CompTIA Security+ Module 4 Q & A
When implementing both identity federation and SSO capabilities, which of the following advantages are granted to the user? [choose two] -Easier password management -More secure access to multiple systems -A more complicated log in which is harder to breach -Allowing multiple services to be accessed with one logon
-Allowing multiple services to be accessed with one logon -Easier password management
Which of the following forms of NAC allows for a user's device to be authorized on the network as well as the user's credentials? 802.1x CAC FSS PIV
802.1x
When implementing a hardware token, which of the following types of passwords would be the most secure? A set password A HOTP An encrypted password A TOTP
A TOTP (Time-based One Time Password)
Which of the following packages contains a user's credentials that are presented to the end system in order to gain access while using Kerberos? A Certificate A Ticket Granting Ticket A Ticket A Key
A Ticket
Which two factors, when combined would NOT produce two factor authentication? [Choose two] A birthday A retina scan A username/password combo A smart card
A birthday & A username/password Combo
To prevent users from reusing old passwords, which of the following are the most important to implement in your security policy? [Choose two] Password age Minimum password age Password history Account lockout
Minimum password age & Password history
Your boss wants to fire a certain employee. Which of the following processes is important to remove assets from a network, so they cannot be exploited later? Onboarding Offboarding Sideboarding Outboarding
Offboarding
Which of the following authentication protocols just provides a basic form of authentication, where passwords are transmitted in clear-text? CHAP EAP NTLMv2 PAP
PAP (Password Authentication Protocol)
What type of account has complete control of the system, and is considered the most powerful user on a system or network? Privileged accounts User accounts Credentialed accounts Power-user accounts
Privileged accounts
Which of the following describes a device that will open a door using a card with a built in contactless circuit? Smart Card Reader Proximity Reader Fingerprint reader Token reader
Proximity Reader
Which of the following AAA servers would work best in a mixed vendor environment? TACACS RADIUS TACACS+ Kerberos
RADIUS (Remote Authentication Dial-In User Service)
In which of the following access control models, does the user's job primarily determine what access they have to various resources? MAC RBAC (Rules-based Access Control DAC RBAC (Role-based Access Control
RBAC (Role-based Access Control
Which of the following access control models is most likely utilized by ACLs in firewalls and routers? MAC RBAC (Rules-based Access Control) DAC RBAC (Role-based Access Control
RBAC (Rules-based Access Control)
Which of the following biometrics access systems has the lowest crossover error rate? Fingerprint scanner Facial recognition Retina scan Voice scan
Retina Scan
Which of the following SSO solutions can be used to exchange authentication information across numerous web based applications? Kerberos Facebook logins SAML RADIUS
SAML (Security Assertion Markup Language)
How can you set a password lockout policy to require a user to go to the administrator in order to unlock their account? Set lockout duration to zero Disable lockout duration Set lockout duration to eight years Set lockout duration to admin
Set lockout duration to zero
Which of the following types of card stores a user's credentialing a certificate that is stored on the card's chip? Smart Card Biometric Card Proximity Card Card Certificate card
Smart Card
Which of the following describes an authentication device that utilizes a temporary password that is installed on a smartphone, providing "something you have" authentication? Hardware Token HOTP Smart card Software Token
Software Token
Which of the following AAA system is Cisco proprietary and works best in a Cisco network? TACACS+ Kerberos RADIUS TACACS
TACACS+ (Terminal Access Controller Access-Control System Plus)
What type of control is least privilege? Administrative Control Technical Control Management Control Operational Control
Technical Control
Which of the following describes the concept that if company A trusts company B, and company B trust C, then company A much trust company C? Choose the best answer. Web of trust Hierarchical trust Transitive trust Sigle sign on
Transitive trust
Defense in depth is important so that if one security feature fails, like a password being stolen, there are other layers to prevent compromise, like also utilizing a hardware token. True or false?
True
OAuth is an open standard used to authenticate a user between two different services, utilizing a token in order to protect a user's password from the 3rd party service. True or False?
True
Time of day restrictions can not only prevent access from certain times of day, but also prevent access on certain days. For example, it can be used to prevent somebody from logging in at all on a Sunday. True or false?
True
When securing a files system, it is important to implement least privilege in order to only allow the necessary privileges to be given to a user. True of False?
True
Which of the following types of auditing will check where resources are being allotted and making sure they are being only accessed for their intended purpose? Choose the best answer. Permission auditing Security auditing Usage auditing Asset auditing
Usage auditing
Which of the following is not an example of, "Something you are"? -Fingerprint -Eye color -Facial recognition -Voice recognition
Eye color
Password complexity is more important than length when determining how hard a password is to crack. True or false?
False
Retina scans provide multi-factor authentications that has certain privacy concerns associated with it. This is because certain medical data can be gleamed from examining a person's retina. T/F
False
When implementing a hardware or software token, a more secure alternative to TOTP is HOTP. True or False?
False
LDAP (Lightweight Directory Access Protocol) is the only option when it comes to accessing an active or open directory. True or false?
False although LDAP is a set of protocols for accessing information directories such as Windows Active Directory or Open Directory
Multi-factor authentication's main benefit is that if one factor of authentication is lost or stolen, another form of authentication can be used to authenticate the user, instead of the stolen factor. T/F
Fasle
What is the name of the technology that allows a security policy to be applied to the network as a whole, and centralizes control of the network? Networked Password Policy Local Group Policy Global Policy Objects Group Policy Objects
Group Policy Objects
What type of account needs to be disabled in order to prevent it from being exploited by an attacker because of the easy to access nature of the account? System accounts Standard User accounts Privileged accounts Guest accounts
Guest accounts
Which of the following is most important when deciding what information is included in security logs? Choose the best answer. The types of logs Having enough relevant information Log retention Where logs will be stored
Having enough relative information
Which of the following sets is an example of three-factor authentication? -Retina scan, password, and username -Voice recognition, pin, and birthday -Birthday, password, and smart card -ID badge, password, and fingerprint reader
ID badge, passcode, and fingerprint reader
Which of the following access systems utilizes timestamped tickets in order to allow access to multiple systems on a network? RADIUS Kerberos TACACS OAuth
Kerberos
Which of the following types of access control models is concerned with sensitivity labels? MAC RBAC (Rules-based Access Control) DAC RBAC (Role-based Access Control
MAC (Mandatory Access Control)
Your boss wants to implement a type of operating system that is compatible with a certain type of access control model, allowing the operating system to logically separate data. Which of the following access control models can utilize this trusted operating system? MAC DAC Role-based access control Rule-based access control
MAC (Mandatory Access Control)
Which of the following access control models allows the owner of the data to decide who has control over that data? MAC RBAC (Rules-based Access Control DAC RBAC (Role-based Access Control
DAC (Discretionary Access Control)
