Lesson 8 - Questions

Question 1

You are consulting with a company about a new approach to authenticating users. You suggest there could be cost savings and better support for multifactor authentication (MFA) if your employees create accounts with a cloud provider. That allows the company’s staff to focus on authorizations and privilege management. What type of service is the cloud vendor performing?

Question 2

What is the process of ensuring accounts are only created for valid users, only assigned the appropriate privileges, and that the account credentials are known only to the valid user?

Question 3

What is the policy that states users should be allocated the minimum sufficient permissions?

Question 4

What is a SOP?

Question 5

What type of organizational policies ensure that at least two people have oversight of a critical business process?

Question 6

Recently, attackers were able to compromise the account of a user whose employment had been terminated a week earlier. They used this account to access a network share and delete important files. What account vulnerability enabled this attack?

Question 7

For what type of account would interactive logon be disabled?

Question 8

What directory object would you use if you want to apply a different security policy to a subset of objects within the same domain?

Question 9

Why might forcing users to change their password every month be counterproductive?

Question 10

What is the name of the policy that prevents users from choosing old passwords again?

Question 11

In what two ways can an IP address be used for context-based authentication?

Question 12

How does accounting provide non-repudiation?

Question 13

Which information resource is required to complete usage auditing?

Question 14

What is the difference between locked and disabled accounts?

Question 15

What are the advantages of a decentralized, discretionary access control policy over a mandatory access control policy?

Question 16

What is the difference between security group- and role-based permissions management?

Question 17

In a rule-based access control model, can a subject negotiate with the data owner for access privileges? Why or why not?

Question 18

What is the purpose of directory services?

Question 19

True or false? The following string is an example of a distinguished name: CN=ad, DC=classroom,DC=com

Question 20

You are working on a cloud application that allows users to log on with social media accounts over the web and from a mobile application. Which protocols would you consider and which would you choose as most suitable?

Question 21

Your company has been the victim of several successful phishing attempts over the past year. Attackers managed to steal credentials from these attacks and used them to compromise key systems. What vulnerability contributed to the success of these social engineers, and why?

Question 22

Why should an organization design role-based training programs?

Question 23

You are planning a security awareness program for a manufacturer. Is a pamphlet likely to be sufficient in terms of resources?