Topic 6: Authentication and access control

Question 1

Which of the access control models allows for the best real world approach?

A. RBAC

B. DAC

C. MAC

D. RB-RBAC

Answer 1

A. RBAC

Question 2

Which access control strategy involves workers being moved periodically around roles?

A. separation of duties

B. least privilege

C. job rotation

D. implicit deny

Answer 2

C. job rotation

Question 3

To gain access to your office you must show your identity badge and swipe a proximity card. This is an example of what?

A. access control strategy

B. single factor authentication

C. access control model

D. multi-factor authentication

Answer 3

D. multi-factor authentication

Question 4

Multiple access control strategies can be used concurrently.
Is this statement:

A. True

B. False

Answer 4

A. True

Question 5

Multiple access control models can be used concurrently within a system.
Is this statement:

A. True

B. False

Answer 5

B. False

Question 6

Which of the following is the verification of a person’s identity?

A. Authorization

B. Accountability

C. Authentication

D. Password

Answer 6

C. Authentication is the verification of a person’s identity. Authorization to specific resources cannot be accomplished without previous authentication of the user.

Question 7

Which of the following would fall into the category of “something a person is”?

A. Passwords

B. Passphrases

C. Fingerprints

D. Smart cards

Answer 7

C. Fingerprints are an example of something a person is. The process of measuring that characteristic is known as biometrics.

Question 8

Which of the following are good practices for tracking user identities? (Select the two best answers.)

A. Video cameras

B. Key card door access systems

C. Sign-in sheets

D. Security guards

Answer 8

A and B. Video cameras enable a person to view and visually identify users as they enter and traverse a building. Key card access systems can be configured to identify a person as well, as long as the right person is carrying the key card!

Question 9

What are two examples of common single sign-on authentication configurations? (Select the two best answers.)

A. Biometrics-based

B. Multifactor authentication

C. Kerberos-based

D. Smart card-based

Answer 9

C and D. Kerberos and smart card setups are common single sign-on configurations.

Question 10

Which of the following is an example of two-factor authentication?

A. L2TP and IPsec

B. Username and password

C. Thumbprint and key card

D. Client and server

Answer 10

C. Two-factor authentication (or dual-factor) means that two pieces of identity are needed prior to authentication. A thumbprint and key card would fall into this category. L2TP and IPsec are protocols used to connect through a VPN, which by default require only a username and password. Username and password is considered one-factor authentication. There is no client and server authentication model.

Question 11

What is the main purpose of a physical access log?

A. To enable authorized employee access

B. To show who exited the facility

C. To show who entered the facility

D. To prevent unauthorized employee access

Answer 11

C. A physical access log’s main purpose is to show who entered the facility and when. Different access control and authentication models will be used to permit or prevent employee access.

Question 12

Which of the following is not a common criteria when authenticating users?

A. Something you do

B. Something you are

C. Something you know

D. Something you like

Answer 12

D. Common criteria when authenticating users include something you do, something you are, something you know, something you have, and somewhere you are. A person’s likes and dislikes are not common criteria; although, they may be asked as secondary questions when logging in to a system.

Question 13

Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.)

A. Smart card

B. Certificate

C. USB flash drive

D. Username and password

Answer 13

A and C. Two of the authentication mechanisms that require something you physically possess include smart cards and USB flash drives. Key fobs and cardkeys would also be part of this category. Certificates are granted from a server and are stored on a computer as software. The username/password mechanism is a common authentication scheme, but it is something that you type and not something that you physically possess.

Question 14

Which of the following is the final step a user needs to take before that user can access domain resources?

A. Verification

B. Validation

C. Authorization

D. Authentication

Answer 14

C. Before a user can gain access to domain resources, the final step is to be authorized to those resources. Previously the user should have provided identification to be authenticated.

Question 15

To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this?

A. Biometrics

B. Domain logon

C. Multifactor

D. Single sign-on

Answer 15

C. Multifactor authentication means that the user must provide two different types of identification. The thumbprint is an example of biometrics. Username and password are examples of a domain logon. Single sign-on would only be one type of authentication that enables the user access to multiple resources.

Question 16

The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement?

A. Smart card and biometrics

B. Three-factor authentication

C. SSO

D. VPN

Answer 16

C. SSO (single sign-on) enables users to access multiple servers and multiple resources while entering their credentials only once. The type of authentication can vary but will generally be a username and password. Smart cards and biometrics is an example of two-factor authentication. VPN is short for virtual private network.

Question 17

Which of the following about authentication is false?

A. RADIUS is a client-server system that provides authentication, authorization, and accounting services.

B. PAP is insecure because usernames and passwords are sent as clear text.

C. MS-CHAPv2 is not capable of mutual authentication of the client and server.

D. CHAP is more secure than PAP because it encrypts usernames and passwords.

Answer 17

C. MS-CHAPv2 is capable of mutual authentication of the client and server. However, MS-CHAPv1 is not. That’s why it is important to use MS-CHAPv2. Mutual authentication is accomplished with Kerberos. All the other statements are true.

Question 18

What types of technologies are used by external motion detectors? (Select the two best answers.)

A. Infrared

B. RFID

C. Gamma rays

D. Ultrasonic

Answer 18

A and D. Motion detectors often use infrared technology; heat would set them off. They also use ultrasonic technology; sounds in higher spectrums that humans cannot hear would set these detectors off.

Question 19

In a secure environment, which authentication mechanism performs better?

A. RADIUS because it is a remote access authentication service.

B. RADIUS because it encrypts client-server passwords.

C. TACACS+ because it is a remote access authentication service.

D. TACACS+ because it encrypts client-server negotiation dialogues.

Answer 19

D. Unlike RADIUS, TACACS+ (Terminal Access Controller Access-Control System Plus) encrypts client-server negotiation dialogues. Both protocols are remote authentication protocols.