CC7
Fictional Corp uses a cloud service provider that provides a framework of techniques and tools for managing the identities of people and applications that allow for access to cloud resources. Which of the following describe this framework?
b. IAM
Lincoln is assigning permissions to users and groups for a new application that he is deploying. As he's doing this, which of the following principles should he make sure he follows?
b. Least privilege
Sebastian is trying to access a resource that has been labeled as top secret, but he only has secret clearance. Which of the following access control methods does his organization use?
b. Mandatory access control
Rose is implementing digital certificates for all of the users in her organization. Which of the following certificate types should she use?
b. TLS
Nedra is assigning permissions to groups of users on the network for a new cloud-based application that she has just installed. Which of the following do her actions specifically enable?
c. Authorization
Allen is visiting one of his client's data centers and, after signing in, is escorted through the premises the entire time. He notices that, in order to gain access to the data center, the employee had to swipe a proximity badge, key in a 6 digit code, and place his finger on a scanner. Which of the following describes the type of security that he just witnessed?
a. MFA
Kevin is implementing SSO functionality for his organization. Which of the following authentication standards could he use to implement it?
a. SAML
Caroline is trying to access one of her company's custom cloud-based web applications. She sees a bright red screen advising that there is a security problem with the site and that she should not trust the contents of it. Which of the following most likely occurred that an administrator should probably check first?
a. The site's digital certificate has expired.
Sean has implemented an automatic account locking policy that will lock a user account after 5 invalid attempts. Which of the following types of attacks will this help thwart?
b. Brute force
Milo has set up smart cards for users in the company's main office. He wants to tie them into the authentication systems so that users can log into their workstations with them as well as access certain resources. Which of the following does he need to assign to each user in order to make this integration work?
b. Digital certificate
Sharon is having trouble logging into the new cloud-based web application that her small company uses. It asks whether she wants to use a local account or an OpenID account. Which of the following is used by OpenID in order to implement authentication?
b. OAuth
Steven has been tasked with planning the move from an infrastructure where administrators and users add permissions to resources individually to one where users are assigned to groups based upon the department they work in and what they do in the department and then assigning the groups to the resources. Which of the following has he been tasked with planning?
b. RBAC
Kira needs to implement multifactor authentication for one of the new cloud applications. She needs to include something that you have and something that you know. Which of the following would meet those requirements? (Choose two.)
b. Smart card reader c. Password
Tia has run a report on one of the Linux servers she manages and sees that one of the users has not changed their password in over two years. Which of the following parameters should she configure on the server?
c. Expiration
Darius manages a directory of users for one of the domains within his organization. Which of the following describes the protocol in use for querying the directory?
c. LDAP
Noah has gone to work for the government and sees that some systems use a method of labeling data as classified, secret, and top secret rather than creating groups of users and applying permissions for those groups. Which of the following describes these systems of labeling data?
c. MAC
Sarah has deployed a private cloud infrastructure that requires users to insert a smart card into their computer or into a card reader in order to authenticate them to use the applications. The smart card is associated with a certificate for each user, which is verified against a certificate authority. Which of the following has she deployed?
c. PKI
Blake has been examining the logs on one of the servers that he is responsible for that is hosted on a cloud service provider. He finds an instance where one of the employees has managed to give himself unauthorized administrative access on the server. Which of the following has occurred?
c. Privilege escalation
Piper is auditing the accounts on the cloud platform her company uses. She sees a master user that retains complete access and action permissions no matter what permissions are also given to the other users. Which of the following is the username for that account?
c. Root
Fictional Corp has a variety of applications deployed across multiple cloud service providers. Claude has been tasked with making sure that users aren't required to have separate accounts for each application. Which of the following should he look at using to meet that goal?
B. SSO
Judy's company is implementing a new authentication technology that requires assigning certificates to users and issuing smart cards. Which of the following does she need to install and configure to manage the certificates?
C. CA
Owen has been tasked with having multifactor authentication installed for entrances into the company's data center. Which of the following would meet that requirement?
C. Proximity badge reader and fingerprint scanner
Owen has just installed Linux as a virtual machine on the company's cloud service provider. He has configured the server to define a set of users to determine who has access to individual files and folders. Which of the following terms can describe the set of users?
a. ACL
James works for a company where administrators and users add individual granular permissions to various resources. Which of the following describes the access control methods used by this company?
a. DAC
Cherise has been tasked with increasing the security for the company's data center. Currently there is a proximity badge reader on the door. She is considering adding an iris camera to the door. Once it is in place, which of the following factors will be used for authentication into the data center? (Choose all that apply.)
c. Something that you are d. Something that you have
Fictional Corp is trying out a new experimental technology that analyzes how users type as part of a multifactor authentication implementation. Which of the following categories of authentication factors would this fall into?
c. Something you do
Mark manages a custom application that resides on a cloud service provider that relies on users to authenticate by means of entering a username and password. Which of the following factors of authentication does this application use?
c. Something you know
Fred is trying to access the company's cloud-based CRM system while traveling abroad in Europe. He receives a message that access to this application is not allowed from the country he is currently in and lists the IP address detected by his connection. Which of the following factors of authentication is the CRM system using?
c. Somewhere you are
Emily is analyzing the logs for one of the servers in her organization. She sees three failed attempts to log in with an incorrect password. She then sees continued attempts to log in with a different error message. Which of the following could be the reason the error message changed?
c. The account is now locked after 3 failed attempts, so the error message has most likely changed from a failed password to one reflecting a locked account.
Martin is running an analysis on the logs from one of the web servers that resides on the company's private cloud. He finds that some users are accessing a site they shouldn't be able to, as the firewall should have rules to prevent them from accessing the server. Which of the following might be how they were able to access the site?
c. The rules on the firewall were listed in an incorrect order.
Alex is the network administrator for a Windows Server network. Which of the following is most likely in use to manage the users and other resources on that network?
d. AD
Stan is walking past a row of cubicles when he notices someone's password written down on a sticky note that is attached to a monitor. The password is passwordpassword3. Besides the obvious problem of being the word password repeated followed by a single number, which of the following policies isn't in place that should be?
d. Complexity
Andrew manages a variety of applications spread out between multiple cloud providers. Users can sign into any of the cloud applications with the same username and password. Which of the following has been implemented?
d. Federation
Bianca manages the e-mail server for Fictional Corp. All of the employees' e-mails are encrypted using the user's keys. One of the user's certificates expires, so a new certificate is installed. However, now they can no longer access their archived e-mails. Which of the following does Bianca need to do to give this user access to their archived e-mails?
d. Import the keys for the old certificate so the e-mails can be decrypted and then re-encrypt them using the new certificate.
Otis wants to give a mobile app short-term access to a resource without having to store long-term user credentials (such as access keys) in the app. Which of the following describes the method he can use to do that?
d. Roles
Cody suspects that his company has been the subject of an attack after reports from multiple users that they are missing files. He examines the logs and sees where it appears that the user logged in successfully for each of the users in question and that the strong encryption protocol was enforced and used each time. Which of the following may have occurred?
d. Social engineering
Fictional Corp has assigned each user within their Active Directory implementation a username. This username is a form of:
d. identity