Quiz 12 Flashcards
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
ACE
DAC
entity
ACL
ACL
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
A) RADIUS
B) ICMP
C) FTP
D) Telnet
RADIUS
Authentication, authorization, and accounting are sometimes called AAA.
True
False
True
Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
True
False
True
Attribute-Based Access Control (ABAC) grants permissions by matching object labels with subject labels based on their respective levels.
True
False
False
Authorization is granting permission for admittance.
True
False
True
Rule-Based Access Control can be changed by users.
True
False
True
With the Discretionary Access Control (DAC) model, no object has an owner;the system has total control over that object.
True
False
False
Attribute-Based Access Control(ABAC) grants permissions by matching object labels with subject label based on their respective level.
True
False
False
Employee onboarding refers to the task associated with hiring a new employee.
True
False
True
Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
True
False
True
A Local Group Policy (LGP) has more options than a Group Policy.
True
False
False
With the Discretionary Access Control (DAC) model, no object has an owner; the system has total control over that object.
True
False
False
Employee onboarding refers to the tasks associated with hiring a new employee.
True
False
True
ACLs provide file system security for protecting files managed by the user.
True
False
False
What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?
A) intermediate proxy
B) remote proxy
C) RADIUS proxy
D) translation proxy
RADIUS proxy
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
A) accounting request
B) access request
C) verification request
D) authentication request
authentication request
Which of the following is a database stored on the network itself that contains information about users and network devices?
A) user permissions
B) network service
C) system registry
D) directory service
directory service
What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?
A) IEEE 802.1a
B) IEEE 802.1x
C) LDAPS
D) TACACS
IEEE 802.1x
When using Role Based Access Control (RBAC), permissions are assigned to which of the following?
A) Roles
B) Groups
C) Labels
D) Users
Roles
Which access control model that uses access based on a user’s job function within an organization?
A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Role Based Access Control
Which access control model is considered to be the least restrictive?
A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Discretionary Access Control
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Rule Based Access Control
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Mandatory Access Control
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
A) TACACS
B) RADIUS
C) Kerberos
D) FTP
TACACS
Select the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users.
A) TACACS
B) RADIUS
C) Kerberos
D) FTP
Kerberos
What framework is used for transporting authentication protocols instead of the authentication protocol itself?
A) CHAP
B) SAML
C) EAP
D) MS-CHAP
EAP
When LDAP traffic is made secure by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), what is this process called?
A) SAML
B) LDAPS
C) TACACS
D) SDML
LDAPS
What process periodically validates a user’s account, access control, and membership role or inclusion in a specific group?
A) recertification
B) revalidation
C) control audit
D) group auditing
recertification
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
Access control model
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?
Separation of duties
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
Account expiration
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database’s information?
LDAP injection
Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.
SAML
Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?
group-based access control
Describe the two key elements of the MAC model.
- Labels show the importance of the object
- Subjects are assigned to a certain labels
Describe how Kerberos works.
This is when a user will try to access a network but the network service needs authentication. Thus a ticket will be delivered via Kerberos
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
orphaned
Which of the following is a simpler subset of Directory Access Protocol?
X.500 Lite
What policy is designed to ensure that all confidential or sensitive materials, either in paper form or electronic, are removed from a user’s workspace and secured when the items not in use or when employees leave their workspace?
clean desk
What is an entry in an ACL known as?
ACE
SQL
DACL
flag
ACE
Which major types of access involving system resources are controlled by ACLs? (Choose all that apply.)
system access
user access
remote access
application access
system access
user access
application access
When using Role-Based Access Control (RBAC), permissions are assigned to which of the following?
Roles
Labels
Groups
Users
Roles
The action that is taken by a subject over an object is called a(n):
control
access
authorization
operation
operation
Which access control model uses access based on a user’s job function within an organization?
Discretionary Access Control
Role-Based Access Control
Rule-Based Access Control
Mandatory Access Control
Role-Based Access Control
A user or a process functioning on behalf of the user that attempts to access an object is known as the:
subject
reference monitor
entity
label
subject
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
DIB
LDAP
DIT
DAP
DAP
In a ____ attack, a person redirects or captures secure transmissions as they occur.
man in the middle
An NOS that contains a “back door”is an example of a risk associated with ____.
protocols and software
A router that is not configured to drop packets that match certain suspicious characteristics is an example of a risk associated with ____.
transmission and hardware
____ software searches a node for open ports.
Port scanner
____ protocols are the rules that computers follow to accomplish authentication.
Authentication
A ____ attack occurs when a hacker tries numerous possible character combinations to find the key that will decrypt encrypted data.
brute force
In general, information is ____________________ if it could be used by other parties to impair an organization’s functioning, decrease customers’ confidence, cause a financial loss, damage an organization’s status, or give a significant advantage to a competitor.
confidential
A(n) ____ is a password-protected and encrypted file that holds an individual’s identification information, including a public key.
digital certificate
A(n) ____________________ is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
proxy service
A ____ attack occurs when an Internet chat user sends commands to a victim’s machine that cause the screen to fill with garbage characters and requires the victim to terminate their chat sessions.
flashing
____ is a public key encryption system that can verify the authenticity of an e-mail sender and encrypt e-mail data in transmission.
PGP
The combination of a public key and a private key is known as a ____.
key pair
In ____, both computers verify the credentials of the other.
mutual authentication
In ____ , a hacker forges name server records to falsify his host’s identity.
DNS spoofing
A ____ firewall is a router (or a computer installed with software that enables it to act as a router) that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination.
packet-filtering
____ is a method of encrypting TCP/IP transmissions.
SSL
____________________ is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm
Encryption
A(n) ____________________ identifies an organization’s security risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.
security policy
The use of certificate authorities to associate public keys with certain users is known as ____.
PKI
A(n) ____________________ is a thorough examination of each aspect of the network to determine how it might be compromised.
security audit
A ____ main function is to examine packets and determine where to direct them based on their Network layer addressing information.
router’s
A ____ attack occurs when a system becomes unable to function because it has been deluged with data transmissions or otherwise disrupted.
denial-of-service
A VPN ____ authenticates VPN clients and establishes tunnels for VPN connections.
concentrator
A ____ attack occurs when a hacker uses programs that try a combination of a user ID and every word in a dictionary to gain access to the network.
dictionary
____ is a social engineering practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
Phishing
RADIUS and TACACS belong to a category of protocols known as AAA (____).
authentication, authorization, and accounting
