Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security Knowledge Bank > SEC+ Revision Questions Access Control > Flashcards

SEC+ Revision Questions Access Control Flashcards

1
Q

A network administrator must grant the appropriate network permissions to a new employee. Which of the following is the best strategy?
A. Give the new employee user account the necessary rights and permissions.
B. Add the new employee user account to a group. Ensure the group has the necessary rights and permissions.
C. Give the new employee administrative rights to the network.
D. Ask the new employee what network rights they would like.

A

B. Add the new employee user account to a group. Ensure the group has the necessary rights and permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In securing your network, you enforce complex user passwords. Users express concern about forgetting their passwords. What should you configure to allay those concerns?
A. Password expiration
B. Periodic password change
C. Password hints
D. Maximum password length

A

C. Password hints

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

To quickly give a contractor network access, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?
A. Separation of duties
B. Least privilege
C. Job rotation
D. Account lockout

A

B. Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

James is the branch network administrator for ABC, Inc. Recently the company headquarters requested a network security audit, so James performed an audit himself using freely available Linux tools. What is the problem with James’ actions?
A. ABC, Inc., should have sent a network administrator from headquarters to perform the audit.
B. The chief security officer should have conducted the audit.
C. Freely available tools are not reliable and should not have been used.
D. A third party should have been hired to conduct the audit.

A

D. A third party should have been hired to conduct the audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A secure computing environment labels data with various security classifications. Authenticated users must have clearance to read this classified data. What type of access control model is this?
A. Mandatory access control
B. Discretionary access control
C. Role-based access control
D. Time-of-day access control

A

A. Mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To ease giving access to network resources for employees, you decide there must be an easier way than granting users individual access to files, printers, computers, and applications. What security model should you consider using?
A. Mandatory access control
B. Discretionary access control
C. Role-based access control
D. Time-of-day access control

A

C. Role-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Linda creates a folder called Budget Projections in her home account and shares it with colleagues in her department. Which of the following best describes this type of access control system?
A. Mandatory access control
B. Discretionary access control
C. Role-based access control
D. Time-of-day access control

A

B. Discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You require that users not be logged on to the network after 6 P.M. while you analyze network traffic during nonbusiness hours. What should you do?
A. Unplug their stations from the network.
B. Tell users to press CTRL-ALT-DEL to lock their stations.
C. Configure time-of-day restrictions to ensure nobody can be logged in after 6 P.M.
D. Disable user accounts at 6 P.M.

A

C. Configure time-of-day restrictions to ensure nobody can be logged in after 6 P.M.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

One of your users, Matthias, is taking a three-month sabbatical because of a medical condition, after which he will return to work. What should you do with Matthias’ user account?
A. Delete the account and re-create it when he returns.
B. Disable the account and enable it when he returns.
C. Export his account properties to a text file for later import and then delete it.
D. Ensure you have a backup of his account details and delete his account.

A

B. Disable the account and enable it when he returns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

During an IT security meeting, the topic of account lockout surfaces. When you suggest all user accounts be locked for 30 minutes after three incorrect logon attempts, your colleague Phil states this is a serious problem when applied to administrative accounts. What types of issues might Phil be referring to?
A. Dictionary attacks could break into administrative accounts.
B. Administrative accounts are much sought after by attackers.
C. Administrative accounts are placed into administrative groups.
D. DoS attacks could render administrative accounts unusable.

A

D. DoS attacks could render administrative accounts unusable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your VPN appliance is configured to disallow user authentication unless the user or group is listed as allowed. Regarding blocked users, what best describes this configuration?
A. Implicit allow
B. Implicit deny
C. Explicit allow
D. Explicit deny

A

B. Implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Margaret is the head of Human Resources for Emrom, Inc. An employee does not want to use his annual vacation allotment, but Margaret insists it is mandatory. What IT benefit is derived from mandatory vacations?
A. Irregularities in job duties can be noticed when another employee fills that role.
B. Users feel recharged after time off.
C. Emrom, Inc., will not be guilty of labor violations.
D. There is less security risk when fewer users are on the network.

A

A. Irregularities in job duties can be noticed when another employee fills that role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of attack is mitigated by strong, complex passwords?
A. DoS
B. Dictionary
C. Brute force
D. DNS poisoning

A

B. Dictionary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A government contract requires your computers to adhere to mandatory access control methods and multilevel security. What should you do to remain compliant with this contract?
A. Patch your current operating system.
B. Purchase new network hardware.
C. Use a trusted OS.
D. Purchase network encryption devices.

A

C. Use a trusted OS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which term is best defined as an object’s list of users, groups, processes, and their permissions?
A. ACE
B. ACL
C. Active Directory
D. Access log

A

B. ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Users complain that they must remember passwords for a multitude of user accounts to access software required for their jobs. How can this be solved?
A. SSO
B. ACL
C. PKI
D. Password complexity

A

A. SSO

17
Q

What security model uses data classifications and security clearances?
A. RBAC
B. DAC
C. PKI
D. MAC

A

D. MAC

18
Q

A network router has the following ACL:
ip access-group 101 in
access-list 101 permit tcp any any eq 20 access-list 101 permit tcp any any eq 21 access-list 101 permit tcp any any eq 3389
Choose the correct description of the ACL configuration.
A. SMTP, SNMP, and RDP are explicitly allowed; all else is implicitly denied.
B. SMTP, SNMP, and RDP are implicitly allowed; all else is explicitly denied.
C. FTP and RDP are explicitly allowed; all else is implicitly denied.
D. FTP and RDP are implicitly allowed; all else is explicitly denied.

A

C. FTP and RDP are explicitly allowed; all else is implicitly denied.

19
Q

Which of the following is an example of physical access control?
A. Encrypting the USB flash drive
B. Disabling USB ports on a computer
C. Using cable locks to secure laptops
D. Limiting who can back up sensitive data

A

C. Using cable locks to secure laptops

20
Q

A technician notices unauthorized computers accessing the local area network. What solution should the technician consider?
A. Stronger passwords
B. Network encryption
C. VPN
D. NAC

A

D. NAC

21
Q

A network administrator, Justin, must grant various departments read access to the Corp Policies folder and grant other departments read and write access to the CurrentProjects folder. What strategy should Justin employ?
A. Add all departmental users to the shared folder ACLs with the appropriate permissions.
B. Create one group, add members, and add the group to the folder ACLs with the appropriate permissions.
C. Create a Users group and an Administrators group with the correct members. Add the groups to the folder ACLs with the appropriate permissions.
D. Create a group for each department and add members to the groups. Add the groups to the folder ACLs with the appropriate permissions.

A

D. Create a group for each department and add members to the groups. Add the groups to the folder ACLs with the appropriate permissions.

22
Q

What provides secure access to corporate data in accordance with management policies?
A. SSL
B. Technical controls
C. Integrity
D. Administrative controls

A

B. Technical controls

23
Q

Which of the following are considered administrative controls? (Choose two.)
A. Personnel hiring policy
B. VPN policy
C. Disk encryption policy
D. Separation of duties

A

A. Personnel hiring policy
&
D. Separation of duties

24
Q

What is the difference between security clearances and classification labels? (Choose two.)
A. There is no difference.
B. Classification labels identify data sensitivity.
C. Security clearances identify data sensitivity.
D. Security clearances are compared with classification labels.

A

B. Classification labels identify data sensitivity.
&
D. Security clearances are compared with classification labels.

25
Q

Complex passwords are considered which type of security control?
A. Management
B. Technical
C. Physical
D. Operational

A

B. Technical

26
Q

A legitimate e-mail message ends up being flagged as spam. Which term best describes this situation?
A. False positive
B. True negative
C. False negative
D. True positive

A

A. False positive

27
Q

Traveling employees are given a cable lock and told to lock down their laptops when stepping away from the device. To which class of security control does this apply?
A. Deterrent
B. Preventative
C. Detective
D. Compensating

A

B. Preventative

28
Q

Which type of access control type does a router use to allow or deny network traffic?
A. Role-based access control
B. Mandatory access control
C. Discretionary access control
D. Rule-based access control

A

D. Rule-based access control

29
Q

As a server administrator, you configure security settings such that complex passwords at least eight characters long must be used by all user accounts. What type of management practice
is this?
A. Expiration
B. Recovery
C. Credential
D. Disablement

A

C. Credential

30
Q

You are a security auditing professional. After evaluating Linux server usage, you determine that members of the IT administrative team regularly log in to Linux servers using the root account while performing regular computer tasks. Which recommendations should you make based on your findings? (Choose three.)
A. Do not allow multiple users to use generic credentials.
B. Conduct periodical user access reviews.
C. Monitor Linux server use continuously.
D. Encrypt all files on Linux servers.

A

A. Do not allow multiple users to use generic credentials.
&
B. Conduct periodical user access reviews.
&
C. Monitor Linux server use continuously.

Security Knowledge Bank (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions