Implementation (2) Flashcards
On a mobile device, __________ allow(s) more performance-intensive applications to execute within their own segment to improve performance.
Storage segmentation
VDI
Remote access controls
Storage segmentation
Storage segmentation allows more performance-intensive applications to be executed in a segment that increases the performance of those applications. Because mobile devices are somewhat less powerful than desktop or laptop computing systems, this can improve performance noticeably
You are creating a standard security baseline for all users who use company mobile phones. Which of the following is the most effective security measure to protect against unauthorized access to the mobile device?
Enforce the use of a screen lock password.
Enable the GPS chip.
Install personal firewall software.
Enforce the use of a screen lock password.
To prevent unauthorized access to the device in the event it is lost or stolen, you can enable a screen lock password. The user will not be able to access the device until he enters the password
__________ is a term that is similar to jailbreaking but is Android specific.
Segmentation
Virtualization
Rooting
Rooting
Rooting is a term that is similar to jailbreaking but is Android specific
Apple’s Face ID is an example of using what?
VDI
Biometrics
Containerization
Biometrics
Apple’s Face ID is an example of using biometrics and is commonly used for authentication into newer Apple iPhones and iPads
A VPC __________ allows you to privately connect a VPC to supported services without requiring a NAT device, a VPN, or an Internet gateway.
endpoint
encryptor
firewall
endpoint
A virtual private cloud (VPC) endpoint allows you to privately connect a VPC to supported services without requiring a network address translation (NAT) device, a virtual private network (VPN), or an Internet gateway
Which of the following acts inline to screen and either block or allow incoming or outgoing web traffic to and from a virtual network?
CASB
API inspection tool
Next-generation SWG
Next-generation SWG
A next-generation secure web gateway (SWG) acts inline to screen and either block or allow incoming or outgoing web traffic to and from a virtual network
Cloud storage permissions can be defined as which of the following types? (Choose two.)
Uniform
Mandatory
Fine-grained
Discretionary
Uniform
Fine-grained
Cloud storage permissions can be defined within two broad types: uniform and fine-grained
Rowan works for a company that has had a string of incidents where weak employee passwords have been hacked through brute-force methods and then used by unauthorized users to gain access to the network. Which of the following security policies would be best for Rowan to implement to prevent brute-force hacking attempts on employee passwords?
Password rotation
Password expiration
Password lockout
Password lockout
Rowan can lock out an account if an incorrect password has been entered too many times. Although password length, complexity, rotation, and expiration are helpful security measures, brute-force attacks can most efficiently be stopped by limiting the number of attempted logons
Alex has already implemented a password expiration and rotation policy that forces his organization’s users to change their password every 60 days. However, he is finding that many users are simply using their same password again. Which of the following can Alex implement to improve security?
Password history
Password complexity
Password lockout
Password history
When password history is enabled, the system can remember a user’s former passwords. When the current password expires, the system forces the user to use a new password that is not the same as one of her previous passwords, preventing password reuse
An __________ creates, maintains, and manages identity information for an organization.
Identity manager
Identity provider
Identity validator
Identity provider
An identity provider (IdP) creates, maintains, and manages identity information for an organization
SAML implementations have three basic roles: the identity, the identity provider, and the __________.
Internet provider
service provider
authentication provider
service provider
The service provider takes the token passed from the identity provider and either accepts the request and provides services to the user or denies the request and does not
Your organization has several home users with Internet access who require remote access to your organization’s network. Which of the following remote access and authentication technologies would be the most secure?
Dial-up access to a Kerberos server
A VPN authenticated to a RADIUS server
Telnet access to a local password database
A VPN authenticated to a RADIUS server
By using a VPN authenticated to a RADIUS server, you ensure that your communications are encrypted and that secure authentication takes place to the RADIUS server
You are creating an access control model that will allow you to assign specific access policies depending on which network a user is on and not necessarily on the actual identity of the specific user. Which privilege management access control model would you use?
Rule-based access control
Discretionary access control
Attribute-based access control
Rule-based access control
Rule-based access control is defined with an access control list (ACL), which specifies a set of rules that must be followed before access is granted. Rule-based access control does not necessarily have to be tied to an authorized identity and could involve access permissions based on network location, content of messages (such as e-mail text or attachments), and other types of content filtering
To improve the integrity and authentication of your encryption systems, you have contacted a CA to generate which of the following items for you?
Digital certificate and public/private key pair
Public key and a private hash
Private key and a certificate
Digital certificate and public/private key pair
When a user’s identification is established, the certificate authority (CA) generates public and private keys for the user. A certificate is then generated with the identification and public key information embedded within it. Once the user is registered and receives his certificate, he can begin using it to send encrypted messages
You have been tasked with contacting your CA and revoking your company’s current web server certificate. Which of the following is the most likely reason to revoke the certificate?
You renewed your certificate after it expired.
The previous network administrator who created the certificate was fired.
You installed a new web server.
The previous network administrator who created the certificate was fired.
The certificate should be revoked because the user assigned to that certificate is no longer with the company. This prevents the user from continuing to use that certificate for encryption and authentication