Lesson 8 - Questions Flashcards
You are consulting with a company about a new approach to authenticating users. You suggest there could be cost savings and better support for multifactor authentication (MFA) if your employees create accounts with a cloud provider. That allows the company’s staff to focus on authorizations and privilege management. What type of service is the cloud vendor performing?
What is the process of ensuring accounts are only created for valid users, only assigned the appropriate privileges, and that the account credentials are known only to the valid user?
What is the policy that states users should be allocated the minimum sufficient permissions?
What is a SOP?
What type of organizational policies ensure that at least two people have oversight of a critical business process?
Recently, attackers were able to compromise the account of a user whose employment had been terminated a week earlier. They used this account to access a network share and delete important files. What account vulnerability enabled this attack?
For what type of account would interactive logon be disabled?
What directory object would you use if you want to apply a different security policy to a subset of objects within the same domain?
Why might forcing users to change their password every month be counterproductive?
What is the name of the policy that prevents users from choosing old passwords again?
In what two ways can an IP address be used for context-based authentication?
How does accounting provide non-repudiation?
Which information resource is required to complete usage auditing?
What is the difference between locked and disabled accounts?
What are the advantages of a decentralized, discretionary access control policy over a mandatory access control policy?
What is the difference between security group- and role-based permissions management?
In a rule-based access control model, can a subject negotiate with the data owner for access privileges? Why or why not?
What is the purpose of directory services?
True or false? The following string is an example of a distinguished name: CN=ad, DC=classroom,DC=com
You are working on a cloud application that allows users to log on with social media accounts over the web and from a mobile application. Which protocols would you consider and which would you choose as most suitable?
Your company has been the victim of several successful phishing attempts over the past year. Attackers managed to steal credentials from these attacks and used them to compromise key systems. What vulnerability contributed to the success of these social engineers, and why?
Why should an organization design role-based training programs?
You are planning a security awareness program for a manufacturer. Is a pamphlet likely to be sufficient in terms of resources?
