirements have different user names and passwords for each workstation and resource.

Answer 9

Centralized security policies and account requirements.

Ability to use single sign-on capabilities within the entire organization.

Centralized system security policies as well as the ability to use single sign-on throughout the organization are two advantages of centralized authentication

Question 10

Under which of the following circumstances would a Windows host use Kerberos instead of NTLM v2 to authenticate users?

Authenticating to a server using only an IP address

Authenticating to a modern Windows Active Directory domain

Authenticating to a different Active Directory forest with legacy trusts enabled

Answer 10

Authenticating to a modern Windows Active Directory domain

When authenticating to a modern Windows Active Directory domain, Windows uses Kerberos as its authentication protocol by default