Chapter 5
Which could be considered a single point of failure within a single sign-on implementation? A. Authentication server B. User's workstation C. Logon credentials D. RADIUS
A. Authentication server
Which of the following best describes what is currently in place? A. Capability-based access system B. Synchronous tokens that generate one-time passwords C. RADIUS D. Kerberos
A. Capability-based access system
The diagram shown here explains which of the following concepts? A. Crossover error rate. B. Type III errors. C. FAR equals FRR in systems that have a high crossover error rate. D. Biometrics is a high acceptance technology.
A. Crossover error rate.
Which item is not part of a Kerberos authentication implementation? A. Message authentication code B. Ticket granting service C. Authentication service D. Users, programs, and services
A. Message authentication code
Which of the following is the best description of directories that are used in identity management technology? A. Most are hierarchical and follow the X.500 standard. B. Most have a flat architecture and follow the X.400 standard. C. Most have moved away from LDAP. D. Many use LDAP.
A. Most are hierarchical and follow the X.500 standard.
If a company has a high turnover rate, which access control structure is best? A. Role-based B. Decentralized C. Rule-based D. Discretionary
A. Role-based
Pertaining to the CEO's security concerns, what should Lenny suggest the company put into place? A. Security event management software, an intrusion prevention system, and behavior- based intrusion detection B. Security information and event management software, an intrusion detection system, and signature-based protection C. An intrusion prevention system, security event management software, and malware protection D. An intrusion prevention system, security event management software, and war-dialing protection
A. Security event management software, an intrusion prevention system, and behavior- based intrusion detection
Tom has been told that he has to reduce staff from the help-desk team. Which of the following technologies can help with the company's help-desk budgetary issues? A. Self-service password support B. RADIUS implementation C. Reduction of authoritative IdM sources D. Implement a role-based access control model
A. Self-service password support
Lenny has a meeting with the internal software developers who are responsible for implementing the necessary functionality within the web-based system. Which of the following best describes the two items that Lenny needs to be prepared to discuss with this team? A. Service Provisioning Markup Language and the Extensible Access Control Markup Language B. Standard Generalized Markup Language and the Generalized Markup Language C. Extensible Markup Language and the Hypertext Markup Language D. Service Provisioning Markup Language and the Generalized Markup Language
A. Service Provisioning Markup Language and the Extensible Access Control Markup Language
The process of mutual authentication involves _______________. A. a user authenticating to a system and the system authenticating to the user B. a user authenticating to two systems at the same time C. a user authenticating to a server and then to a process D. a user authenticating, receiving a ticket, and then authenticating to a service
A. a user authenticating to a system and the system authenticating to the user
The graphic shown here illustrates how which of the following works? A. Rainbow tables B. Dictionary attack C. One-time password D. Strong authentication
C. One-time password
How is a challenge/response protocol utilized with token device implementations? A. This protocol is not used; cryptography is used. B. An authentication service generates a challenge, and the smart token generates a response based on the challenge. C. The token challenges the user for a username and password. D. The token challenges the user's password against a database of stored credentials.
B. An authentication service generates a challenge, and the smart token generates a response based on the challenge.
Which of the following is not part of user provisioning? A. Creation and deactivation of user accounts B. Business process implementation C. Maintenance and deactivation of user objects and attributes D. Delegating user administration
B. Business process implementation
This graphic covers which of the following? A. Crossover error rate B. Identity verification C. Authorization rates D. Authentication error rates
B. Identity verification
Which of the following is one of the easiest and best solutions Tanya can consider for proper data protection? A. Implementation of mandatory access control B. Implementation of access control lists C. Implementation of digital signatures D. Implementation of multilevel security
B. Implementation of access control lists
Which of the following is the best single sign-on technology for this situation? A. PKI B. Kerberos C. RADIUS D. TACACS+
B. Kerberos
Which of the following changes would be best for Tom's team to implement? A. Move from namespaces to distinguished names. B. Move from meta-directories to virtual directories. C. Move from RADIUS to TACACS+. D. Move from a centralized to a decentralized control model.
B. Move from meta-directories to virtual directories.
Who or what determines if an organization is going to operate under a discretionary, mandatory, or nondiscretionary access control model? A. Administrator B. Security policy C. Culture D. Security levels
B. Security policy
Which of the following best describes the type of environment Harry's team needs to set up? A. RADIUS B. Service-oriented architecture C. Public key infrastructure D. Web services
B. Service-oriented architecture
What are the two main security concerns Robbie is most likely being asked to identify and mitigate? A. Social engineering and spear-phishing B. War dialing and pharming C. Spear-phishing and war dialing D. Pharming and spear-phishing
C. Spear-phishing and war dialing
What role does biometrics play in access control? A. Authorization B. Authenticity C. Authentication D. Accountability
C. Authentication
Which of the following is the best remote access technology for this situation? A. RADIUS B. TACACS+ C. Diameter D. Kerberos
C. Diameter
Which of the following best describes the types of languages and/or protocols that Harry needs to ensure are implemented? A. Security Assertion Markup Language, Extensible Access Control Markup Language, Service Provisioning Markup Language B. Service Provisioning Markup Language, Simple Object Access Protocol, Extensible Access Control Markup Language C. Extensible Access Control Markup Language, Security Assertion Markup Language, Simple Object Access Protocol D. Service Provisioning Markup Language, Security Association Markup Language
C. Extensible Access Control Markup Language, Security Assertion Markup Language,
George is responsible for setting and tuning the thresholds for his company's behavior- based IDS. Which of the following outlines the possibilities of not doing this activity properly? A. If the threshold is set too low, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, malicious activities are not identified (false negatives). B. If the threshold is set too low, nonintrusive activities are considered attacks (false negatives). If the threshold is set too high, malicious activities are not identified (false positives). C. If the threshold is set too high, nonintrusive activities are considered attacks (false positives). If the threshold is set too low, malicious activities are not identified (false negatives). D. If the threshold is set too high, nonintrusive activities are considered attacks (false positives). If the threshold is set too high, malicious activities are not identified (false negatives).
C. If the threshold is set too high, nonintrusive activities are considered attacks (false positives). If the threshold is set too low, malicious activities are not identified (false negatives).
Which of the following is not considered an anomaly-based intrusion protection system? A. Statistical anomaly-based B. Protocol anomaly-based C. Temporal anomaly-based D. Traffic anomaly-based
C. Temporal anomaly-based
Which of the following statements correctly describes passwords? A. They are the least expensive and most secure. B. They are the most expensive and least secure. C. They are the least expensive and least secure. D. They are the most expensive and most secure.
C. They are the least expensive and least secure.
Which of the following best describes what role-based access control offers companies in reducing administrative burdens? A. It allows entities closer to the resources to make decisions about who can and cannot access resources. B. It provides a centralized approach for access control, which frees up department managers. C. User membership in roles can be easily revoked and new ones established as job assignments dictate. D. It enforces enterprise-wide security policies, standards, and guidelines.
C. User membership in roles can be easily revoked and new ones established as job assignments dictate.
Which of the following components should Tom make sure his team puts into place? A. Single sign-on module B. LDAP directory service synchronization C. Web access management D. X.500 database
C. Web access management
Which of the following has the correct term-to-definition mapping? i. Brute-force attacks: Performed with tools that cycle through many possible character, number, and symbol combinations to uncover a password. ii. Dictionary attacks: Files of thousands of words are compared to the user's password until a match is found. iii. Social engineering: An attacker falsely convinces an individual that she has the necessary authorization to access specific resources. iv. Rainbow table: An attacker uses a table that contains all possible passwords already in a hash format. A. i, ii B. i, ii, iv C. i, ii, iii, iv D. i, ii, iii
C. i, ii, iii, iv
Which access control method is considered user directed? A. Nondiscretionary B. Mandatory C. Identity-based D. Discretionary
D. Discretionary
Which of the following is the best identity management technology that Lenny should consider implementing to accomplish some of the company's needs? A. LDAP directories for authoritative sources B. Digital identity provisioning C. Active Directory D. Federated identity
D. Federated identity
In discretionary access control security, who has delegation authority to grant access to data? A. User B. Security officer C. Security policy D. Owner
D. Owner
What is the technology that allows a user to remember just one password? A. Password generation B. Password dictionaries C. Password rainbow tables D. Password synchronization
D. Password synchronization
The company's partners need to integrate compatible authentication functionality into their web portals to allow for interoperability across the different company boundaries. Which of the following will deal with this issue? A. Service Provisioning Markup Language B. Simple Object Access Protocol C. Extensible Access Control Markup Language D. Security Assertion Markup Language
D. Security Assertion Markup Language
Which of the following statements correctly describes biometric methods? A. They are the least expensive and provide the most protection. B. They are the most expensive and provide the least protection. C. They are the least expensive and provide the least protection. D. They are the most expensive and provide the most protection.
D. They are the most expensive and provide the most protection.