Chapter 8
What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment? A. Account policy control will be set to the cloud provider's standards B. The cloud service will provide account and identity management services C. Multifactor authentication will not be supported by the cloud vendor D. None of the above
B
Which type of multifactor authentication is considered the least secure? A. HOTP B. SMS C. TOTP D. Biometric
B
Tokens:
Physical device that may generate a code, plug-in via USB, or connect via Bluetooth to present a certificate
A person's name, age, location, or job title are examples of what? A. Biometric factors B. Identity factors C. Attributes D. Account permissions
C
What type of access control scheme best describes the Linux filesystem? A. MAC B. RBAC C. DAC D. ABAC
C
CHAP:
Challenge handshake authentication protocol, more secure than PAP, uses encrypted challenge and 3 way handshake to send credentials
Smartcards:
Use an embedded chip
Gait analysis:
Measures how a person walks to identify them
MFA:
Multifactor Authenticaton
PAP:
Password authentication protocol, sends unencrypted passwords
Melissa is planning on implementing biometric authentication on her network. Which of the following should be a goal for any biometric solution she selects? A. High FRR, low FAR B. High FAR, low FRR C. Low CER D. High CER
C
Theresa wants to implement an access control scheme that sets permissions based on what the individual's job requires. Which of the following schemes is most suited to this type of implementation? A. ABAC B. DAC C. RBAC D. MAC
C
Trevor is deploying the Google Authenticator mobile application for use in his organization. What type of one-time password system does Google Authenticator use in its default mode? A. HMAC-based on time passwords B. SMS-based on time passwords C. Time-based one time passwords D. Static codes
C
Certificates:
Can be stored on a system or paired with a storage device
Michelle enables the Windows 10 picture password feature to control logins for her laptop. Which type of attribute will it provide? A. Somewhere you are B. Something you can do C. Something you exhibit D. Someone you know
B
Password complexity, password history, and password reuse are all examples of what? A. Account audits B. Account policies C. Access policies D. Credential attributes
B
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the organization's main facility. What type of account policy should she set? A. Time of day B. Geofencing C. Time-based logins D. Impossible travel time
B
What is a HSM used for? A. To capture biometric enrollment data B. To generate, manage, and securely store cryptographic keys C. To generate one-time passwords via a time-based code algorithm D. To enable federation between organizations
B
EAP:
Extensible Authentication Protocol, Common authentication framework for wireless networks
A PIN is an example of what type of factor? A. Something you know B. Something you are C. Something you have D. Something you set
A
Charles has implemented LDAP for his organization. What type of service has he enabled? A. A federation B. A directory service C. An attestation service D. A biometric identity provider
B
SSH Keys:
Cryptographic representations of identity that replace a username or password
Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement? A. RADIUS B. SAML C. OAuth D. LDAP
A
Which of the following technologies is the least effective means of preventing shared accounts? A. Password complexity requirements B. Requiring biometric authentication C. Requiring one-time passwords via a token D. Requiring a one-time password via an application
A
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation? A. Service provider B. Relying party C. Authentication provider D. Identity provider
D
Nina's organization uses SSH keys to provide secure access between systems. Which of the following is not a common security concern when using SSH Keys? A. Inadvertent exposure of the private key B. Weak passwords/passphrases C. SSH key sprawl D. Weak encryption
D
Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information? A. Kerberos B. OAuth C. RADIUS D. OpenID
D
What type of attack does an account lockout policy help to prevent? A. Stolen password B. Race conditions C. Buffer overflows D. Brute force
D
Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users? A. Voice print recognition B. Gait recognition C. Retina scanners D. Fingerprint scanner
D