SEC+ Revision Questions Authentication

Question 1

Before accessing computer systems, a government agency requires users to swipe a card through a keyboard-embedded card reader and then provide a PIN. What is this an example of?
A. Bi-factor authentication
B. Biometric authentication
C. Location-based authentication
D. Multifactor authentication

Answer 1

D. Multifactor authentication

Question 2

Your traveling users require secure remote access to corporate database servers. What should you configure for them?
A. Modem
B. WLAN
C. VPN
D. Intranet

Answer 2

C. VPN

Question 3

You are the network administrator for a national marketing firm. Employees have frequent lengthy telephone conference calls with colleagues from around the country. To reduce costs, you have been asked to recommend replacement telephony solutions. Which of the following might you suggest?
A. Modem
B. VoIP
C. Internet text chat
D. E-mail

Answer 3

B. VoIP

Question 4

You are an IT security consultant auditing a network. During your presentation of audit findings, one of your clients asks what can be used to prevent unauthorized LAN access. How do you answer the question?
A. NAC
B. Packet filtering firewall
C. PKI
D. SSL

Answer 4

A. NAC

Question 5

What type of server authenticates users prior to allowing network access?
A. File server
B. Active Directory
C. RADIUS
D. Domain controller

Answer 5

C. RADIUS

Question 6

Which of the following are examples of RADIUS clients? (Choose two.)
A. VPN client
B. 802.1x-capable switch
C. Wireless router
D. Windows 7 OS
E. Linux OS

Answer 6

B. 802.1x-capable switch
&
C. Wireless router

Question 7

Which of the following are true regarding TACACS+? (Choose three.)
A. It is compatible with TACACS.
B. It is compatible with RADIUS.
C. It is a Cisco proprietary protocol.
D. It can be used as an alternative to RADIUS.
E. TACACS+ uses TCP.

Answer 7

C. It is a Cisco proprietary protocol.
&
D. It can be used as an alternative to RADIUS.
&
E. TACACS+ uses TCP.

Question 8

You are the network administrator for a UNIX network. You are planning your network security. A secure protocol must be chosen to authenticate all users logging in. Which is a valid authentication protocol choice?
A. TCP
B. Telnet
C. Kerberos
D. AES

Answer 8

C. Kerberos

Question 9

A client asks you to evaluate the feasibility of a Linux client and server operating system environment. The primary concern is having a central database of user and computer accounts capable of secure authentication. What Linux options should you explore?
A. NFS
B. SSH
C. Samba
D. LDAP

Answer 9

D. LDAP

Question 10

You are configuring a Cisco network authentication appliance. During configuration, you are given a list of authentication choices. Which choice provides the best security and reliability?
A. RADIUS
B. TACACS
C. TACACS+
D. XTACACS

Answer 10

C. TACACS+

Question 11

A user enters their logon name to gain network access. To which of the following terms would this example apply?
A. Identification
B. Authorization
C. Auditing
D. Authentication

Answer 11

A. Identification

Question 12

A user enters a logon name and password to gain network access. Choose the best description to which this applies.
A. Single-factor authentication
B. Dual-factor authentication
C. Multifactor authentication
D. Quasifactor authentication

Answer 12

A. Single-factor authentication

Question 13

A corporation has invested heavily in the development of a much sought after product. To protect its investment, the company would like to ensure that only specific personnel can enter a research facility. Which of the following is considered the most secure?
A. Building access card
B. Voice scan
C. Fingerprint scanner
D. Retinal scanner

Answer 13

D. Retinal scanner

Question 14

Which of the following is considered three-factor authentication?
A. Building access card/voice recognition scan
B. Building access card/username/password
C. Username/password/smartcard
D. Username/password/smartcard/PIN

Answer 14

D. Username/password/smartcard/PIN

Question 15

To log on to a secured system, a user must enter a username, password, and passcode. The passcode is generated from a tiny handheld device and displayed on a tiny screen. What type of device is this?
A. Smartcard
B. PKI certificate
C. Key fob
D. VPN

Answer 15

C. Key fob

Question 16

Which of the following prevents users from having to specify logon credentials when accessing multiple applications?
A. Single sign-on
B. Remember my password
C. Biometric authentication
D. Trusted OS

Answer 16

A. Single sign-on

Question 17

Which authentication protocol replaces RADIUS?
A. TACACS
B. TACACS+
C. XTACACS
D. Diameter

Answer 17

D. Diameter

Question 18

Which of the following best describes the CHAP protocol?
A. PKI certificates must be used on both ends of the connection.
B. 802.1x equipment forwards authentication requests to a RADIUS server.
C. Passwords are never sent over the network.
D. SSL is used to encrypt the session.

Answer 18

C. Passwords are never sent over the network.

Question 19

You are configuring a WPA2 wireless network connection on a company laptop. The company has implemented a PKI. Which WPA2 network authentication method would be the best choice?
A. MS-CHAP
B. Local computer certificate
C. WPA2 PSK
D. SSO

Answer 19

B. Local computer certificate

Question 20

Which of the following examples best illustrates authentication?
A. A user accesses a shared folder to which they have been granted permission.
B. A computer successfully identifies itself to a server prior to user logon.
C. A network contains two network links to a remote office in case one fails.
D. A network appliance encrypts all network traffic before transmitting it further.

Answer 20

B. A computer successfully identifies itself to a server prior to user logon.

Question 21

A technician is troubleshooting user access to an 802.1x wireless network called CORP. The same computer was previously given an IP address on the 10.17.7.0/24 network, but now for some reason it has an IP address on the 10.16.16.0/24 network. DHCP is functioning correctly on the network. The technician reports the machine was recently reimaged, and the image uses DHCP. What is the most likely cause of the problem?
A. The workstation has a static IP address on the 10.16.16.0/24 network.
B. The technician needs to issue the ipconfig /renew command.
C. The workstation time is incorrect.
D. The workstation needs to have its PKI certificate reinstalled.

Answer 21

D. The workstation needs to have its PKI certificate reinstalled.

Question 22

What type of security problem would Network Access Control best address?
A. Dictionary attack
B. ARP cache poisoning
C. WEP
D. SQL injection attack

Answer 22

B. ARP cache poisoning

Question 23

A company intranet consists of various internal web servers each using different authentication stores. What would allow users to use the same username and password for all internal web sites?
A. NAC
B. SSO
C. VPN
D. Smartcard

Answer 23

B. SSO

Question 24

While capturing network traffic, you notice clear-text credentials being transmitted. After investigating the TCP headers, you notice the destination port is 389. What type of authentication traffic is this?
A. EAP
B. EAP-TLS
C. LDAP
D. CHAP

Answer 24

C. LDAP

Question 25

You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?
A. LDAP
B. SSL
C. PKI
D. SAML

Answer 25

D. SAML

Question 26

As the network administrator, you are asked to configure a secure VPN solution that uses multifactor authentication. Which of the following solutions should you recommend? (Choose two.)
A. Key fob and password
B. Username and password
C. Fingerprint scanner
D. Smartcard and password

Answer 26

A. Key fob and password
&
D. Smartcard and password

Question 27

You have been hired by a university to recommend IT solutions. Currently, students and faculty use proximity cards to access buildings on campus after hours, and they have usernames and passwords to log on to lab computers. The university would like to use PKI information unique to each user to allow access to campus buildings and to log on to workstations in labs. What should you recommend?
A. Hardware token and password
B. Common access card
C. PKI private key
D. PKI certificate authority

Answer 27

B. Common access card

Question 28

Android-based smart phones have been distributed to traveling employees for use with Google online services. You deploy the Google Authenticator app to the smart phones to allow user authentication based on the time as well as a unique code generated by the server. What type of authentication is this?
A. Time-based one-time password
B. Network time protocol authentication
C. PAP
D. CHAP

Answer 28

A. Time-based one-time password

Question 29

Your router ACL is as follows:
ip access-group 55 out
access-list 55 permit host 199.126.129.8
access-list 55 permit host 199.126.129.9
A workstation, PC1, with an IP address of 199.126.129.10 attempts to access a remote network and is prevented from doing so. Which statement accurately describes this scenario?
A. PC1 was explicitly denied access to the remote network.
B. PC1 was implicitly denied access to the remote network.
C. PC1 was explicitly granted access to the remote network.
D. PC1 was implicitly granted access to the remote network.

Answer 29

B. PC1 was implicitly denied access to the remote network.

Question 30

Which of the following authentication methods is based on something you do?
A. Handwriting
B. Entering the PIN for a smartcard
C. Retinal scan
D. Presenting a personal identification verification card

Answer 30

A. Handwriting

Question 31

You are the Microsoft Active Directory administrator for an American government agency. The Active Directory domain in Los Angeles is configured to trust the Active Directory domain in Chicago, which in turn trusts the Active Directory domain in Orlando. Which term correctly describes the trust relationship between Los Angeles and Orlando?
A. Transitive trust
B. Wide area network trust
C. NTLM
D. NTLMv2

Answer 31

A. Transitive trust