Chapter 10, 11: Mobile Device Security, Access Control Fundamentals
Which of the following is the primary security concern when deploying a mobile device on a network? A. Strong authentication B. Interoperability C. Data security D. Cloud storage technique
C. Data security
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device? A. Authentication B. Blacklisting C. Whitelisting D. Acceptable use policy
C. Whitelisting
A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO). A. Change the firewall default settings so that it implements an implicit deny B. Apply the current ACL to all interfaces of the firewall C. Remove the current ACL D. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53 E. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53 F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53
A. Change the firewall default settings so that it implements an implicit deny F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53
Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing sensitive information? (Select TWO). A. Full device encryption B. Screen locks C. GPS D. Asset tracking E. Inventory control
A. Full device encryption B. Screen locks
Jane, a security administrator, has been tasked with explaining authentication services to the company's management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company's environment? A. Kerberos B. Least privilege C. TACACS+ D. LDAP
A. Kerberos
Which of the following types of authentication packages user credentials in a ticket? A. Kerberos B. LDAP C. TACACS+ D. RADIUS
A. Kerberos
Which of the following types of encryption will help in protecting files on a PED? A. Mobile device encryption B. Transport layer encryption C. Encrypted hidden container D. Database encryption
A. Mobile device encryption
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond? A. Rule based access control B. Role based access control C. Discretionary access control D. Mandatory access control
A. Rule based access control
Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended? A. Screen lock B. Voice encryption C. GPS tracking D. Device encryption
A. Screen lock
In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following? A. Identification B. Authorization C. Authentication D. Multifactor authentication
C. Authentication
Which of the following should Matt, a security administrator, include when encrypting smartphones? (Select TWO). A. Steganography images B. Internal memory C. Master boot records D. Removable memory cards E. Public keys
B. Internal memory D. Removable memory cards
A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. Which of the following practices is being implemented? A. Mandatory vacations B. Job rotation C. Least privilege D. Separation of duties
B. Job rotation
Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network? A. Cross-platform compatibility issues between personal devices and server-based applications B. Lack of controls in place to ensure that the devices have the latest system patches and signature files C. Non-corporate devices are more difficult to locate when a user is terminated D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets
B. Lack of controls in place to ensure that the devices have the latest system patches and signature files
A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen? A. Application control B. Remote wiping C. GPS D. Screen-locks
B. Remote wiping
During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? A. Conditional rules under which certain systems may be accessed B. Matrix of job titles with required access privileges C. Clearance levels of all company personnel D. Normal hours of business operation Q22.Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos
B. SAML
Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties? A. LDAP B. SAML C. TACACS+ D. Kerberos
B. SAML
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted? A. RADIUS B. TACACS+ C. Kerberos D. LDAP
B. TACACS+
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected? A. VPN B. VLAN C. WPA2 D. MAC filtering
B. VLAN
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? A. Mandatory access B. Rule-based access control C. Least privilege D. Job rotation
C. Least privilege
A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control? A. Implicit deny B. Role-based Access Control C. Mandatory Access Controls D. Least privilege
C. Mandatory Access Controls
Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption
C. Remote wipe F. Device encryption
Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches? A. DIAMETER B. RADIUS C. TACACS+ D. Kerberos
C. TACACS+
The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. Which of the following would be MOST effective for preventing this behavior? A. Acceptable use policies B. Host-based firewalls C. Content inspection D. Application whitelisting
D. Application whitelisting
A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns? A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled.
D. Configure the devices so that removable media use is disabled.
Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective? A. CHAP B. SAML C. Kerberos D. Diameter
D. Diameter
Which of the following is an authentication service that uses UDP as a transport medium? A. TACACS+ B. LDAP C. Kerberos D. RADIUS
D. RADIUS
Ann has read and write access to an employee database, while Joe has only read access. Ann is leaving for a conference. Which of the following types of authorization could be utilized to trigger write access for Joe when Ann is absent? A. Mandatory access control B. Role-based access control C. Discretionary access control D. Rule-based access control
D. Rule-based access control
Which of the following can be used to mitigate risk if a mobile device is lost? A. Cable lock B. Transport encryption C. Voice encryption D. Strong passwords
D. Strong passwords
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO). A. Deny incoming connections to the outside router interface. B. Change the default HTTP port C. Implement EAP-TLS to establish mutual authentication D. Disable the physical switch ports E. Create a server VLAN F. Create an ACL to access the server
E. Create a server VLAN F. Create an ACL to access the server
