Question Set 4 Flashcards
Who is responsible for establishing access permissions to network resources in the DAC access control model? A. The system administrator B. The owner of the resource C. The system administrator and the owner of the resource D. The user requiring access to the resource
B. The owner of the resource
Which access control system allows the system administrator to establish access permissions to network resources? A. MAC B. DAC C. RBAC D. None of the above
A. MAC
Which of the following access control models uses roles to determine access permissions? A. MAC B. DAC C. RBAC D. None of the above
C. RBAC
How is access control permissions established in the RBAC access control model? A. The system administrator B. The owner of the resource C. The roles or responsibilities users have in the organization D. None of the above
C. The roles or responsibilities users have in the organization
What does the DAC access control model use to identify the users who have permissions to a resource? A. Predefined access privileges B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above
C. ACLs
What does the MAC access control model use to identify the users who have permissions to a resource? A. Perdefined access privileges B. The role or responsibilities users have in the organization C. Access Control Lists D. None of the above
A. Predefined access privileges
Which of the following statements regarding the MAC access control models is TRUE? A. The Mandatory Access Control (MAC) model is a dynamic model. B. In the Mandatory Access Control (MAC) the owner of a resource establishes access privileges to that resource. C. In the Mandatory Access Control (MAC) users cannot share resources dynamically. D. The Mandatory Access Control (MAC) model is not restrictive.
C. In the Mandatory Access Control (MAC) users cannot share resources dynamically
Which of the following are types of certificate-based authentication? (SELECT TWO) A. Many-to-one mapping B. One-to-one mapping C. One-to-many mapping D. Many-to-many mapping
A. Many-to-one mapping B. One-to-one mapping
The ability to logon to multiple systems with the same credentials is typically known as: A. decentralized management B. single sign-on C. Role Based Access Control (RBAC) D. centralized management
B. single sign-on
Remote authentication allows you to authenticate Zendesk users using a locally hosted script. Which of the following is an example of remote authentication? A. A user on a metropolitan are network (MAN) accesses a host by entering a username and password pair while not connected to the LAN. B. A user on a campus are network (CAN) connects to a server in another building and enters a username and password pair. C. A user in one building logs on to the network by entering a username and password into a host in the same building. D. A user in one city logs onto a netwrok by connecting to a domain server in another city.
D. A user in one city logs onto a network by connecting to a domain server in another city.
The DAC (Discretionary Access Control) model has an inherent flaw. Choose the option that describes this flaw. A. The DAC (Discretionary Access Control) model uses only the identity of the user or sspecific process to control access to a resource. This creates a security loophole for Trojan horse attacks. B. The DAC (Discretionary Access Control) model uses certificates to control access to resources. This creates an opportunity for attackers to use your certificates. C. The DAC (Discretionary Access Control) model does not use the identity of a user to control access to resources. This allows anyone to use an account to access resources. D. The DAC (Discretionary Access Control) model does not have any known security flaws.
A. The DAC (Discretionary Access Control) model uses only the identity of the user or sspecific process to control access to a resource. This creates a security loophole for Trojan horse attacks.
You work as the network administrator for ABZ.com. The ABZ.com network uses the RBAC (Role Based Access Control) model. You must plan the security strategy for users to access resources on the ABZ.com network. The types of resources you must control access to our mailboxes and files and printers. ABZ.com is divided into distinct departments and functions named Finance Sales Research and Development and Production respectively. Each user has its own workstation and accesses resources based on the department wherein he/she works. You must determine which roles to create to support the RBAC (Role Based Access Control) model. Which of the following roles should you create? A. Create mailbox and file and printer roles. B. Create Finance Sales Research and Development and Production roles. C. Create user and workstation roles. D. Create allow access and deny access roles.
B. Create Finance Sales Research and Development and Production roles.
Choose the access control model that allows access control determinations to be performed based on the security labels associated with each user and each data item. A. MACs (Mandatory Access Control) method B. RBACs (Role Based Access Control) method C. LBACs (List Based Access Control) method D. DACs (Discretionary Access Control) method
A. MACs (Mandatory Access Control) method
Choose the terminology or concept which best describes a (Mandatory Access Control) model. A. Lattice B. Bell La-Padula C. BIBA D. Clark and Wilson
A. Lattice
Which authentiation method does the following sequence: Logon request encrypts value response server challenge compare encrypts results authorize or fail refer to? A. Certificates B. Security Tokens C. CHAP D. Kerberos
C. CHAP
Which of the following types of publicly accessible servers should have anonymous logins disabled to prevent an attacker from transferring malicious data? A. FTP B. Email C. Web D. DNS
A. FTP
Which of the following will restrict access to files according to the identity of the user or group? A. MAC B. CRL C. PKI D. DAC
D. DAC
Which of the following network authentication protocols uses symmetric key cryptography stores a shared key for each network resource and uses a Key Distrobution Center (KDC)? A. RADIUS B. TACACS+ C. Kerberos D. PKI
C. Kerberos
Which of the following access control models uses subject and object labels? A. Mandatory Access Control (MAC) B. Role Based Access Control (RBAC) C. Rule Based Access Control (RBAC) D. Discretionary Access Control (DAC)
A. Mandatory Access Control (MAC)
Which of the following access decisions are based on a Mandatory Access Control (MAC) environment? A. Access control lists B. Ownership C. Group membership D. Sensitivity labels
D. Sensitivity labels
Which of the following types of authentication BEST describes providing a username password and undergoing a thumb print scan to access a workstation? A. Multifactor B. Mutual C. Biometric D. Kerberos
A. Multifactor
Users would not like to enter credentials to each server or application to conduct their normal work. Which type of stategy can solve this problem? A. Biometrics B. Smart card C. Two-factor authentication D. SSO
D. SSO
Kerberos uses which of the following ports by default? A. 23 B. 88 C. 139 D. 443
B. 88
Which of the following authentication systems make use of the KDC Key Distribution Center? A. Certificates B. Security Tokens C. CHAP D. Kerberos
D. Kerberos
Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession? A. Smart Cards B. Kerberos C. CHAP D. Certificate
A. Smart Cards
Users need to access their email and several secure applications from any workstation on the network. In addition an authentication system implemented by the administraotr requires the use of a username password and a company issued smart card. This is an example of which of the following? A. Three factor authentication B. SSO C. ACL D. Least privilege
B. SSO
Which of the following statements regarding authentication protocols is FALSE? A. PAP is insecure because usernames and passwords are sent over the network in celar text. B. CHAP is more secure than PAP because it encrypts usernames and passwords before they are sent over the network. C. RADIUS is a client/server-based system that provides authenticaton authorization and accounting services for remote dial-up access. D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server
D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server
Many unauthorized staff has been entering the data center by piggybacking authorized staff. The CIO has mandated to stop this behavior. Which technology should be installed at the data center to prevent piggybacking? A. Mantrap B. Token access C. Security badges D. Hardware locks
A. Mantrap
Which definition best defines what a challenge-response session is? A. A challenge-response session is a workstation or system that produces a random challange string that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number). B. A challenge-response session is a workstation or system that produces a random login ID that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number). C. A challenge-response session is a special hardware device used to produce random text in a cryptography system. D. A challenge-response session is the authentication mechanism in the workstation or system that does not determine whether the owner should be authenticated.
A. A challenge-response session is a workstation or system that produces a random challange string that the user provides when prompted in conjunction with the proper PIN (Personal Identification Number).
The hashing algorithm is created from a hash value making it nearly impossible to derive the original input number. Which item can implement the strongest hashing algorithm? A. NTLMv2 B. LANMAN C. NTLM D. VLAN
A. NTLMv2
For which reason are clocks used in Kerberos authentication? A. Clocks are used to ensure proper connections. B. Clocks are used to ensure that tickets expire correctly. C. Clocks are used to generate the seed value for the encryptions key. D. Clocks are used to both benchmark and specify the optimal encryption algorithm.
B. Clocks are used to ensure that tickets expire correctly.
A VPN typically provides a remote access link from one host to another over: A. an intranet B. a modern C. a network interface card D. the Internet
D. the Internet
In which authentication model a ticket granting server is an important concept? A. CHAP B. PAP C. Kerberos D. RADIUS
C. Kerberos
In a secure environment which authentication mechanism will perform better? A. RADIUS because it encrypts client-server passwords. B. TACACS because it encrypts client-server negotiation dialogs. C. TACACS because it is a remote access authentication service. D. RADIUS because it is a remote access authentication service
B. TACACS because it encrypts client-server negotiation dialogs.
Which goals can be achieved by use of secuity templates? (SELECT TWO) A. To ensure that PKI will work properly within the company’s trust model B. To ensure that performance is standardized across all servers. C. To ensure that servers are in compliance with the corporate security policy. D. To ensure that all servers start from a common security configuration.
C. To ensure that servers are in compliance with the corporate security policy. D. To ensure that all servers start from a common security configuration.
A newly hired security specialist is aked to evaluate a company’s network security. The secuity specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take? A. Install software patches B. Disable non-essential services C. Enforce the security policy D. Password management
C. Enforce the security policy
Which of the following can be used to implement a procedure to control inbound and outbound traffic on a network segment? A. Proxy B. NIDS C. ACL D. HIDS
C. ACL
Giving each user or a group of users only the access they need to do their job is an example of which of the following security principals? A. Least privilege B. Defense in depth C. Separation of duties D. Access control
A. Least privilege
The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer. A. At the stage when the connection is established and at whichever time after the connection has been established. B. At the stage when the connection is established and when the connection is disconnected. C. At the stage when the connection is established. D. At the stage when the connection is diconnected.
A. At the stage when the connection is established and at whichever time after the connection has been established.
Most key fob based identification systems use which of the following types of authentication mechanisms? A. Kerberos B. Biometrics C. Username/password D. Token
C. Username/password D. Token
A graphical user interface (GUI) is a type of user interface which allows people to interact with electronic devices such as computers; hand-held devices such as MP3 Players Portable Media Players or Gaming devices; household appliances and office equipment. Which of the following will allow a technician to restrict a user accessing to the GUI? A. Use of logical tokens B. Group policy implementation C. Password policy enforcement D. Access control lists
B. Group policy implementation
Which authentication method will prevent a replay attack from occuring? A. RADIUS B. L2TP C. Kerberos D. CHAP
C. Kerberos
Access controls based on security labels associated with each data item and each user are known as: A. Mandatory Access Control (MAC) B. Role Based Access Control (RBAC) C. List Based Access Control (LBAC) D. Discrectionay Access Control (DAC)
A. MAC
A user is assigned access rights explicitly. This is feature of which of the following access control models? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Rule Based Access Control (RBAC) D. Role Based Access Control (RBAC)
A. DAC
During which phase of identification and authentication does proofing occur? A. Authenication B. Testing C. Verification D. Identification
D. Indentification
During which phase of identification and authentication does proofing occur? A. Authentication B. Testing C. Verification D. Identification
D. Identification
Which of the following describes the process by which a single user name and password can be entered to access multiple computer applications? A. Single sign-on B. Encryption protocol C. Access control lists D. Constrained user interfaces
A. Single sign-on
Which security action should be finished before access is given to the network? A. Identification and authorization B. Identification and authentication C. Authentication and authorization D. Authentication and password
B. Identifciation and authentication
The authendication process wehre the user can access several resources without the need for multiple credentials is known as: A. Discretionary Access Control (DAC) B. Need to know C. Decentralized management D. single sign-on
D. Single sign-on
Which item best describes an instance where a biometric system identifies legitimate users as being unauthorized? A. False acceptance B. False positive C. False rejection D. False negative
C. False rejection
Which of the following is the best description about the method of controlling how and when users can connect in from home? A. Remote access policy B. Remote authentication C. Terminal access control D. Virtual Private Networking (VPN)
A. Remote Access Policy
The implicit deny will block anything you didn’t specifically allow but you may have allowed stuff that you don’t need. A technician is reviewing the system logs for a firewall and is told that there is an implicit deny whithin the ACL. Which is an example of an implicit deny? A. An implicit deny statement denies all traffic from one network to another B. Each item is denied by default because of the implicit deny. C. Items which are not specifically given access are denied by default. D. An ACL is a way to secure traffic from one network to another
C. Items which are not specifically given access are denied by default.
In order to allow for more oversight of past transactions a company decides to exchange positions of the purchasing agent and the accounts receivable agent. Which is an example of this? A. Seperation of duties B. Least privilege C. Implicit deny D. Job rotation
D. Job rotation
Which method could identify when unauthorized access has occurred? A. Implement session termination mechanism. B. Implement previous logon notification. C. Implement session lock mechanism D. Implement two-factor authentication.
B. Implement previous logon notification
Which item is not a logical access control method? A. biometrics B. Group Policy C. ACL D. Software token
A. Biometrics
Which one of the following options will create a security buffer zone between two rooms? A. Mantrap B. Anti-pass back C. DMZ D. Turnstile
A. Mantrap
On the basis of certain ports which of the following will allow wireless access to network resources? A. 802.11a B. 802.11n C. 802.1x D. 802.11g
C. 802.1x
An organization has a hierarchical-based concept of privilege management with administrators having full access human resources personnel having slightly less access and managers having access to their own department files only. This is BEST described as: A. Discretionary Access Control (DAC) B. Rule Based Access Control (RBAC) C. Mandatory Access Control (MAC) D. Role Based Access Control (RBAC)
D Role Based Access Control (RBAC)
The first step in creating a security baseline would be: A. identifying the use case B. installing software patches C. vulnerability testing D. creating a security policy
D. Creating a security policy
You work as a network administrator for your company. Your company requires you to improve the physical security of a data center located inside the office building. The data center already maintains a physical access log and has a video surveillance system. Which additional control can be performed? A. ACL B. Defense-in-depth C. Logical token D. Mantrap
D. Mantrap
Which solution can be used by a user to implement very tight security controls for technicians that seek to enter the user’s datacenter? A. Combination locks and key locks B. Smartcard and proximity readers C. Magnetic lock and pin D. Biometric reader and smartcard
D. Biometric reader and smartcard
The difference between identification and authentication is that: A. authentication verifies a set of credentials while identification verifies the identity of the network. B. Authentication verifies a user ID belongs to a specific user while identification verifies the identity of a user group. C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials. D. authentication verifies the identity of a user requesting credentials while identification verifies a set of credentials.
C. authentication verifies a set of credentials while identification verifies the identity of a user requesting credentials.
From the listing of attacks which analyzes how the operating system (OS) responds to specific network traffic in an attempt to determine the operating system running in your networking environment? A. Operating system scanning B. Reverse engineering C. Fingerprinting D. Host hijacking
C. Fingerprinting
Both the server and the client authenticate before exchanging data. This is an example of which of the following? A. SSO B. biometrics C. mutual authentication D. multifactor authentication
C. mutual authentication
After the maximum number attempts have failed which of the following could set an account to lockout for 30 minutes? A. Account lockout threshold B. Account lockout duration C. Password complexity requirements D. Key distribution center
B. Account lockout duration
Which of the following has largely replaced SLIP? A. SLIP (Serial Line Internet Protocol) B. PPP (Point-to-Point Protocol) C. VPN D. RADIUS (Remote Authentication Dial-In User Service)
B PPP (Point-to-Point Protocol)
Which of the following definitions fit correctly to RADIUS? A. is an older protocol that was used in early remote access environments. B. has largely replaced SLIP and offers multiple protocol support including Appletalk IPX and DECnet. C. are used to make connections between private networks across a public network such as the Internet. D. is a mechanism that allows authentication of dial-in and other network connections
D. is a mechanism that allows authentication of dial-in and other network connections
Which of the definitions fit correctly to TACACS? A. is an older protocol that was used in early remote access environments. B. has largely replaced SLIP and offers multiple protocol support including AppleTalk IPX and DECnet. C. are used to make connections between private networks across a public network such as the Internet. D. It allows credentials to be accepted from muliple methods including Kerberos.
D. It allows credentials to be accepted from multiple methods including Kerberos.
Job rotation is a cross-training technique where organizations minimize collusion amongst staff. A. True B. False
A. True
The Lightweight Directory Access Protocol or LDAP is an application protocol for querying and modifying directory services running over TCP/IP. A user needs to implement secure LDAP on the network. Which port number will secure LDAP use by default? A. 53 B. 389 C. 443 D. 636
D 636
An end-to-end traffic performance guarantee made by a service provider to a customer is a: A. DRP B. BCP C. SLA D. VPN
C. SLA
The staff must be cross-trained in different functional areas in order to detect fraud. Which of the following is an example of this? A. Implicit deny B. Least privilege C. Separation of duties D. Job rotation
D. Job rotation
Which of the following improves security in a wireless system? A. IP spoofing B. MAC filtering C. SSID spoofing D. Closed network
B. MAC filtering
Which of the following is a list of discrete entries that are known to be benign? A. whitelist B. signature C. Blacklist D. ACL
A. Whitelist
IDS is short for Intrusion Detection Systems. Which option is the MOST basic form of IDS? A. Signature B. Statistical C. Anomaly D. Behavioral
A. Signature
Which description is correct concerning the process of comparing cryptographic hash functions of system executables configuration files and log files? A. File integrity auditing B. Stateful packet filtering C. Host based intrusion detection D. Network based intrusion detection
A. File integrity auditing
Which tool can best monitor changes to the approved system baseline? A. Enterprise antivirus software B. Enterprise performance monitoring software C. Enterprise key management software D. Enterprise resource planning software
B. Enterprise performance monitoring software
Audit log information can BEST be protected by: (SELECT TWO) A. using a VPN B. an IDS C. access controls that restrict usage D. recording to write-once media
C. Access controls that restrict usage D. recording to write-once media
John works as a network administrator for his company. He uses a tool to check SMTP DNS POP3 and ICMP packets on the network. This is an example of which of the following? A. A vulnerability scan B. A protocol analyzer C. A penetration test D. A port scanner
B. A protocol analyzer
Which of the following should be done if an audit recording fails in an information system? A. Log off the user B. Overwrite the oldest audit records C. Stop generating audit records D. Send an alert to the appropriate personnel
D. Send an alert to the approprate personnel
Which of the following steps is MOST often overlooked during the auditing process? A. Reviewing event logs regularly B. Enabling auditing on the system C. Auditing every system event D. Deciding what events to audit
A. Reviewing event logs regularly
What should be taken into consideration while exexcuting proper logging procedures? (SELECT TWO) A. The information that is needed to recontruct events B. The password requirements for user accounts C. The virtual memory allocated on the log server D. The amount of disk space required
A. The information that is needed to recontruct events D. The amount of disk space required
In computer programming DLL injection is a technique used to run code within the address space of another process by forcing it to load a dynamic-link library. Which activity is MOST closely associated with DLL injection? A. Penetration testing B. SQL servers C. Network mapping D. Vulnerability assessment
A. Penetration testing
Network utilization is the ratio of current network traffic to the maximum traffic that the port can handle. Which of the following can most effectively determine whether network utilization is abnormal? A. Application log B. Performance baseline C. Systems monitor D. Security log
B. Performance baseline
When an IDS is configured to match a specific traffic pattern then which of the following is this referring to? A. Signature-based B. Behavior-based C. Anomaly-based D. Heuristic-based
A. Signature-based
A system admin reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take? A. Notify management B. Determine the business impact C. Contact law enformcement officials D. Contain the problem
D. Contain the problem
After analyzing vulnerability and applying a security patch which non-intrusive action should be taken to verify that the vulnerability was truly removed? A. Update the antivirus definition file B. Apply a security patch from the vendor C. Repeat the vulnerability scan D. Perform a penetration test
C. Repeat the vulnerability test
Which NIDS configuration is based on specific netwrok traffic? A. Anomaly-based B. Host-based C. Behavior-based D. Signature-based
D. Signature-based
Which tool can help the technician to fine all open ports on the network? A. Router ACL B. Performance monitor C. Protocol analyzer D. Network scanner
D. Network scanner
Malicious port scanning is a method of attack to determine which of the following? A. Computer name B. The fingerprint of the operating system C. The physical cabling topology of a network D. User IDs and passwords
B. The fingerprint of the operating system
Network traffic is data in a network. Which tool can be used to review network traffic for clear text passwords? A. Port scanner B. Protocol analyzer C. Firewall D. Password cracker
B Protocol analyzer
Which of the following is not identified within the penetration testing scope of work? A. a complete list of all network vulnerabilities B. handling of information collected by the penetration testing team C. IP addresses of machines from which penetration testing will be exexcuted D. a list of acceptable testing techniques and tools to be utilized
A. a complete list of all network vulnerabilities
Choose the figure which represents the number of ports in the TCP/IP which are vulnerable to being scanned attacked and exploited. A. 32 ports B. 1024 ports C. 65535 ports D. 16777216 ports
C. 65535
After installing new software on a machine what needs to be updated to the baseline? A. Honeypot B. Signature-based NIPS C. Signature-based NIDS D. Behavior-based HIDS
D. Behavior-based HIDS
A network technician suspects that a piece of malware is consuming too many CPU cycles and slowing down a system. Which item can help determine the amount of CPU cycles being consumed? A. Install malware scanning software B. Run performance monitor to evaluate the CPU usage C. Use a protocol analyzer to find the cause of the traffic D. Install HIDS to determine the CPU usage
B. Run performance monitor to evaluate the CPU usage
Which of the following ports are typically used by email clients? (SELECT TWO) A. 3389 B. 194 C. 143 D. 110
C. 143 D. 110