SEC+ Revision Questions Authentication Flashcards

1
Q

Before accessing computer systems, a government agency requires users to swipe a card through a keyboard-embedded card reader and then provide a PIN. What is this an example of?
A. Bi-factor authentication
B. Biometric authentication
C. Location-based authentication
D. Multifactor authentication

A

D. Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your traveling users require secure remote access to corporate database servers. What should you configure for them?
A. Modem
B. WLAN
C. VPN
D. Intranet

A

C. VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You are the network administrator for a national marketing firm. Employees have frequent lengthy telephone conference calls with colleagues from around the country. To reduce costs, you have been asked to recommend replacement telephony solutions. Which of the following might you suggest?
A. Modem
B. VoIP
C. Internet text chat
D. E-mail

A

B. VoIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You are an IT security consultant auditing a network. During your presentation of audit findings, one of your clients asks what can be used to prevent unauthorized LAN access. How do you answer the question?
A. NAC
B. Packet filtering firewall
C. PKI
D. SSL

A

A. NAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of server authenticates users prior to allowing network access?
A. File server
B. Active Directory
C. RADIUS
D. Domain controller

A

C. RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following are examples of RADIUS clients? (Choose two.)
A. VPN client
B. 802.1x-capable switch
C. Wireless router
D. Windows 7 OS
E. Linux OS

A

B. 802.1x-capable switch
&
C. Wireless router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are true regarding TACACS+? (Choose three.)
A. It is compatible with TACACS.
B. It is compatible with RADIUS.
C. It is a Cisco proprietary protocol.
D. It can be used as an alternative to RADIUS.
E. TACACS+ uses TCP.

A

C. It is a Cisco proprietary protocol.
&
D. It can be used as an alternative to RADIUS.
&
E. TACACS+ uses TCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are the network administrator for a UNIX network. You are planning your network security. A secure protocol must be chosen to authenticate all users logging in. Which is a valid authentication protocol choice?
A. TCP
B. Telnet
C. Kerberos
D. AES

A

C. Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A client asks you to evaluate the feasibility of a Linux client and server operating system environment. The primary concern is having a central database of user and computer accounts capable of secure authentication. What Linux options should you explore?
A. NFS
B. SSH
C. Samba
D. LDAP

A

D. LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You are configuring a Cisco network authentication appliance. During configuration, you are given a list of authentication choices. Which choice provides the best security and reliability?
A. RADIUS
B. TACACS
C. TACACS+
D. XTACACS

A

C. TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A user enters their logon name to gain network access. To which of the following terms would this example apply?
A. Identification
B. Authorization
C. Auditing
D. Authentication

A

A. Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A user enters a logon name and password to gain network access. Choose the best description to which this applies.
A. Single-factor authentication
B. Dual-factor authentication
C. Multifactor authentication
D. Quasifactor authentication

A

A. Single-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A corporation has invested heavily in the development of a much sought after product. To protect its investment, the company would like to ensure that only specific personnel can enter a research facility. Which of the following is considered the most secure?
A. Building access card
B. Voice scan
C. Fingerprint scanner
D. Retinal scanner

A

D. Retinal scanner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is considered three-factor authentication?
A. Building access card/voice recognition scan
B. Building access card/username/password
C. Username/password/smartcard
D. Username/password/smartcard/PIN

A

D. Username/password/smartcard/PIN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To log on to a secured system, a user must enter a username, password, and passcode. The passcode is generated from a tiny handheld device and displayed on a tiny screen. What type of device is this?
A. Smartcard
B. PKI certificate
C. Key fob
D. VPN

A

C. Key fob

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following prevents users from having to specify logon credentials when accessing multiple applications?
A. Single sign-on
B. Remember my password
C. Biometric authentication
D. Trusted OS

A

A. Single sign-on

17
Q

Which authentication protocol replaces RADIUS?
A. TACACS
B. TACACS+
C. XTACACS
D. Diameter

A

D. Diameter

18
Q

Which of the following best describes the CHAP protocol?
A. PKI certificates must be used on both ends of the connection.
B. 802.1x equipment forwards authentication requests to a RADIUS server.
C. Passwords are never sent over the network.
D. SSL is used to encrypt the session.

A

C. Passwords are never sent over the network.

19
Q

You are configuring a WPA2 wireless network connection on a company laptop. The company has implemented a PKI. Which WPA2 network authentication method would be the best choice?
A. MS-CHAP
B. Local computer certificate
C. WPA2 PSK
D. SSO

A

B. Local computer certificate

20
Q

Which of the following examples best illustrates authentication?
A. A user accesses a shared folder to which they have been granted permission.
B. A computer successfully identifies itself to a server prior to user logon.
C. A network contains two network links to a remote office in case one fails.
D. A network appliance encrypts all network traffic before transmitting it further.

A

B. A computer successfully identifies itself to a server prior to user logon.

21
Q

A technician is troubleshooting user access to an 802.1x wireless network called CORP. The same computer was previously given an IP address on the 10.17.7.0/24 network, but now for some reason it has an IP address on the 10.16.16.0/24 network. DHCP is functioning correctly on the network. The technician reports the machine was recently reimaged, and the image uses DHCP. What is the most likely cause of the problem?
A. The workstation has a static IP address on the 10.16.16.0/24 network.
B. The technician needs to issue the ipconfig /renew command.
C. The workstation time is incorrect.
D. The workstation needs to have its PKI certificate reinstalled.

A

D. The workstation needs to have its PKI certificate reinstalled.

22
Q

What type of security problem would Network Access Control best address?
A. Dictionary attack
B. ARP cache poisoning
C. WEP
D. SQL injection attack

A

B. ARP cache poisoning

23
Q

A company intranet consists of various internal web servers each using different authentication stores. What would allow users to use the same username and password for all internal web sites?
A. NAC
B. SSO
C. VPN
D. Smartcard

A

B. SSO

24
Q

While capturing network traffic, you notice clear-text credentials being transmitted. After investigating the TCP headers, you notice the destination port is 389. What type of authentication traffic is this?
A. EAP
B. EAP-TLS
C. LDAP
D. CHAP

A

C. LDAP

25
Q

You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?
A. LDAP
B. SSL
C. PKI
D. SAML

A

D. SAML

26
Q

As the network administrator, you are asked to configure a secure VPN solution that uses multifactor authentication. Which of the following solutions should you recommend? (Choose two.)
A. Key fob and password
B. Username and password
C. Fingerprint scanner
D. Smartcard and password

A

A. Key fob and password
&
D. Smartcard and password

27
Q

You have been hired by a university to recommend IT solutions. Currently, students and faculty use proximity cards to access buildings on campus after hours, and they have usernames and passwords to log on to lab computers. The university would like to use PKI information unique to each user to allow access to campus buildings and to log on to workstations in labs. What should you recommend?
A. Hardware token and password
B. Common access card
C. PKI private key
D. PKI certificate authority

A

B. Common access card

28
Q

Android-based smart phones have been distributed to traveling employees for use with Google online services. You deploy the Google Authenticator app to the smart phones to allow user authentication based on the time as well as a unique code generated by the server. What type of authentication is this?
A. Time-based one-time password
B. Network time protocol authentication
C. PAP
D. CHAP

A

A. Time-based one-time password

29
Q

Your router ACL is as follows:
ip access-group 55 out
access-list 55 permit host 199.126.129.8
access-list 55 permit host 199.126.129.9
A workstation, PC1, with an IP address of 199.126.129.10 attempts to access a remote network and is prevented from doing so. Which statement accurately describes this scenario?
A. PC1 was explicitly denied access to the remote network.
B. PC1 was implicitly denied access to the remote network.
C. PC1 was explicitly granted access to the remote network.
D. PC1 was implicitly granted access to the remote network.

A

B. PC1 was implicitly denied access to the remote network.

30
Q

Which of the following authentication methods is based on something you do?
A. Handwriting
B. Entering the PIN for a smartcard
C. Retinal scan
D. Presenting a personal identification verification card

A

A. Handwriting

31
Q

You are the Microsoft Active Directory administrator for an American government agency. The Active Directory domain in Los Angeles is configured to trust the Active Directory domain in Chicago, which in turn trusts the Active Directory domain in Orlando. Which term correctly describes the trust relationship between Los Angeles and Orlando?
A. Transitive trust
B. Wide area network trust
C. NTLM
D. NTLMv2

A

A. Transitive trust