Sample Test Questions Domain 5

Question 1

Most directories follow a hierarchical database format, based on the ___ standard and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory

Answer 1

X.500

Question 2

___ technology can allow users to maintain a single password across multiple systems by transparently synchronizing the password to other systems and applications

Answer 2

Password synchronization

Question 3

___ specifies the U.S. government standards for Personal Identity Verification (PIV), giving varying requirements of assurance

Answer 3

FIPS 201-2

Question 4

A ___ gathers information about all the users and resources within an enterprise and stores them in a central virtual container

Answer 4

virtual directory

Question 5

Providers of ___ allow their clients to have a form of SSO that works across various otherwise independent accounts for independent vendors. A common example is the ability to use a Google account to create a Facebook page

Answer 5

Identity as a Service (IDaaS)

Question 6

controls should be ___ so that users and intruders do not know enough to be able to disable or bypass them

Answer 6

transparent

Question 7

___ allows two or more organizations to share application security policies based upon their trust model

Answer 7

Extensible Access Control Markup Language (XACML)

Question 8

A ___ specifies the access rights a certain subject possesses pertaining to specific objects

Answer 8

capability table

Question 9

___ is a markup language that exchanges information about which users should get access to what resources and services

Answer 9

Service Provisioning Markup Language (SPML)

Question 10

___ are commonly used to detect software faults, such as a process ending abnormally or hanging

Answer 10

watchdog timers

Question 11

Neither TACACS+ nor RADIUS can carry out ___ functionality for devices that need to communicate over VoIP, mobile IP, or other similar types of protocols

Answer 11

authentication and authorization

Question 12

when you open an application, a network portal might package your request and your authentication data in Security Assertion Markup Language (SAML) format and encapsulate that data into a ___ message

Answer 12

Simple Object Access Protocol (SOAP)

Question 13

The ___ model looks at the shared resources that the different users of a system will use and tries to identify how information can be passed from a process working at a higher security clearance to a process working at a lower security clearance

Answer 13

Noninterference

Question 14

Examples of ___ attacks against smart cards are fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks. These types of attacks are used to uncover sensitive information about how a component works without trying to compromise any type of flaw or weakness, otherwise known as ___ attacks

Answer 14

side-channel; noninvasive

Question 15

pharming uses ___ to redirect victims to a fake website

Answer 15

DNS poisoning

Question 16

A common security issue with RFID is that ___. While encryption can be integrated as a countermeasure, it is not common because ___

Answer 16

the data can be captured as it moves from the tag to the reader and modified;
RFID is a technology that has low processing capabilities and encryption is very processor intensive

Question 17

___ is a common solution to credential and identity management

Answer 17

Kerberos

Question 18

Regardless of how well a biometric system can be tuned with respect to FAR, FRR, or CER, unless it can ___, it will become a costly bottleneck

Answer 18

process a sufficient throughput of individuals in actual deployment

Question 19

The correct sequence in the Kerberos is as follows: The user provides a username/password to the workstation, the workstation obtains a ___ from the ___, then subsequently obtains a service ticket from the ___, which it presents to the service

Answer 19

ticket granting ticket (TGT);
Key Distribution Center (KDC);
ticket granting server (TGS)

The user must first authenticate to the workstation with a username and password. These credentials are then forwarded by the workstation to the authentication service (AS) on the KDC, which then returns a TGT encrypted with the TGS’s secret key. Later, when a service is required, the TGT is presented back to the TGS that can authenticate it, and which then returns a service ticket encrypted with the service’s secret key. When the service ticket is presented to the service, mutual authentication can occur: the service knows the user must be authentic, because the user couldn’t have a valid service ticket without having authenticated to the KDC and TGS, and the user knows the service is authentic, because it can decrypt the service ticket.

Question 20

___ is an open standard for website-to-website authorization (not authentication). It is used to allow an account that a user is authenticated to on one site to access resources on another third-party site

Answer 20

OAuth

Question 21

___ supports three flows to supply an ID token: authorization code flow, implicit flow, and hybrid flow

Answer 21

OAuth