Ch 9 19 & 20
A strong password that meets the password complexity requirement should contain: (Select the best answer) Uppercase letters (A-Z) Digits (0-9) Non-alphanumeric characters if permitted (e.g., !, @, #, $) Lowercase letters (a-z) A combination of characters from at least 3 character groups
A combination of characters from at least 3 character groups
Which of the following access control methods would be the most suitable for scheduling system maintenance tasks during periods of low user activity?
Time-Of-Day Restrictions
An authenticator application is a software that generates additional authentication token in the form of a random code) used in multi-step verification process. True False
True
Which of the following passwords is the most complex? T$7C52WL4SU GdL3tU8wxYz @TxBL$nW@Xt G$L3tU8wY@z
G$L3tU8wY@z
What are the characteristic features of SAML? (Select 3 answers) Enables only the exchange of SSO authorization data Handles both authentication and authorization for SSO Uses XML for data exchange Commonly used in enterprise environments and legacy systems Enables only the exchange of SSO authentication data Uses JSON for data exchange Specifically designed for web and mobile applications
Handles both authentication and authorization for SSO Uses XML for data exchange Commonly used in enterprise environments and legacy systems
Examples of MFA attributes include: (Select all that apply) USB token Retina scan Handwritten signature Gait analysis GPS reading PIN Chain of trust
Handwritten signature Gait analysis GPS reading
Which of the answers listed below refer to the features of a security key? (Select 3 answers) Used for OTP generation, remote vehicle access, and building access Hardware authentication token Typically, a physical USB stick or key fob-sized device Primarily used for digital security (2FA/MFA) Software authentication token Typically, a credit card-sized plastic card with an embedded chip
Hardware authentication token Typically, a physical USB stick or key fob-sized device Primarily used for digital security (2FA/MFA)
Which of the following answers refers to a framework for managing access control to digital resources? PAM sso IAM MFA.
IAM
Which of the answers listed below refers to a solution designed to minimize the risk of unauthorized access to privileged accounts? Principle of least privilege Just-in-time-permissions Passwordless authentication Multifactor authentication
Just-in-time-permissions
Which of the following are examples of hardware authentication tokens? (Select 3 answers) Key fob Cable lock| Passphrase Biometric reader| RFID badge Smart card
Key fob RFID badge Smart card
Which of the following answers refers to a protocol designed for accessing and managing information related to user accounts, groups, devices, and other resources within an organization? SOAP RDP LDAP SAMLI
LDAP
Which of the access control models listed below enforces the strictest set of access rules?
MAC
A security solution that provides control over elevated (i.e., administrative type) accounts is referred to as: MFA IAM SSO PAM
PAM
Which of the answers listed below refers to a cryptographic standard (and a file format) used for the storage and transmission of private keys in email communications? PEM DMARC SPF| DKIM
PEM
Which of the following fall into the category of MFA Factors (Select 3 answers) gps reading Handwritten signature PIN Chain of trust USB token Gait analysis Retina scan
PIN USB token Retina Scan
The two factors that are considered important for creating strong passwords are: (Select 2 answers) Password length Minimum password age Password history Password complexity Maximum password age
Password Length Password Complexity
Which of the following examples meets the requirement of multifactor authentication? Password and biometric scan Username and PIN| Smart card and ID badge Voice recognition and fingerprint scan
Password and biometric scan
Which password policy enforces a mandatory password change after a specific time? Password expiration policy Password history policy Minimum password age policy Password reuse policy
Password expiration policy
Which of the answers listed below refers to a software tool specifically designed to store and manage login credentials? BitLocker Password manager Key escrow Password vault
Password manager
Which password policy would be the most effective in decreasing the risk of a security breach across multiple accounts? Password expiration policy Minimum password age policy Password reuse policy Maximum password age policy
Password reuse policy
Which of the following answers refers to an encrypted database that provides secure storage space for user credentials? Secure enclave Password manager Rainbow table Password vault
Password vault
Which of the following RAID levels does not offer fault tolerance? RAID 6 RAID 10| RAID 5 RAID O RAID 1
RAID O
Which type of control access model connects user permissions to their specific responsibilities? DACI RBAC MAC ABAC
RBAC
A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is referred to as: Storage Area Network (SAN) Load balancer Redundant Array of Independent Disks (RAID) Network-Attached Storage
Redundant Array of Independent Disks (RAID)
Which access control model defines access control rules with the use of statements that closely resemble natural language?
ABAC
In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called: Authentication Authorization Accounting
Accounting
A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as: HomeGroup Active Directory (AD) Work group Windows domain
Active Directory (AD)
Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:Subject (i.e., user or process requesting access) Type of action (for example "read", "write", "execute") Resource type (medical record, bank account etc.) Environment (contextual data, such as time of day or geolocation) All of the above
All of the above
Which of the following technologies cannot be used as a passwordless authentication method? Biometrics Hardware tokens QR codes OTPs Passkeys All of the above can be used as a means for passwordless authentication
All of the above can be used as a means for passwordless authentication
Which of the following does not have an application in the authentication process? 0 0 One-time passwords| 0 0 SMS messages | 0 0 Hardware / Software tokens 0 0 Static codes 0 0 Push notifications 0 0 0 Phones All of the above can be used in the authentication process
All of the above can be used in the authentication process
Which of the following is not used in the process of biometric authentication? Fingerprint scan Voice recognition Vein analysis | Retina / Iris scan Face recognition Gait analysis All of the above can be used in the biometric authentication process
All of the above can be used in the biometric authentication process
Which of the terms listed below refers to the process of confirming the integrity and compliance status of various components such as devices, software, configurations, and user privileges? Attestation Authentication| Auditing Authorization|
Attestation
OpenD Connect is a protocol used for: Attestation Authorization Auditing Authentication
Authentication
Which part of the AAA security architecture deals with the verification of the identity of a person or process? Authentication Authorization| Accounting|
Authentication
Which of the following is an example of a soft authentication token? USB token| Authenticator app Smart card Key fob|
Authenticator app
OAuth is an open standard for: Auditing| Authentication Authorization Attestation|
Authorization
Which of the answers listed below refers to the process of granting or denying access to resources? Authentication Authorization Accounting
Authorization
An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations or security domains is referred to as: Syndication Federation Association| Propagation|
Federation
Which of the following answers describe the features of TOTP? (Select 3 answers) Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session
Based on a shared secret key and current time Not vulnerable to replay attacks Valid for only one login session
An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called: AAA framework Multi-factor authentication Group-based access control Federation
Federation
Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy? FRR CRC FAR CER
CER
Which of the answers listed below refers to an authentication method that enables the signing of an outbound email message with a digital signature? SPF| DKIM DMARC PEM
DKIM
Which of the following answers refers to a solution that helps organizations mitigate risks associated with data breaches, insider threats, and compliance violations? EDR DLP IAM UTM
DLP
Which of the following answers refers to a policy framework that allows domain owners to specify how email receivers should handle emails that fail authentication checks? DKIM SPF| PEM DMARC
DMARC
Which of the terms listed below is used to describe the technical process of removing a user's access to an organization's systems and resources? De-provisioning Group Policy IAM Offboarding
De-Provisioning
• Which of the answers listed below refers to a security solution that provides the capability for detection, analysis, response, and real-time monitoring of cyber threats at the device level? SWG CASB EDR NGFW
EDR
Which of the following solutions would be the best choice for real-time protection against spam and phishing attacks? Email client filter Host-based AV software Email security gateway Cloud-based email service
Email security gateway
A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as: CRC FAR CER FRR
FAR
Which of the answers listed below refers to the process of maintaining the integrity of files and data? DLP SIEM FIM SHA
FIM
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is called:
FRR
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: FAR CER CRC FRR
FRR
The maximum password age policy setting determines the period of time that a password must be used before the user can change it. True False
False
The minimum password age policy setting determines the period of time that a password can be used before the system requires the user to change it. True False
False
Hardware RAID Level 0: (Select all that apply) Requires a minimum of 2 drives to implement Is also known as disk striping Decreases reliability (failure of any disk in the array destroys the entire array) Is also referred to as disk mirroring Offers less volume capacity in comparison to RAID 1/ Requires at least 3 drives to implement] Is suitable for systems where performance has higher priority than fault tolerance ( Your answer) Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data)|
Requires a minimum of 2 drives to implement Is also known as disk striping Decreases reliability (failure of any disk in the array destroys the entire array) Is suitable for systems where performance has higher priority than fault tolerance ( Your answer)
Which access control model allows for defining granular rules that consider user roles, time constraints, and network access restrictions?
RuBAC
Which of the following answers refers to an email authentication mechanism that allows domain owners to specify which IP addresses are authorized to send emails on behalf of their domain? DMARC PEM DKIM SPF
SPF
An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as: NAC SSO AAA MFA
SSO
Which of the following examples does not fall into the category of software authentication tokens?
Security Key
Which of the following answers refers to an example implementation of certificate-based authentication? Smart card ID badge PIN code Biometric lock
Smart Card
Which of the answers listed below refer(s) to a medium type that can be used as a hardware authentication token? (Select all that apply) Smart card Key fob Security key Passphrase Biometric reader RFID badge
Smart card Key fob Security key RFID Badge
Which of the terms listed below refer(s) to the concept of ephemeral access, where access to systems, resources, or permissions is provided for a limited duration? (Select all that apply) TOTP OTP Just-in-time permissions User password API key
TOTP OTP Just-in-time permissions
A common implementation of identity and access controls used in federated SSO systems includes OpenlD Connect and Auth 2.0 used in conjunction to provide authentication and authorization services. True False
TRUE
A general characteristics of a standard user account is that it provides access to basic system resources but does not allow the user to make system changes. True False
TRUE
Discretionary Access Control (DAC) is an access control model based on user identity. In DAC, every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object. True False
TRUE
Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely by an external security device without the need for any client software agents. True False
TRUE
Authentication process can be based on various categories of authentication factors and attributes. Authentication factors include unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have") or usernames and passwords ("something you know"). The categories of authentication attributes include geolocation ("somewhere you are"), user-specific activity patterns, such as keyboard typing style ("something you can do"), revealing something about an individual, e.g. wearing an ID badge ("something you exhibit"), or proving the relation with a trusted third party ("someone you know"). Multifactor authentication systems require implementation of authentication factors from two or more distinct categories. True False
True
Authentication process can be based on various categories of authentication factors. These include knowledge-based factors such as usernames, passwords, PINs, or security question answers ("something you know"), possession-based factors (i.e., physical tokens) such as smart cards, key fobs, or security keys ("something you have"), inherence-based factors that include unique physical traits of each individual, such as fingerprints, iris scans, facial recognition, or voice patterns ("something you are"), or location-based factors such as geolocation data or IP addresses ("somewhere you are"). A multifactor authentication system requires the implementation of authentication factors from two or more distinct categories. True False
True
In computer security, the term "Biometrics" refers to physical characteristics of the human body that can be used for identification and access control purposes. True False
True
In the context of IT security, the term "Biometrics" refers to both biological characteristics of the human body and behavioral traits that can be used for identification and access control purposes. True False
True
The principle of least privilege is a security rule that prevents users from accessing information and resources that lie beyond the scope of their responsibilities. True False
True
Which of the answers listed below refers to a cybersecurity approach aimed at identifying insider threats, compromised accounts, or malicious activity? Threat intelligence User behavior analytics Security policies and procedures Defense in depth
User behavior analytics
Examples of static authentication methods include: (Select 2 answers) Token generator User-generated password Short Message Service (SMS) Personal Identification Number (PIN) Push notification
User-generated password Personal Identification Number (PIN)
Which of the following answers refers) to the Mandatory Access Control (MAC) model? (Select all that apply) Users are not allowed to change access policies at their own discretion Labels and clearance levels can only be applied and changed by an administrator Every object has an owner who at his/her own discretion determines what kind of permissions other users can have to that object Access to resources based on user identity Every resource has a sensitivity label matching a clearance level assigned to a user
Users are not allowed to change access policies at their own discretion Labels and clearance levels can only be applied and changed by an administrator Every resource has a sensitivity label matching a clearance level assigned to a user
Which of the following answers refer to the characteristics of HOTP? (Select 3 answers) Valid for only one login session Based on a shared secret key and current time Vulnerable to replay attacks Based on a cryptographic hash function and a secret cryptographic key Valid for multiple login sessions Not vulnerable to replay attacks
Valid for only one login session Based on a cryptographic hash function and a secret cryptographic key Not vulnerable to replay attacks
Which of the following answers refers to a cybersecurity approach that focuses on recognizing and addressing potential threats originating from multiple sources? XDR WAF EDR SWG
XDR
