Quiz 12 Flashcards

1
Q

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

ACE

DAC

entity

ACL

A

ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

A) RADIUS

B) ICMP

C) FTP

D) Telnet

A

RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authentication, authorization, and accounting are sometimes called AAA.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Attribute-Based Access Control (ABAC) grants permissions by matching object labels with subject labels based on their respective levels.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authorization is granting permission for admittance.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Rule-Based Access Control can be changed by users.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With the Discretionary Access Control (DAC) model, no object has an owner;the system has total control over that object.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Attribute-Based Access Control(ABAC) grants permissions by matching object labels with subject label based on their respective level.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Employee onboarding refers to the task associated with hiring a new employee.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A Local Group Policy (LGP) has more options than a Group Policy.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

With the Discretionary Access Control (DAC) model, no object has an owner; the system has total control over that object.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Employee onboarding refers to the tasks associated with hiring a new employee.
True
False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ACLs provide file system security for protecting files managed by the user.
True
False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?

A) intermediate proxy

B) remote proxy

C) RADIUS proxy

D) translation proxy

A

RADIUS proxy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

A) accounting request

B) access request

C) verification request

D) authentication request

A

authentication request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following is a database stored on the network itself that contains information about users and network devices?

A) user permissions

B) network service

C) system registry

D) directory service

A

directory service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

A) IEEE 802.1a

B) IEEE 802.1x

C) LDAPS

D) TACACS

A

IEEE 802.1x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When using Role Based Access Control (RBAC), permissions are assigned to which of the following?

A) Roles

B) Groups

C) Labels

D) Users

A

Roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which access control model that uses access based on a user’s job function within an organization?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

A

Role Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which access control model is considered to be the least restrictive?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

A

Rule Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

A) Role Based Access Control

B) Rule Based Access Control

C) Discretionary Access Control

D) Mandatory Access Control

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server? A) TACACS B) RADIUS C) Kerberos D) FTP
TACACS
26
Select the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users. A) TACACS B) RADIUS C) Kerberos D) FTP
Kerberos
27
What framework is used for transporting authentication protocols instead of the authentication protocol itself? A) CHAP B) SAML C) EAP D) MS-CHAP
EAP
28
When LDAP traffic is made secure by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS), what is this process called? A) SAML B) LDAPS C) TACACS D) SDML
LDAPS
29
What process periodically validates a user's account, access control, and membership role or inclusion in a specific group? A) recertification B) revalidation C) control audit D) group auditing
recertification
30
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
Access control model
31
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?
Separation of duties
32
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
Account expiration
33
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
LDAP injection
34
Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.
SAML
35
Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?
group-based access control
36
Describe the two key elements of the MAC model.
1. Labels show the importance of the object 2. Subjects are assigned to a certain labels
37
Describe how Kerberos works.
This is when a user will try to access a network but the network service needs authentication. Thus a ticket will be delivered via Kerberos
38
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
orphaned
39
Which of the following is a simpler subset of Directory Access Protocol?
X.500 Lite
40
What policy is designed to ensure that all confidential or sensitive materials, either in paper form or electronic, are removed from a user's workspace and secured when the items not in use or when employees leave their workspace?
clean desk
41
What is an entry in an ACL known as? ACE SQL DACL flag
ACE
42
Which major types of access involving system resources are controlled by ACLs? (Choose all that apply.) system access user access remote access application access
system access user access application access
43
When using Role-Based Access Control (RBAC), permissions are assigned to which of the following? Roles Labels Groups Users
Roles
44
The action that is taken by a subject over an object is called a(n): control access authorization operation
operation
45
Which access control model uses access based on a user's job function within an organization? Discretionary Access Control Role-Based Access Control Rule-Based Access Control Mandatory Access Control
Role-Based Access Control
46
A user or a process functioning on behalf of the user that attempts to access an object is known as the: subject reference monitor entity label
subject
47
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options? DIB LDAP DIT DAP
DAP
48
In a ____ attack, a person redirects or captures secure transmissions as they occur.
man in the middle
49
An NOS that contains a "back door"is an example of a risk associated with ____.
protocols and software
50
A router that is not configured to drop packets that match certain suspicious characteristics is an example of a risk associated with ____.
transmission and hardware
51
____ software searches a node for open ports.
Port scanner
52
____ protocols are the rules that computers follow to accomplish authentication.
Authentication
53
A ____ attack occurs when a hacker tries numerous possible character combinations to find the key that will decrypt encrypted data.
brute force
54
In general, information is ____________________ if it could be used by other parties to impair an organization's functioning, decrease customers' confidence, cause a financial loss, damage an organization's status, or give a significant advantage to a competitor.
confidential
55
A(n) ____ is a password-protected and encrypted file that holds an individual's identification information, including a public key.
digital certificate
56
A(n) ____________________ is a software application on a network host that acts as an intermediary between the external and internal networks, screening all incoming and outgoing traffic.
proxy service
57
A ____ attack occurs when an Internet chat user sends commands to a victim's machine that cause the screen to fill with garbage characters and requires the victim to terminate their chat sessions.
flashing
58
____ is a public key encryption system that can verify the authenticity of an e-mail sender and encrypt e-mail data in transmission.
PGP
59
The combination of a public key and a private key is known as a ____.
key pair
60
In ____, both computers verify the credentials of the other.
mutual authentication
61
In ____ , a hacker forges name server records to falsify his host's identity.
DNS spoofing
62
A ____ firewall is a router (or a computer installed with software that enables it to act as a router) that examines the header of every packet of data it receives to determine whether that type of packet is authorized to continue to its destination.
packet-filtering
63
____ is a method of encrypting TCP/IP transmissions.
SSL
64
____________________ is the use of an algorithm to scramble data into a format that can be read only by reversing the algorithm
Encryption
65
A(n) ____________________ identifies an organization's security risks, levels of authority, designated security coordinator and team members, responsibilities for each team member, and responsibilities for each employee.
security policy
66
The use of certificate authorities to associate public keys with certain users is known as ____.
PKI
67
A(n) ____________________ is a thorough examination of each aspect of the network to determine how it might be compromised.
security audit
68
A ____ main function is to examine packets and determine where to direct them based on their Network layer addressing information.
router's
69
A ____ attack occurs when a system becomes unable to function because it has been deluged with data transmissions or otherwise disrupted.
denial-of-service
70
A VPN ____ authenticates VPN clients and establishes tunnels for VPN connections.
concentrator
71
A ____ attack occurs when a hacker uses programs that try a combination of a user ID and every word in a dictionary to gain access to the network.
dictionary
72
____ is a social engineering practice in which a person attempts to glean access or authentication information by posing as someone who needs that information.
Phishing
73
RADIUS and TACACS belong to a category of protocols known as AAA (____).
authentication, authorization, and accounting