Quiz 12 Flashcards

Question 1

Q

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

ACE

DAC

entity

ACL

Question 2

Q

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

A) RADIUS

B) ICMP

C) FTP

D) Telnet

Question 3

Q

Authentication, authorization, and accounting are sometimes called AAA.
True
False

Question 4

Q

Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
True
False

Question 5

Q

Attribute-Based Access Control (ABAC) grants permissions by matching object labels with subject labels based on their respective levels.
True
False

Question 6

Q

Authorization is granting permission for admittance.
True
False

Question 7

Q

Rule-Based Access Control can be changed by users.
True
False

Question 8

Q

With the Discretionary Access Control (DAC) model, no object has an owner;the system has total control over that object.
True
False

Question 9

Q

Attribute-Based Access Control(ABAC) grants permissions by matching object labels with subject label based on their respective level.
True
False

Question 10

Q

Employee onboarding refers to the task associated with hiring a new employee.
True
False

Question 11

Q

Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
True
False

Question 12

Q

A Local Group Policy (LGP) has more options than a Group Policy.
True
False

Question 13

Q

With the Discretionary Access Control (DAC) model, no object has an owner; the system has total control over that object.
True
False

Question 14

Q

Employee onboarding refers to the tasks associated with hiring a new employee.
True
False

Question 15

Q

ACLs provide file system security for protecting files managed by the user.
True
False

Question 16

Q

What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?

A) intermediate proxy

B) remote proxy

C) RADIUS proxy

D) translation proxy

Answer

A

RADIUS proxy

Question 17

Q

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

A) accounting request

B) access request

C) verification request

D) authentication request

Answer

A

authentication request

Question 18

Q

Which of the following is a database stored on the network itself that contains information about users and network devices?

A) user permissions

B) network service

C) system registry

D) directory service

Answer

A

directory service

Question 19

Q

What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

A) IEEE 802.1a

B) IEEE 802.1x

C) LDAPS

D) TACACS

Answer

A

IEEE 802.1x

Question 20

Q

When using Role Based Access Control (RBAC), permissions are assigned to which of the following?

A) Roles

B) Groups

C) Labels

D) Users

Question 21

Q

Which access control model that uses access based on a user’s job function within an organization?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

Answer

A

Role Based Access Control

Question 22

Q

Which access control model is considered to be the least restrictive?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

Answer

A

Discretionary Access Control

Question 23

Q

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

Answer

A

Rule Based Access Control

Question 24

Q

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

Answer

A

Mandatory Access Control

Question 25

Q

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

A) TACACS

B) RADIUS

C) Kerberos

D) FTP

Question 26

Q

Select the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users.

A) TACACS

B) RADIUS

C) Kerberos

D) FTP

Question 27

Q

What framework is used for transporting authentication protocols instead of the authentication protocol itself?

A) CHAP

B) SAML

C) EAP

D) MS-CHAP

Question 28

Q

When LDAP traffic is made secure by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), what is this process called?

A) SAML

B) LDAPS

C) TACACS

D) SDML

Question 29

Q

What process periodically validates a user’s account, access control, and membership role or inclusion in a specific group?

A) recertification

B) revalidation

C) control audit

D) group auditing

Answer

A

recertification

Question 30

Q

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

Answer

A

Access control model

Question 31

Q

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?

Answer

A

Separation of duties

Question 32

Q

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Answer

A

Account expiration

Question 33

Q

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database’s information?

Answer

A

LDAP injection

Question 34

Q

Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.

Question 35

Q

Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?

Answer

A

group-based access control

Question 36

Q

Describe the two key elements of the MAC model.

Answer

A

Labels show the importance of the object
Subjects are assigned to a certain labels

Question 37

Q

Describe how Kerberos works.

Answer

A

This is when a user will try to access a network but the network service needs authentication. Thus a ticket will be delivered via Kerberos

Question 38

Q

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Question 39

Q

Which of the following is a simpler subset of Directory Access Protocol?

Answer

A

X.500 Lite

Question 40

Q

What policy is designed to ensure that all confidential or sensitive materials, either in paper form or electronic, are removed from a user’s workspace and secured when the items not in use or when employees leave their workspace?

Answer

A

clean desk

Question 41

Q

What is an entry in an ACL known as?
ACE
SQL
DACL
flag

Question 42

Q

Which major types of access involving system resources are controlled by ACLs? (Choose all that apply.)
system access
user access
remote access
application access

Answer

A

system access
user access
application access

Question 43

Q

When using Role-Based Access Control (RBAC), permissions are assigned to which of the following?
Roles
Labels
Groups
Users

Question 44

Q

The action that is taken by a subject over an object is called a(n):
control
access
authorization
operation

Answer

A

operation

Question 45

Q

Which access control model uses access based on a user’s job function within an organization?
Discretionary Access Control
Role-Based Access Control
Rule-Based Access Control
Mandatory Access Control

Answer

A

Role-Based Access Control

Question 46

Q

A user or a process functioning on behalf of the user that attempts to access an object is known as the:
subject
reference monitor
entity
label

Question 47

Q

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
DIB
LDAP
DIT
DAP

Question 48

Q

In a ____ attack, a person redirects or captures secure transmissions as they occur.

Answer

A

man in the middle

Question 49

Q

An NOS that contains a “back door”is an example of a risk associated with ____.

Answer

A

protocols and software

Question 50

Q

A router that is not configured to drop packets that match certain suspicious characteristics is an example of a risk associated with ____.

Answer

A

transmission and hardware

Question 51

Q

____ software searches a node for open ports.

Answer

A

Port scanner

Question 52

Q

____ protocols are the rules that computers follow to accomplish authentication.

Answer

A

Authentication

Question 53

Q

A ____ attack occurs when a hacker tries numerous possible character combinations to find the key that will decrypt encrypted data.

Answer

A

brute force

Question 54

Q

In general, information is ____________________ if it could be used by other parties to impair an organization’s functioning, decrease customers’ confidence, cause a financial loss, damage an organization’s status, or give a significant advantage to a competitor.

Answer

A

confidential

Question 55

Q

A(n) ____ is a password-protected and encrypted file that holds an individual’s identification information, including a public key.

Answer

A

digital certificate

Question 56

Q

A(n) ____________________ is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.

Answer

A

proxy service

Question 57

Q

A ____ attack occurs when an Internet chat user sends commands to a victim’s machine that cause the screen to fill with garbage characters and requires the victim to terminate their chat sessions.

Question 58

Q

____ is a public key encryption system that can verify the authenticity of an e-mail sender and encrypt e-mail data in transmission.

Question 59

Q

The combination of a public key and a private key is known as a ____.

Question 60

Q

In ____, both computers verify the credentials of the other.

Answer

A

mutual authentication

Question 61

Q

In ____ , a hacker forges name server records to falsify his host’s identity.

Answer

A

DNS spoofing

Question 62

Q

A ____ firewall is a router (or a computer installed with software that enables it to act as a router) that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination.

Answer

A

packet-filtering

Question 63

Q

____ is a method of encrypting TCP/IP transmissions.

Question 64

Q

____________________ is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm

Answer

A

Encryption

Answer 35

A

security policy

Answer 36

A

security audit

Answer 37

A

router’s

Answer 38

A

denial-of-service

Answer 39

A

concentrator

Answer 40

A

dictionary

Answer 41

A

authentication, authorization, and accounting

Brainscape's Knowledge GenomeTM

Quiz 12 Flashcards

Brainscape's Knowledge Genome^TM