Cyber 4.6

A help-desk technician assists a new employee with setting up a new password. When creating a password, what best practice incorporates using upper and lowercase letters, numbers, and symbols? Complexity Length Reuse Age

A

A technician is assisting a group of new employees with setting up multi-factor authentication. What philosophy incorporates the use of facial scans or fingerprints to demonstrate authentication? Something you are Something you have Somewhere you are Something you know

A

A cyber engineer conducts a multi-factor authentication (MFA) assessment of an organization's authentication security. What MFA philosophy uses knowledge factors and includes passphrases to gain access to systems? Something you know Something you have Something you are Somewhere you are

A "Something you know" means the information used for authentication is from something one can recall, such as a passphrase or username/password combination.

Which statement regarding JIT permissions and PAM tools are correct? JIT permissions reduce the risk of unauthorized access by granting temporary access only when necessary. JIT permissions provide users with permanent access to critical systems and sensitive data. PAM tools are primarily focused on managing standard user permissions. JIT permissions are not suitable for enhancing security in medium-sized companies.

A Just-in-time (JIT) permissions reduce the risk of unauthorized access by granting temporary access only when necessary. This process minimizes the window of opportunity for potential attackers to exploit privileged accounts.

The IT department of an international organization is responsible for managing access controls to various sensitive resources and systems. The IT department aims to select the access control model that aligns BEST with the organization's security requirements, user roles, and data sensitivity levels. Which access control model enforces permissions based on attributes and predefined rules, allowing the IT department to make fine-grained access decisions based on users' characteristics and data sensitivity within the multinational corporation? Role-based access control (RBAC) Attribute-based access control (ABAC) Rule-based access controls Discretionary access control (DAC)

B Attribute-based access control (ABAC) enforces access permissions based on attributes, such as user attributes, resource attributes, and environmental conditions, allowing for fine-grained access control decisions.

The IT department of a governmental agency manages access controls for its various systems and resources. It is currently evaluating different access control models to enhance security across the enterprise. The organization deals with sensitive data, and it is crucial to have proper controls in place to protect it from unauthorized access. The IT team considered several access control models, each offering distinct features, and the IT team analyzed which one aligns BEST with the organization's security requirements. Which access control model enforces access permissions based on data sensitivity and predefined security labels, ensuring a higher level of control over sensitive resources in the organization? Role-based access control (RBAC) Mandatory access control (MAC) Discretionary access control (DAC) Attribute-based access control (ABAC

B Mandatory access control (MAC) enforces access permissions based on data sensitivity and predefined security labels. MAC restricts users' ability to change access permissions, ensuring higher resource control.

Which of the following are the advantages of using password managers for password management? (Select the two best options.) Password managers automatically synchronize passwords across competitors' platforms to ensure seamless transition. Password managers can generate strong and complex passwords automatically, reducing the risk of weak passwords. Password managers automatically use the same strong password for all stored accounts to reduce the complexity for users. Password managers can securely store and organize passwords for various online accounts and services.

B, D Password managers reduce the risk of using weak passwords that are easily compromised. Password managers use robust algorithms to create unique and lengthy passwords, ensuring higher security for various accounts. Password managers securely store and organize passwords for individual accounts, not for sharing passwords with colleagues. The primary goal of a password manager is to keep personal passwords safe and easily accessible for the account owner.

After a breach, an organization implements new multi-factor authentication (MFA) protocols. What MFA philosophy incorporates using a smart card or key fob to support authentication? Something you know Something you are Something you have Somewhere you are

C "Something you have" means the account holder possesses something that no one else does, such as a smart card, key fob, or smartphone that can generate or receive a cryptographic token. "Something you are" refers to a biometric or inherence factor. A biometric factor uses physiological identifiers, such as a fingerprint or facial scan, or behavioral identifiers, such as how someone moves (gait). "Somewhere you are" means the system applies a location-based factor to an authentication decision. Location-based authentication measures some statistics about where you are. "Something you know" means the information used for authentication is from something one can recall, such as a passphrase or username/password combination.

A new user creates a new password for a corporate laptop. What best practice requires a certain number of characters to meet the password requirement? Age Reuse Complexity Length

D Account policies can enforce credential management principles by stipulating requirements for user-based password creation. One of these requirements is password length, which implements a minimum, and sometimes maximum, length for passwords. Password complexity enforces rules to make guessing a user's password more difficult, such as incorporating a combination of upper and lowercase letters, numbers, and symbols into the selected password. Password age forces a user to select a new password after a determined set number of days. Password reuse prevents the selection of a password that the computer user has previously used.

The IT security team at a large company is implementing more robust authentication measures to safeguard sensitive data and systems. The team is exploring multi-factor authentication (MFA) options to bolster security. The company deals with highly confidential information and requires a robust solution. The team has narrowed the choices and is evaluating which aligns BEST with their security needs. Which multi-factor authentication method utilizes unique physical characteristics of individuals to verify their identity? Passwords and PINs Smart cards SMS-based one-time passwords (OTP) Biometrics

D In biometrics, unique physical characteristics or behavioral traits, such as fingerprints or facial recognition, actively verify a user's identity.

An international defense organization has developed a classified software system used for satellite communication. The system processes various levels of classified information: top secret, secret, and confidential. The access to this system and its data is not determined by the individual user's wishes, a role, or by evaluating multiple attributes and conditions. Instead, the system enforces system access based on predefined classifications attached to subjects (users) and objects (data). Which access control model is the defense organization MOST likely using? Mandatory access control (MAC) Discretionary access control (DAC) Attribute-based access control (ABAC Role-based access control (RBAC)

A Mandatory access control (MAC) enforces access permissions based on data sensitivity and predefined security labels. MAC restricts users' ability to change access permissions, ensuring higher resource control. Discretionary access control (DAC) allows users to determine access permissions to resources owned. It does not focus on data sensitivity or predefined security labels. Role-based access control (RBAC) assigns access permissions based on job roles and responsibilities. While it streamlines access management, it does not enforce control based on data sensitivity or predefined security labels. Attribute-based access control (ABAC) enforces access permissions based on user characteristics, resource properties, and environmental factors. It provides a flexible and dynamic access control mechanism but does not explicitly focus on data sensitivity.

A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts seamlessly through a secure link sent to their verified email or via a push notification on a trusted device. This approach should not involve traditional passwords, fingerprint scans, or multiple validation steps. Which authentication method is the security team planning to implement for users? Passwordless authentication Attestation Multi-factor authentication Biometric authentication

A Passwordless authentication eliminates traditional passwords and relies on other factors like biometrics, security keys, or mobile push notifications for user verification. Attestation involves verifying the integrity and authenticity of a device's hardware or software. While it can enhance overall security, it is not a passwordless authentication method. Multi-factor authentication (MFA) involves using multiple authentication factors, which can include something users know (like a password) along with something they have or are (like a fingerprint). While it can enhance security, it still involves using passwords in some cases. Biometric authentication uses physical characteristics like fingerprints or facial recognition to verify a user's identity.

The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implementing various security measures and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security? Hard authentication tokens Soft authentication tokens Security keys Biometric authentication

A Security keys are authentication devices, either physical hardware or software-based, that generate secure, unique codes for authentication purposes. Hard authentication tokens are physical devices that generate one-time passwords (OTPs) or passcodes used for authentication. The codes are unique and time-based, so they reduce the risk of unauthorized access. Biometric authentication relies on unique biological characteristics such as fingerprints, iris patterns, or facial recognition to verify a user's identity. While it offers convenience, it is not explicitly related to security keys. Soft authentication tokens are software-based and generate OTPs or passcodes on a user's device.

At a large company, the IT department manages user accounts and permissions for the organization's systems. The IT team employs a well-structured provisioning and de-provisioning process to create, modify, and remove user accounts and assign permissions to minimize potential security risks. Which statements related to user account provisioning and permission assignments are correct? (Select 2 options.) Provisioning and de-provisioning of user accounts involve creating, modifying, and removing user accounts to maintain appropriate access levels. Provisioning and permission assignments are exclusively managed by individual users without IT department involvement. The principle of least privilege guides the assignment of permissions, ensuring users have only the necessary access for their job roles. De-provisioning accounts include the process of granting additional access to prevent delays in user tasks.

A C The IT team ensures employees have the necessary access to perform their job roles efficiently and reduces security risks by promptly revoking access when no longer required through provisioning and de-provisioning user accounts. The principle of least privilege, which restricts users from accessing resources beyond what they require to fulfill their responsibilities, helps minimize security risks.

In a medium-sized company, the IT department manages access to various systems and resources for employees. The team wants to enhance the security posture by implementing better access controls. They use rule-based access controls and time-of-day restrictions to achieve this goal. What are the IT department's objectives in implementing rule-based access controls and time-of-day restrictions? To define specific access rules based on employees' roles and responsibilities To ensure all employees have access to all resources at any time for increased productivity To eliminate the need for user authentication and simplify access management To restrict access to critical systems during non-working hours to enhance security

A D The IT department aims to implement rule-based access controls to define specific access rules based on employees' roles and responsibilities, ensuring users can access only the resources they need to fulfill their job duties and enhance security. The implementation of time-of-day restrictions limits access to critical systems during non-working hours, which helps improve security by reducing exposure to potential threats when fewer employees are present.

It team responsible for provisioning and de-provisioning user accounts for employees and implements identity-proofing measures to ensure that the right individuals gain access to sensitive systems and data. firm recently adopted a new identity-proofing process that involves verifying user identities through documents and biometric data. Which statements regarding provisioning, de-provisioning, and identity proofing are correct? (Select the 2 best) Provisioning of user accounts involves granting access to employees based on their job roles and responsibilities. Identity proofing is a measure used to ensure that the right individuals gain access to sensitive systems and data. De-provisioning of user accounts is the process of revoking access when employees change job roles within the organization. Identity proofing is a measure used for granting access to employees based on their job roles and responsibilities.

A,B Provisioning user accounts grants employees access based on their job roles and responsibilities. This process ensures users have the necessary access to perform their duties. Identity proofing is a measure used to verify the identity of individuals before granting them access to sensitive systems and data. It helps ensure that only authorized individuals gain access.

A large multinational company uses a cloud-based document storage system. The system provides access to documents by considering a combination of factors: the user's department, geographic location, the document's sensitivity level, and the current date and time. For example, only the finance department of a specific region can access its financial reports, and they can do so only during business hours. Which access control model does the company MOST likely use to manage this complex access control? Rule-based access controls Role-based access control (RBAC) Attribute-based access control (ABAC) Discretionary access control (DAC)

C Attribute-based access control (ABAC) enforces access permissions based on attributes, such as user attributes, resource attributes, and environmental conditions, allowing for fine-grained access control decisions. Rule-based access controls (RBAC) rely on predefined rules without considering attributes, leading to less granular access control than attribute-based access control (ABAC). Discretionary access control (DAC) gives users more control over resource access, which may not be suitable for managing fine-grained access decisions based on data sensitivity and user characteristics. Role-based access control (RBAC) focuses on associating permissions with roles, not attributes, making it less suitable for fine-grained access control based on users' characteristics and data sensitivity within the organization.

The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period? Password complexity Password reuse prevention Password expiration Password recovery via email

C Implementing a password expiration policy requires users to change their passwords after a set period. This practice helps reduce the risk of unauthorized access from compromised passwords obtained in the past.