Identity and Access Management

Question 1

This type of control enables data owners to dictate what subjects have access to the files and resources they own.

A. RBAC
B. MAC
C. DAC
D. RB-RBAC

Answer 1

DAC

Discretionary Access Control

Question 2

This type of control uses a security label system. Users have clearances, and resources have security labels that contain data classifications.

A. RBAC
B. MAC
C. DAC
D. RB-RBAC

Answer 2

MAC

Mandatory Access Control

Question 3

What type of control is network architecture?

A. Physical
B. Technical
C. Administrative
D. Management

Answer 3

B

Question 4

What type of control is auditing?

A. Physical
B. Technical
C. Administrative
D. Management

Answer 4

B

Question 5

What type of control is perimeter security?

A. Physical
B. Technical
C. Administrative
D. Management

Answer 5

A

Question 6

What type of control is security-awareness training?

A. Physical
B. Technical
C. Administrative
D. Management

Answer 6

C

Question 7

This is a set of rules for encoding documents in machine-readable form to allow for interoperability between various web-based technologies.

Answer 7

XML

Extensible MArkup Language

Question 8

This is a framework being developed for exchanging user, resource, and service provisioning information between cooperating organizations.

This markup allows for the integration and interoperation of service provisioning requests across various platforms.

Answer 8

SPML

Service Provisioning Markup Language

Question 9

This is both a declarative access control policy language and a processing model, describes how to interpret security policies.

SAML is just a way to send authentication data. It does not tell the receiving system how to interpret and use this authentication data. This does….

Answer 9

XACML

Extensible Access Control Markup Language

Question 10

This is a word for a threshold value. If this value is exceeded, the activity is considered to be an event that is logged, investigated, or both.

Answer 10

Clipping level

Question 11

Which of the following can provide SSO capabilities? (you can choose more than one)

A. LDAP
B. thin clients
C. Kerberos
D. SPML

Answer 11

B and C

Question 12

Which of following is not a weakness of Kerberos?

A. There must be management of secret keys
B. Susceptible to password guessing
C. KDC is a single point of failure
D. Session and secret keys are locally stored.
E. None of the above.

Answer 12

E

Question 13

This phrase is used to describe when a user gains too much access rights and permission over time.

Answer 13

Authorization Creep

Question 14

The security analyst reports a problem with pharming. What should be hardened?

A. Firewall
B. DHCP
C. Email Server
D. DNS

Answer 14

D

Question 15

This allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems.

A. SOAP
B. SAML
C. SOA
D. SPML

Answer 15

SPML

Service Provisioning Markup Language

Question 16

This allows for the exchange of authentication and authorization data to be shared between security domains.

A. SOAP
B. SAML
C. SOA
D. SPML

Answer 16

SAML

Security Assertion Markup Language

Question 17

This is a protocol specification for exchanging structured information in the implementation of web services and networks environments.

A. SOAP
B. SAML
C. SOA
D. SPML

Answer 17

SOAP

Simple Object Access Protocol

Question 18

These environments allow for a suite of interoperable services to be used within multiple, separate systems form several business domains.

A. SOAP
B. SAML
C. SOA
D. SPML

Answer 18

SOA

Service Oriented Architecture

Question 19

This is an open standard and protocol that allows third-party authentication of a user.

Answer 19

OpenID

Question 20

This is an open standard that allows a user to grant authority to some web resource, like a contacts database, to a third party.

Answer 20

OAuth

Question 21

Name two contactless smart card architectures.

A. SOAP
B. Combi
C. TEMPEST
D. Hybrid

Answer 21

B and D

Question 22

Which of the following is not a centralized administration access control technology.

A. RADIUS
B. TACACS++
C. Diameter
D. TACACS+

Answer 22

B

Question 23

This type of IDS matches patterns, similar to anti-virus software and can not identify brand new attacks.

A. Anomaly-Based
B. Rule-Based
C. Signature-Based
D. Pattern-Based

Answer 23

C

Question 24

This type of IDS is behavioral-based that learns the “normal” activities of an environment. It can detect new attacks but can be challenging to calibrate.

A. Anomaly-Based
B. Rule-Based
C. Signature-Based
D. Pattern-Based

Answer 24

A

Question 25

This IDS type uses IF/THEN programming within an expert system. Cannot detect new attacks.

A. Anomaly-Based
B. Rule-Based
C. Signature-Based
D. Pattern-Based

Answer 25

B

Question 26

This type of IDS has three sub-types: Statistical, Protocol, and Traffic. Also sometimes called heuristic-based.

A. Anomaly-Based
B. Rule-Based
C. Signature-Based
D. Pattern-Based

Answer 26

A

Question 27

How do you feed all network data to a NIDS in a switched environment?

Answer 27

Put the traffic on a span port to the NID device.

Question 28

In a RADIUS and TACACS+ implementation, a remote user is a client to an access server, and the access server is a client to the RADIUS/TACACS+ server. Which of the following is a security flaw of RADIUS vs. TACACS+ ?

A. RADIUS uses the AAA architecture, separating authentication, authorization, and auditing for more flexibility.
B. TACACS+ uses TCP.
C. RADIUS works over PPP connections.
D. RADIUS sends username, accounting, and authorization services in cleartext.

Answer 28

D

A. is wrong b/c TACACS+ uses the AAA architecture, separating authentication, authorization, and auditing for more flexibility.
B. Is wrong b/c TCP means less intelligent code needs to be written into TACACS+
C. Is not necessarily a security flaw, just a limit to functionality.

Question 29

Counter-based (aka event-based) is a type of __________ token-based OTP?

A. Synchronous
B. Asynchronous

Answer 29

A

Question 30

Time-based is a type of __________ token-based OTP?

A. Synchronous
B. Asynchronous

Answer 30

A

Question 31

A challenge/response mechanism is employed in ______________ OTP?

A. Synchronous
B. Asynchronous

Answer 31

B

Question 32

A one-time password (OTP) generated in software, which does not require a piece of hardware like a token device, is called a ____________ .

Answer 32

Soft Token

Question 33

This is a portable identity and its associated entitlements that can be used across business boundaries.

Answer 33

Federated Identity

Question 34

A _________ language is a way to structure text and data sets, and it dictates how these will be viewed and used. HTML is an example of it.

Answer 34

markup

Question 35

_________ is a universal and foundational standard that provides a structure for other independent markup languages to be built from and still allow for INTEROPERABILTY.

Answer 35

XML

Question 36

Which of the following is not a component of a SAML-based process?

A. Requester
B. Principle
C. Identity Provider
D. Service Provider

Answer 36

A.

Principle = User
Identity Provider = Your company
Service Provider = e.g. Google for gmail service

Question 37

In MAC implementations, the system makes access decisions by comparing the subject’s clearance and need-to-know level to the object’s what?

A. ACL
B. Identity Label
C. Security Label
D. MAC Label

Answer 37

C

aka sensitivity label

Question 38

In DAC implementations, the system compares the subject’s identity to the resource’s what?

A. ACL
B. Identity Label
C. Security Label
D. DAC Label

Answer 38

A

Question 39

If rights are being assigned implicitly in RBAC, they are assigned to a _______ and the user inherits those attributes.

Answer 39

role or group

Question 40

This specifies the access rights a certain subject possess pertaining to specific objects.

A. Access Control Matrix
B. Capability Table
C. ACL
D. Sensitivity Label

Answer 40

B

Question 41

Bound to an object and indicates what subjects can access it and what operations they can carry out.

A. Access Control Matrix
B. Capability Table
C. ACL
D. Sensitivity Label

Answer 41

C