TestOut ch 4
Have Marcus log off and log back in
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers Group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
1) Organizational unit, 2) Domain, 3) Forest, 4) Object 5) Tree
Match each Active Directory term on the left with its corresponding definition on the right: 1) Logical organization of resources, 2) Collection of network resources, 3) Collection of related domain trees, 4) Network resource in the directory, 5) Group of related domains
The point where the number of false positives matches the number of false negatives in a biometric system
Which of the following defines the crossover error rate for evaluation biometric systems?
Username
Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?
Permissions
Which of the following identifies the type of access that is allowed or denied for an object?
Encrypts the entire packet, not just authentication packets
Which of the following is a characteristic of TACACS+?
User rights
Which of the following is a privilege or action that can be taken on a system?
Router access control lists that allow or deny traffic based on the characteristics of an IP packet
Which of the following is an example of rule-based access control?
Password
Which of the following is the MOST common form of authentication?
LSDOU
Which of the following is the correct acronym to remember the order in which Group Policy Objects (GPOs) are applied?
SACL
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
Group
Which of the following objects identifies a set of users with similar access needs?
49
Which of the following ports are used with TACACS?
Need to know
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Transport Layer Security (TLS)
Which of the following protocols is primarily used for secure remote access to a network by creating an encrypted tunnel over the Internet?
1) Generic containers are used go organize Active Directory objects, 2) Generic contains are created by default
Which of the following statements correctly describe the characteristics of generic containers in Active Directory? (pick 2)
Access token
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
User ACL
Which security mechanism uses a unique list that meets the following specifications: *The list is embedded directly in the object itself *The list defines which subjects have access to certain objects *The list specifies the level or type of access allowed to certain objects
Gap analysis
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is processing the company's security posture to identify deficiencies from the framework's recommendations?
Simple Authentication and Security Layer (SASL)
An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access?
1) user del -r bsmith 2) user del bsmith;rm -rf /home/bsmith
An employee named Bob Smith, whose username is smith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the required outcome? (picked 2)
Discretionary access control (DAC)
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
Configure day/time restrictions in user accounts
You have hired ten new temporary employees to be with the company for 3 months. How can you make sure that these users can only log on during regular business hours?
Role-based access control (RBAC)
You have implanted an access control method that only allows users who are managers to access specific data?
Users cannot change the password for 10 days
You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration?
user mod -L joer
You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command canyon use to disable this account?
Photo ID and Smart Card
Which of the following are examples of something you have authentication controls? (Pick 2)
Authorization
What is the process of controlling access to resources such as computers, files, or printers called?
etc/login.defs
Using the groupadd -p command overrides the settings found in which file?
1) Read-only access, 2) Read/write access
Which of the following are the access levels that are generally granted on the directory in LDAP (pick 2)
-m 33
Which of the following chage option keeps a user from changing their password every 2 weeks?
usermod -g
Which of the following commands assigns a user to a primary group?
groupadd -p
Which of the following commands creates a new group and defines the group password?
groupadd sales
You are the administrator for a small company, and you need to add a standard new group of users to the system. The group's name is sales. Which command accomplishes this task?
Client-to-site VPN technology
A company is planning to implement a remote access architecture to allow its employees to work from home. The company has a central office where all its servers and applications are located. The employees need to access these resources securely from their home computers. Which remote access architecture would be the most suitable for this scenario?
OAuth
A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement?
Policy-driven access control
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies?
Virtual Private Network (VPN)
A global pharmaceutical company's IT team needs a secure solution for remote employees to access internal company resources from home. The solution must require user authentication, encapsulate, and encrypt all traffic between the user and the internal network, and establish a secure tunnel. Which solution should the team choose?
Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest
A large multinational corporation has multiple domains that share the same contiguous DNS namespaces, as well as domains with different DNS namespaces. The IT department is tasked with organizing these domains. Which of the following options best describes how the domains should be grouped?
Password-less authentication
A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts.... through verified email or via a push notification on a trusted device. Which authentication method is the team planning to implement? (not involve traditional passwords, fingerprint scans, or multiple validation steps)
Federation
A manufacturing company recently bought out another similar company. They need to link each company's directory systems together to access their resources without merging the two. How can they link the 2 directory systems together?
Remote Desktop Protocol (RDP)
A multinational corporation wants to enable its IT support team to provide remote assistance to employees across various locations. The support team needs to be able take control of the employees' computers to troubleshoot and resolve issues. The corporation primarily uses Windows-based systems. Which technology would be the MOST suitable for this purpose?
SAML
A real estate investment firm wants to implement single sign-on (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the eXtensible Markup Language (XML) standard. What solution does this vendor use for SSO?
Somewhere you are
After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication procedures (MFA). What MFA philosophy applies a location-based factor for authentication?
Host-to-host tunnel topology
A tech company is developing a new software product. The development team is distributed across different locations and needs to securely access and work on specific systems located in the company's main office. The team members need to establish secure communication channels between their individual devices and the specific systems in the office. Which remote access architecture would be the most suitable for this scenario?
Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest)
Group Policy Objects (GPOs) are applied in which of the following orders?
The TGS issues service tickets to clients for accessing specific services
In a Kerberos authentication system, how does the Ticket Granting Service (TGS) contributes to the single sign-on process?
Open Authorization (OAuth)
In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing use credentials across multiple platforms. ....uses single sign-on (SSO)....what technology should the organization employ for federation and enabling SSO capabilities...cloud-based applications?
!!
In the etc/shadow file, which character in the password field indicates that standard user account is locked?
Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader
John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks. Later, he uses the same card to log into his computer by inserting it into a card reader. Based on this information, is John using a contact or contactless smart card?
She is still a member of the Project management group, which has been denied permission to this system. Deny permissions always override Allow permissions
Lori, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?
1) Exploits vulnerabilities in a card's protocol or encryption methods, 2) Captures transmission data produced by a card as it is used, 3) Deliberately induces malfunctions in a card, 4) Access the chip's surface directly to observe, manipulate, and interfere with a circuit
Match each smart card attack on the left with the appropriate description on the right. 1) Software attacks, 2) Eavesdropping, 3) Default generation, 4) Microprobing,
user mod -l kjones kscott
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from Scott to Jones with no other values changed. Which of the following commands would accomplish this?
Authenticating remote clients before access to the network is granted
RADIUS is primarily used for what purpose?
Active Directory
What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information? (SA)
The GPO linked to the user's organizational unit is applied last, so this setting takes precedence
The Hide Programs and Features page setting is configured for a specific user as follows: After logging in, the user is able to see the Programs and Features page. Why does this happen?
Set up LDAP Secure (LDAPS) with a digital certificate on port 636 for secure user credential exchange
The IT administrator for large university uses an LDAP director service to manage user access to various computing resources. To ensure the directory's security, which of the following measure should the administrator implement?
Password expiration
The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period?
Security keys
The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implemenetiaing various security measure and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security?
To handle user requests for access to computer resources
What is the primary function of an AAA server in a network?
Process by which each party in an online communication verifies the identity of the other party
What is mutual authentication?
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration
What is the effect of the following command? chage -M 60 -W jsmith
Prevent conflicts of interest
What is the primary purpose of separation of duties?
Ticket
When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identify to the target system?
Attribute-based access control (ABAC)
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the object?
Root
Which account type in Linux can modify hard limits using the ulimit command?
A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers
Which of the following BEST describes the domain controller component of Active Directory?
RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers
Which of the following are differences between RADIUS and TACACS+?
newgrp
Which of the following commands is used to change the current group ID during a login session?
usermod -G ""
Which of the following commands removes a user from all secondary group memberships?
ulimit -a
Which of the following commands would you use to view the current soft limits on a Linux machine?
1) passed, 2) usermod
Which of the following utilities could you use to lock a user account? (pick 2)
Public Key Infrastructure (PKI)
Which technology is primarily used by smart cards to store digital signatures, cryptographic keys, and identification codes?
Security
Which type of group can be used for controlling access to objects?
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the follow strategies should you prioritize and why?
Lightweight Directory Access Protocol (LDAP)
You are a network administrator for large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants implement a system that stores information about users, computers, security groups/roles, and services, and allow for interoperability between different venders' products. Which directory service would you recommend?
Fingerprint recognition
You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend?
Use the -t option to limit the amount of CPU time a process can use
You are a system administrator and you notice that a particular user's processes are consuming an unusually high amount of system resources, causing performance issues for other users. You decide to use the "ulimit" command to limit the resources available to this user's processes. Which of the following options would be the MOST effective solution and why?
The primary group of an existing user cannot be deleted
You are attempting to delete the temp group but are unable to?
1) Minimum password age, 2) Enforce password history
You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (pick 2)
1) Minimum password length 2) Account lockout threshold
You are configuring the Local Security Policy of a Windows system. You want to require users to create passwords that are at least 10 characters in length. You also want to prevent login after 3 unsuccessful login attempts? (pick 2)
Implementing multi factor authentication (MFA) for all systems
You are the IT security manager for a rapidly growing tech company. The company has been using simple password authentication for all systems. However, with the increasing number of employees and the sensitivity of the data being handled, you decide it's time to harden the authentication methods. Which of the following steps would be the MOST effect in achieving this goa.?
1) Shared accounts can lead to accountability issues, 2) Shared accounts can compromise the principle of least privilege
You are the IT security manger for a large corporation. The company has been using shared accounts for certain systems due to ease of access and convenience. However, you are considering implementing a policy to prohibit the use of shared accounts. Which of the following are valid reasons for thsi decision? (pick 2)
gpasswd Research
You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use?
grouped temp_sales
You have a group named temp_sales on your system. The group is no longer needed, so you should remove it. Which of the following commands should you use?
Create a GPO user policy for the Administrators ou
You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options. What should you do?
Create a GPO computer policy for the computers in the Development OU
You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take?
Explicit allow, implicit deny
You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access?
groups dredford
You want to see which primary and secondary groups the Redford user belongs to. Enter the command you would use to display group memberships for redford. (SA)
Federation
Your financial planning company if forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing?