CH 8 IDENTITY AND ACCESS MANAGEMENT
ELAINE WANTS TO IMPLEMENT AN AAA SYSTEM. WHICH OF THE FOLLOWING IS AN AAA SYSTEM SHE COULD IMPLEMENT? A. RADIUS B. SAML C. OAUTH D. LDAP
A. RADIUS
A PIN IS AN EXAMPLE OF WHAT TYPE OF FACTOR? A. SOMETHING YOU KNOW B. SOMETHING YOU ARE C. SOMETHING YOU HAVE D. SOMETHING YOU SET
A. SOMETHING YOU KNOW
CHARLES HAS IMPLEMENTED LDAP FOR HIS ORGANIZATION. WHAT TYPE OF SERVICE HAS HE ENABLED? A. A FEDERATION B. A DIRECTORY SERVICE C. AN ATTESTATION SERVICE D. A BIOMETRIC IDENTITY PROVIDER
B. A DIRECTORY SERVICE
WHAT TYPE OF ACCESS CONTROL SCHEME BEST DESCRIBES THE LINUX FILESYSTEM? A. MAC B. RBAC C. (DISCRETIONARY ACCESS CONTROL) DAC D. ABAC
C. (DISCRETIONARY ACCESS CONTROL) DAC
NINA'S ORGANIZATION USES SSH KEYS TO PROVIDE SECURE ACCESS BETWEEN SYSTEMS. WHICH OF THE FOLLOWING IS NOT A COMMON SECURITY CONCERN WHEN USING SSH KEYS? A. INADVERTENT EXPOSURE OF THE PRIVATE KEY B. WEAK PASSWORDS/PASSPHRASES C. SSH KEY SPRAWL D. WEAK ENCRYPTION
D. WEAK ENCRYPTION
THERESA WANTS TO IMPLEMENT AN ACCESS CONTROL SCHEME THAT SETS PERMISSIONS BASED ON WHAT THE INDIVIDUAL'S JOB REQUIRES. WHICH OF THE FOLLOWING SCHEMES IS MOST SUITED TO THIS TYPE OF IMPLEMENTATION? A. ABAC B. DAC C. (ROLE-BASED ACCESS CONTROL) RBAC D. MAC
C. (ROLE-BASED ACCESS CONTROL) RBAC
A PERSON'S NAME, AGE, LOCATION, OR JOB TITLE ARE ALL EXAMPLES OF WHAT? A. BIOMETRIC FACTORS B. IDENTITY FACTORS C. ATTRIBUTES D. ACCOUNT PERMISSIONS
C. ATTRIBUTES
ANGELA HAS CHOSEN TO FEDERATE WITH OTHER ORGANIZATIONS TO ALLOW USE OF SERVICES THAT EACH ORGANIZATION PROVIDES. WHAT ROLE DOES ANGELA'S ORGANIZATION PLAY WHEN THEY AUTHENTICATE THEIR USERS AND ASSERT THAT THOSE USERS ARE VALID TO OTHER MEMBERS OF THE FEDERATION? A. SERVICE PROVIDER B. RELYING PARTY C. AUTHENTICATION PROVIDER D. IDENTITY PROVIDER
D. IDENTITY PROVIDER
PASSWORD COMPLEXITY, PASSWORD HISTORY, AND PASSWORD REUSE ARE ALL EXAMPLES OF WHAT? A. ACCOUNT AUDITS B. ACCOUNT POLICIES C. ACCESS POLICIES D. CREDENTIAL ATTRIBUTES
B. ACCOUNT POLICIES
SCOTT WANTS TO ALLOW USERS TO BRING THEIR OWN CREDENTIALS TO HIS WEBSITE SO THAT THEY CAN LOG IN USING A GOOGLE OR MICROSOFT ACCOUNT WITHOUT GIVING HIM THEIR PASSWORDS. WHAT PROTOCOL CAN HE USE THAT WILL ALLOW THOSE USERS TO GRANT THE WEBSITE ACCESS TO THEIR INFORMATION? A. KERBEROS B. OAUTH C. RADIUS D. OPENID
D. OPENID
WHICH OF THE FOLLOWING TECHNOLOGIES IS THE LEAST EFFECTIVE MEANS OF PREVENTING SHARED ACCOUNTS? A. PASSWORD COMPLEXITY REQUIREMENTS B. REQUIRING BIOMETRIC AUTHENTICATION C. REQUIRING ONE-TIME PASSWORDS VIA A TOKEN D. REQUIRING A ONE-TIME PASSWORD VIA AN APPLICATION
A. PASSWORD COMPLEXITY REQUIREMENTS
SAMANTHA WANTS TO SET AN ACCOUNT POLICY THAT ENSURES THAT DEVICES CAN BE USED ONLY WHILE THE USER IS IN THE ORGANIZATION'S MAIN FACILITY. WHAT TYPE OF ACCOUNT POLICY SHOULD SHE SET? A. TIME OF DAY B. GEOFENCING C. TIME-BASED LOGINS D. IMPOSSIBLE TRAVEL TIME
B. GEOFENCING
WHICH TYPE OF MULTIFACTOR AUTHENTICATION IS CONSIDERED THE LEAST SECURE? A. HOTP B. SMS C. TOTP D. BIOMETRIC
B. SMS
MICHELLE ENABLES THE WINDOWS 10 PICTURE PASSWORD FEATURE TO CONTROL LOGINS FOR HER LAPTOP. WHICH TYPE OF ATTRIBUTE WILL IT PROVIDE? A. SOMEWHERE YOU ARE B. SOMETHING YOU CAN DO C. SOMETHING YOU EXHIBIT D. SOMEONE YOU KNOW
B. SOMETHING YOU CAN DO
WHAT MAJOR DIFFERENCE IS LIKELY TO EXIST BETWEEN ON-PREMISES IDENTITY SERVICES AND THOSE USED IN A CLOUD-HOSTED ENVIRONMENT? A. ACCOUNT POLICY CONTROL WILL BE SET TO THE CLOUD PROVIDER'S STANDARDS. B. THE CLOUD SERVICE WILL PROVIDE ACCOUNT AND IDENTITY MANAGEMENT SERVICES. C. MULTI FACTOR AUTHENTICATION WILL NOT BE SUPPORTED BY THE CLOUD VENDOR. D. NONE OF THE ABOVE.
B. THE CLOUD SERVICE WILL PROVIDE ACCOUNT AND IDENTITY MANAGEMENT SERVICES.
WHAT IS A HSM USED FOR? A. TO CAPTURE BIOMETRIC ENROLLMENT DATA B. TO GENERATE, MANAGE, AND SECURELY STORE CRYPTOGRAPHIC KEYS C. TO GENERATE ONE-TIME PASSWORDS VIA A TIME-BASED CODE ALGORITHM D. TO ENABLE FEDERATION BETWEEN ORGANIZATIONS
B. TO GENERATE, MANAGE, AND SECURELY STORE CRYPTOGRAPHIC KEYS
MELISSA IS PLANNING ON IMPLEMENTING BIOMETRIC AUTHENTICATION ON HER NETWORK. WHICH OF THE FOLLOWING SHOULD BE A GOAL FOR ANY BIOMETRIC SOLUTION SHE SELECTS? A. HIGH FRR, LOW FAR B. HIGH FAR, LOW FRR C. LOW CER D. HIGH CER
C. LOW CER
TREVOR IS DEPLOYING THE GOOGLE AUTHENTICATOR MOBILE APPLICATION FOR USE IN HIS ORGANIZATION. WHAT TYPE OF ONE-TIME PASSWORD SYSTEM DOES GOOGLE AUTHENTICATOR USE IN ITS DEFAULT MODE? A. HMAC-BASED ONE-TIME PASSWORDS B. SMS-BASED ONE-TIME PASSWORDS C. TIME-BASED ONE-TIME PASSWORDS D. STATIC CODES
C. TIME-BASED ONE-TIME PASSWORDS
WHAT TYPE OF ATTACK DOES AN ACCOUNT LOCKOUT POLICY HELP TO PREVENT? A. STOLEN PASSWORD B. RACE CONDITIONS C. BUFFER OVERFLOWS D. BRUTE FORCE
D. BRUTE FORCE
WHICH OF THE FOLLOWING BIOMETRIC TECHNOLOGIES IS MOST BROADLY DEPLOYED DUE TO ITS EASE OF USE & ACCEPTANCE FROM END USERS? A. VOICE PRINT RECOGNITION B. GAIT RECOGNITION C. RETINA SCANNERS D. FINGERPRINT SCANNER
D. FINGERPRINT SCANNER