Comptia Security+ - Chapter 1 Quiz -Mastering Security Basics
A network includes a ticket-granting ticket server. Which of the following choices is the primary purpose of this server? A. Authentication B. Identification C. Authorization D. Access control
A. Kerberos uses a ticket-granting ticket server for authentication. Users claim an identity with a username for identification. They prove their identity with credentials for authentication and Kerberos incorporates these credentials in tickets. Users are authorized access to resources with permissions, but only after they have been authenticated by an authentication service such as Kerberos. Access controls restrict access to resources after users are identified and authenticated.
Which of the following choices provide authentication services for remote users and devices? (Select TWO.) A. Kerberos B. RADIUS C. Secure LDAP D. Diameter
B, D. Both Remote Authentication Dial-In User Service (RADIUS) and Diameter are authentication services for remote users and devices. Diameter is more secure than RADIUS. Kerberos is an authentication service used with a domain or realm and Secure Lightweight Directory Access Protocol (LDAP) uses Transport Layer Security (TLS) for encryption and is used to query directories.
When users log on to their computers, they are required to enter a username, a password, and a PIN. Which of the following choices BEST describes this? A. Single-factor authentication B. Two-factor authentication C. Multifactor authentication D. Mutual authentication
A. Both the password and the PIN are in the something you know factor of authentication, so this is single-factor authentication. Two-factor authentication requires the use of two different authentication factors. Multifactor authentication requires two or more factors of authentication. Mutual authentication is when both entities in the authentication process authenticate with each other and it doesn't apply in this situation.
Which of the following authentication services uses tickets for user credentials? A. RADIUS B. Diameter C. Kerberos D. LDAP
C. Kerberos uses a ticket-granting ticket server to create tickets for users and these tickets include user credentials for authentication. Remote Authentication Dial-In User Service (RADIUS) provides authentication for remote users. Diameter is an alternative to RADIUS and it can utilize Extensible Authentication Protocol (EAP). Lightweight Directory Access Protocol (LDAP) is an X.500-based authentication service.
Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML-based open standard. Which of the following is the MOST likely solution being implemented? A. RADIUS B. Diameter C. TACACS+ D. SAML
D. Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for single sign-on (SSO) solutions. Remote Authentication Dial-In User Service (RADIUS) is a remote access authentication service. Diameter is an alternative to RADIUS. Terminal Access Controller Access-Control System Plus (TACACS+) is an authentication service that replaces the older TACACS protocol. RADIUS, Diameter, and TACACS+ do not use XML.
The security manager at your company recently updated the security policy. One of the changes requires dual-factor authentication. Which of the following will meet this requirement? A. Hardware token and PIN B. Fingerprint scan and retina scan C. Password and PIN D. Smart card
A. A hardware token (such as an RSA token or a USB token) is in the something you have factor of authentication and the PIN is in the something you know factor of authentication. Combined, they provide dual-factor authentication. The remaining answers only provide single-factor authentication. A fingerprint scan and a retina scan are both in the something you are factor of authentication. A password and a PIN are both in the something you know factor of authentication. A smart card is in the something you have factor of authentication.
You are logging on to your bank's web site using your email address and a password. What is the purpose of the email address in this example? A. Identification B. Authentication C. Authorization D. Availability
A. The email address provides identification for you and your account. The password combined with the email address provides authentication, proving who you are. Based on your identity, you are granted authorization to view your account details. Availability is unrelated to identification, authentication, and authorization.
When you log on to your online bank account, you are also able to access a partner's credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe? A. SSO B. Same sign-on C. SAML D. Kerberos
A. This is an example of single sign-on (SSO) capabilities because you can log on once and access all the resources without entering your credentials again. Same sign-on requires you to reenter your credentials for each new site, but you use the same credentials. Security Assertion Markup Language (SAML) is an SSO solution used for web-based applications and the bank might be using SAML, but other SSO solutions are also available. Kerberos is used in an internal network.
Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement? A. HOTP B. TOTP C. CAC D. Kerberos
B. A Time-based One-Time Password (TOTP) meets this requirement. Passwords created with TOTP expire after 30 seconds. HMAC-based One-Time Password (HOTP) creates passwords that do not expire. A Common Access Card (CAC) is a type of smart card, but it does not create passwords. Kerberos uses tickets instead of passwords.
Which type of authentication is a fingerprint scan? A. Something you have B. Biometric C. PAP D. One-time password
B. A fingerprint scan is a biometric method of authentication in the something you are factor of authentication. The something you have factor of authentication refers to something you can hold, such as a hardware token for a one-time password. Password Authentication Protocol (PAP) is an authentication method that sends passwords across the network in cleartext.
Users in your organization access your network from remote locations. Currently, the remote access solution uses RADIUS. However, the organization wants to implement a stronger authentication service that supports EAP. Which of the following choices BEST meets this goal? A. TACACS+ B. Diameter C. Kerberos D. Secure LDAP
B. Diameter is an alternative to Remote Authentication Dial-In User Service (RADIUS) and it can utilize Extensible Authentication Protocol (EAP). Terminal Access Controller Access-Control System Plus (TACACS+) is an authentication service that replaces older TACACS. Kerberos is an internal authentication protocol that uses tickets. Secure Lightweight Directory Access Protocol (LDAP) is an X.500-based authentication service that can be secured with Transport Layer Security (TLS).
You want to ensure that messages sent from administrators to managers arrive unchanged. Which security goal are you addressing? A. Confidentiality B. Integrity C. Availability D. Authentication
B. Integrity provides assurances that data has not been modified, and integrity is commonly enforced with hashing. Confidentiality prevents unauthorized disclosure of data but doesn't address modifications of data. Availability ensures systems are up and operational when needed and uses fault tolerance and redundancy methods. Authentication provides proof that users are who they claim to be.
Your organization has a password policy with a password history value of 12. What does this indicate? A. Your password must be at least 12 characters long. B. Twelve different passwords must be used before reusing the same password. C. Passwords must be changed every 12 days. D. Passwords cannot be changed until 12 days have passed.
B. The password history indicates how many passwords a system remembers and how many different passwords must be used before a password can be reused. Password length identifies the minimum number of characters. Password maximum age identifies when users must change passwords. Password minimum age identifies the length of time that must pass before users can change a password again.
Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method? A. Passwords B. Dual-factor C. Biometrics D. Diameter
B. This is dual-factor authentication because users must authenticate with two different factors of authentication (something you are and something you know). Passwords are in the something you know factor and biometrics are in the something you are factor, but the scenario includes both factors, not just one. Diameter is a remote access authentication service that supports Extensible Authentication Protocol (EAP).
A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password? A. Verify the user's original password. B. Disable the user's account. C. Verify the user's identity. D. Enable the user's account.
C. Before resetting a user's password, it's important to verify the user's identity. Users often need the password reset because they have forgotten their original password, so it's not possible to verify the user's original password. It's not necessary to disable a user account to reset the password. You would enable the account if it was disabled or locked out, but the scenario doesn't indicate this is the case.
1. Homer needs to send an email to his HR department with an attachment that includes PII. He wants to maintain the confidentiality of this attachment. Which of the following choices is the BEST choice to meet his needs? A. Hashing B. Digital signature C. Encryption D. Certificate
C. Encryption is the best choice to provide confidentiality of any type of information, including Personally Identifiable Information (PII). Hashing, digital signatures, and certificates all provide integrity, not confidentiality.
Which of the following provides authentication services and uses PPP? A. Diameter and biometrics B. Kerberos and LDAP C. SAMLand SSO D. PAP and CHAP
D. Both Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) use Point-to-Point Protocol (PPP). Diameter is an authentication service, but biometrics is an authentication method. Kerberos is an authentication service, but it doesn't use PPP and Lightweight Directory Access Protocol (LDAP) as a method of querying directories. Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML)-based data format used for single sign-on (SSO), but it doesn't use PPP.
Management at your company recently decided to implement additional lighting and fencing around the property. Which security goal is your company MOST likely pursuing? A. Confidentiality B. Integrity C. Availability D. Safety
D. Lighting and fencing are two methods that can enhance the security goal of safety. Confidentiality is enhanced with encryption and access controls. Integrity is enhanced with hashing, certificates, and digital signatures. Availability is enhanced with redundancy and fault-tolerance procedures.
Your network uses an authentication service based on the X.500 specification. When encrypted, it uses TLS. Which authentication service is your network using? A. SAML B. Diameter C. Kerberos D. LDAP
D. Lightweight Directory Access Protocol (LDAP) uses X.500-based phrases to identify components and Secure LDAP can be encrypted with Transport Layer Security (TLS). Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for single signon (SSO), but it is not based on X.500. Diameter is an alternative to Remote Authentication Dial-In User Service (RADIUS), but neither of these are based on X.500.
Your organization recently implemented two servers that act as failover devices for each other. Which security goal is your organization pursuing? A. Safety B. Integrity C. Confidentiality D. Availability
D. Your organization is pursuing availability. A failover cluster uses redundant servers to ensure a service will continue to operate even if one of the servers fail. Safety methods provide safety for personnel and other assets. Integrity methods ensure that data has not been modified. Confidentiality methods such as encryption prevent the unauthorized disclosure of data.