IST 266
Your boss asks you to replace the current RADIUS authentication system with a more secure system. Your current RADIUS solution supports EAP, and your new solution should do the same. Which of the following is the best option and would offer the easiest transition?
Diameter
Which of the following can allow the owner to restrict access to resources according to the identity of the user?
Discretionary access control
Which of the following uses Transport Layer Security and does not work well in enterprise scenarios because certificates must be configured or managed on both the client side and server side?
EAP-TLS
To achieve multifactor security, what should you implement to accompany password usage and smart cards?
Fingerprint readers
In which of the following phases of identification and authentication does proofing occur?
Identification
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Install a digital certificate on the authentication server
You review the system logs for your organization's firewall and see that an implicit deny is within the ACL. Which is an example of an implicit deny?
Items not specifically given access are denied by default.
Which of the following authentication models places importance on a ticket-granting server?
Kerberos
Which of the following network authentication protocols uses symmetric key cryptography, stores a shared key for each network resource, and uses a Key Distribution Center (KDC)?
Kerberos
An administrator configures Unix accounts to authenticate to a non-Unix server on the internal network. The configuration file incorporates the following information: DC=ServerName and DC=COM. Which service is being used?
LDAP
Which of the following is a secure wireless authentication method that uses a RADIUS server for the authenticating?
LEAP
Which of the following concepts best describes the mandatory access control model?
Lattice
You are in the middle of the information gathering stage of the planning and deployment of a role-based access control model. Which of the following is most likely required?
Matrix of job titles with required privileges
Which of the following access control methods is best described as providing a username, password, and biometric thumbprint scan to gain access to a network?
Multifactor
Which of the following inbound ports must be opened on a server to allow a user to log in remotely?
3389
Which of the following authentication protocols makes use of a supplicant, authenticator, and authentication server?
802.1X
Your organization has several conference rooms with wired RJ45 jacks that are used by employees and guests. The employees need to access internal organizational resources, but the guests only need to access the Internet. Which of the following should you implement?
802.1X and VLANs
Which of the following is the best example of a strong password?
A 14-character sequence of numbers, letters, and symbols
Which of the following does the discretionary access control model use to identify users who have permissions to a resource?
Access control lists
A systems administrator must configure access to the corporate network such that users always have access without the need to periodically disconnect and reconnect. Which of the following best describes the type of connection that should be configured?
Always-on VPN
Which of the following are the best options when it comes to increasing the security of passwords? (Select the two best answers.)
Password complexity Password length
Your organization hires temporary users to assist with end-of-year resources and calculations. All the temporary users need access to the same domain resources. These "temps" are hired for a specific period of time with a set completion date. Users log on to a Windows domain controlled by a Windows Server domain controller. Your job is to make sure that the accounts can be used only during the specific period of time for which the temps are hired. The solution you select should require minimal administrative effort and upkeep. Of the following, what is the best solution?
Configure expiration dates for the temp user accounts
Which of the following methods can possibly identify when an unauthorized access has occurred?
Previous logon notification
Your organization asks you to design a web-based application. It wants you to design the application so that it runs under a security context that allows only those privileges required for the application to run to minimize risk if an attack occurs. Which of the following security concepts does this describe?
Principle of least privilege
Your server room has most items bolted down to the floor, but some items - such as network testing tools - can be easily removed from the room. Which security control can you implement to allow for automated notification of the removal of an item from the server room?
RFID
Your network is an Active Directory domain controlled by a Windows Server domain controller. The Finance group has read permission to the Reports and History shared folders and other shared folders. The Accounting group has read and write permissions to the Reports, AccountRecs, and Statements shared folders. Several users are members of both the Finance and Accounting groups. All the folders are located on a file server. The Everyone group is granted the Full Control NTFS permission for each folder through inheritance, but non-administrative users do not have the right to log on locally at the server. Access to the shared folders is managed through share permissions. It is determined that the Finance group should no longer have read access to the Reports folder. This change should not affect access permissions granted through membership in other groups. What is the best solution to the problem?
Remove the read permission from the Finance group for the Reports folder
What is a definition of implicit deny?
Resources that are not given access are denied by default
You have been commissioned by a customer to implement a network access control model that limits remote users' network usage to normal business hours only. You create one policy that applies to all the remote users. What access control model are you implementing?
Role-based access control
Alice has read and write access to a database. Bob, her subordinate, only has read access. Alice needs to leave to go to a conference. Which access control type should you implement to trigger write access for Bob when Alice is not onsite?
Rule-based access control
Your organization has several separate logins necessary to gain access to several different sets of resources. What access control method could solve this problem?
SSO
A security auditing consultant has completed a security assessment and gives the following recommendations:
Safety Integrity
Your organization has several building keys circulating among various executive and human resources employees. You are concerned that the keys could be easily lost, stolen, or duplicated, so you have decided to implement an additional security control based on facial recognition. Which of the following will address this goal?
Security guard
You are designing security for an application. You need to ensure that all tasks relating to the transfer of money require actions by more than one user through a series of checks and balances. What access control method should you use?
Separation of duties
In a secure environment, which authentication mechanism performs better?
TACACS+ because it encrypts client/server negotiation dialogs
Your network has a DHCP server, AAA server, LDAP server, and e-mail server. Instead of authenticating wireless connections locally at the WAP, you want to utilize RADIUS for the authentication process. When you configure the WAP's authentication screen, what server should you point to, and which port should you use?
The AAA server and port 1812
On Monday, all employees of your organization report that they cannot connect to the corporate wireless network, which uses 802.1X with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the most likely cause of the problem?
The Remote Authentication Dial-In User Service certificate has expired.
What are LDAP and Kerberos commonly used for?
To utilize single sign-on capabilities
Your network is a Windows domain controlled by a Windows Server domain controller. Your goal is to configure user access to file folders shared to the network. In your organization, directory access is dependent upon a user's role in the organization. You need to keep to a minimum the administrative overhead needed to manage access security. You need to be able to quickly modify a user's permissions if that user is assigned to a different role. A user can be assigned to more than one role within the organization. What solutions should you implement? (Select the two best answers.)
Create an OU for each organizational role and link GPOs to each OU Create security groups and assign access permissions based on organizational roles
