MIS 379 exam 2 lesson questions 5-8
A primary target for a hacker gaining access to a network is user passwords. Consider the file locations where Windows and Linux each store passwords and determine which of the following is NOT used for password storage. %SystemRoot%\System32\config\SAM /etc/passwd %SystemRoot%\System32\Drivers\etc\hosts /etc/shadow
%SystemRoot%\System32\Drivers\etc\hosts
If a company's IP address is in the Class B private range, which of the following IP addresses is can be utilized? 172.20.26.1 192.168.0.1 10.10.1.0 172.16.256.1
172.20.26.1
Determine which of the following statements about 802.1x are true. (Select two) The device requesting access is the authenticator under 802.1X. 802.1X provides PNAC. The authentication server is typically a RADIUS server. In port-based authentication, the port acts as a firewall.
802.1X provides PNAC. The authentication server is typically a RADIUS server
Which of the following options represents Two-Factor Authentication (2FA)? A user logs in using a password and a PIN. A user logs in using a password and a smart card. A user logs in using a fingerprint and retina scanner. A user logs in using a smart card and a key fob.
A user logs in using a password and a smart card.
Evaluate how identification and authentication are distinct in their functions. Which of the following scenarios best illustrates a user being authenticated? A user's keyboard typing behavior is analyzed. A system administrator sets up a user account for a new employee after HR sends employment verification. An administrator sends an initial password to a new telecommuting employee through a VPN. A user is assigned an SID.
A user's keyboard typing behavior is analyzed.
Evaluate the following statements and determine which explains why layer 2 is vulnerable to Man-in-the-Middle (MitM) attacks. (Select two) ARP operates at layer 2 DNS operates at layer 2 Mutual authentication is not prevalent at layer 2 Firewalls are not secure at layer 2
ARP operates at layer 2 Mutual authentication is not prevalent at layer 2
Apply knowledge of identity and authentication concepts to select the true statement. A user profile must be unique. Credentials could include name, contact details, and group memberships. An identifier could be a username and password, or smart card and PIN code. An account consists of an identifier, credentials, and a profile.
An account consists of an identifier, credentials, and a profile.
Which of the following password cracker attacks are combined to create a hybrid attack? (Select two) Brute force Dictionary Rainbow table PTH
Brute force Dictionary
Network topology design has a hierarchy. Reflect on Physical and Data layers of the OSI model implementation and select the layers Cisco recommends for campus design. (Choose three) Core Permission Access Distribution
Core Access Distribution
Many access control models are rule-based. Consider how each of the following models determines how users receive rights and determine which model is NOT rule-based. RBAC DAC MAC ABAC
DAC
Where should an administrator place an internet-facing host on the network? DMZ Bastion host Extranet Private network
DMZ
The X.509 standard defines the fields (information) that must be present in a digital certificate. Which of the following is NOT a required field? Extentions Public key Endorsement key Version
Endorsement Key
Many Internet companies, such as Google and Facebook, allow users to share a single set of credentials between multiple services providers. For example, a user could logon to Amazon using their Facebook credentials. Which term correctly defines this example? Federation Single sign-on Permission Access control
Federation
What is the purpose of a server certificate? Allow signing and encrypting email messages. Guarantee the validity of a browser plug-in or software application. Provide identification for the certificate authority. Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.
Guarantee the identity of e-commerce sites and other websites that gather and store confidential information.
Evaluate the differences between hardware and software-based key storage and select the true statement. In hardware-based storage, the key is stored on a server. Software-based storage and distribution is typically implemented using removable media or a smart card. HSM may be less susceptible to tampering and insider threats than software-based storage. In hardware-based storage, security is provided by the operating system Access Control List (ACL).
HSM may be less susceptible to tampering and insider threats than software-based storage.
Which of the following devices contain all of the ports in the same collision domain? Switch Bridge Hub Ad hoc network
Hub
Which of the following are considered best practices for Account Management? (Choose two) Implement the principle of least privilege when assigning user and group account access. Draft a password policy and include requirements to ensure passwords are resistant to cracking attempts. Identify group or role account types and how they will be allocated to users. Identify user account types to implement within the model, such as standard users and types of privileged users.
Implement the principle of least privilege when assigning user and group account access. Draft a password policy and include requirements to ensure passwords are resistant to cracking attempts.
An Identity and Account Management (IAM) system has four main processes. Which of the following is NOT one of the main processes? Accounting Identification Integrity Authentication
Integrity
Analyze the techniques that are available to perform rogue machine detection and select the accurate statements. (Select two) Visual inspection of ports and switches will prevent rogue devices from accessing the network. Network mapping is an easy way to reveal the use of unauthorized protocols on the network or unusual traffic volume. Intrusion detection are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. Wireless monitoring can reveal whether there are unauthorized access points.
Intrusion detection are security suites and appliances that combine automated network scanning with defense and remediation suites to prevent rogue devices from accessing the network. Wireless monitoring can reveal whether there are unauthorized access points.
Biometric authentication methods have different error rates, with some methods being easier to fool than others. Which of the following methods is least likely to be tricked by an unauthorized user? Fingerprint scan Iris scan Facial recognition Voice recognition
Iris scan
If not managed properly, certificate and key management can represent a critical vulnerability. Assess the following statements about key managment and select the true statements. (Choose two) If a key used for signing and encryption is compromised, it can be easily destroyed with a new key issued. It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. If a private key or secret key is not backed up, the storage system represents a single point of failure. The same private key can securely encrypt and sign a document.
It is exponentially more difficult to ensure the key is not compromised with multiple backups of a private key. If a private key or secret key is not backed up, the storage system represents a single point of failure.
Compare and contrast methods used by Kerberos and Private Key Infrastructure (PKI) to authenticate users and identify the true statement. Kerberos uses asymmetric cryptography while PKI uses symmetric cryptography. Kerberos and PKI both use passwords to authenticate users. Kerberos uses timestamps and PKI does not. Kerberos and PKI both provide Single Sign-On (SSO).
Kerberos uses timestamps and PKI does not.
Which of the following is NOT the function of a router? Routers can serve as a firewall. Routers can join networks together. Routers can subdivide networks. Manually configured routers use routing protocols.
Manually configured routers use routing protocols.
Consider the challenges with providing privilege management and authorization on an enterprise network. Which of the following would the network system administrator NOT be concerned with when configuring directory services? Confidentiality Integrity Non-repudiation DoS
Non-repudiation
Evaluate the following choices based on their potential to lead to a network breach. Select the choice that is NOT a network architechture weakness. The network architechture is flat. Services rely on the availability of several different systems. The network relies on a single hardware server. Not all hosts on the network can talk to one another.
Not all hosts on the network can talk to one another.
Consider the Public Key Infrastructure (PKI) Trust Model. In which of the following is the root NOT the single point of failure? Single CA Intermediate CA Self-signed CA Offline CA
Offline CA
A network administrator regularly reviews group membership and access control lists for each resource. They also look for unnecessary accounts to disable. What is the administrator executing in this situation? Recertification Logging Permission auditing Usage auditing
Permission auditing
A company tells the IT department user access needs to be changed so privileges are only granted when needed, then revoked as soon as the task is finished, or the need has passed. Based on Account Management practices, what is the company asking the IT department to implement? Onboarding Identity and Access Managment (IAM) Offboarding Privilege bracketing
Privilege bracketing
Both RADIUS (Remote Access Dial-In User Service) and TACACS+ (Terminal Access Controller Access-Control System) provide authentication, authorization, and accounting using a separate server (the AAA server). Apply an understanding of the protocols' authentication processes and select the true statements. (Choose three) TACACS+ is open source and RADIUS is a proprietary protocol from Cisco. RADIUS uses UDP and TACACS+ uses TCP. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
RADIUS uses UDP and TACACS+ uses TCP. TACACS+ encrypts the whole packet (except the header) and RADIUS only encrypts the password. RADIUS is primarily used for network access and TACACS+ is primarily used for device administration.
Consider the process of obtaining a digital certificate and determine which of the following statements is incorrect. CAs ensure the validity of certificates and the identity of those applying for them. Registration is the process where end users create an account with the RA and become authorized to request certificates. The registration function may be delegated by the CA to one or more RAs. When a subject wants to obtain a certificate, it completes a CSR.
Registration is the process where end users create an account with the RA and become authorized to request certificates
Consider the role trust plays in federated identity management and determine which models rely on networks to establish trust relationships. (Choose three) SAML Shibboleth OpenID LDAP
SAML Shibboleth OpenID
Given layer 2 does not recognize Time to Live, evaluate the potential possible problems to determine which of the following options prevents this issue. ICMP L2TP NTP STP
STP
There are several types of security zones on a network. Analyze network activities to determine which of the following does NOT represent a security zone. Honeypot Screened host Wireless Guest
Screened host
Windows has several service account types, typically used to run processes and background services. Which of the following statements about service accounts is FALSE? The Network service account and the Local service account have the same privileges as the standard user account. Any process created using the system account will have full privileges over the local computer. The local service account creates the host processes and starts Windows before the user logs on. The Local Service account can only access network resources as an anonymous user.
The local service account creates the host processes and starts Windows before the user logs on.
Which of the following defines key usage with regard to standard extensions? The purpose for which a certificate was issued. The ability to create a secure key pair. Configuring the security log to record key indicators. To archive a key with a third party.
The purpose for which a certificate was issued.
A user enters the web address of a favorite site and the browser returns: "There is a problem with this website's security certificate." The user visits this website frequently and has never had a problem before. Applying knowledge of server certificates, select the circumstances that could cause this error message. (Choose two) The system's time setting is incorrect. The certificate is pinned. The web address was mistyped. The certificate expired.
The system's time setting is incorrect. The certificate expired.
Applying an understanding of how to mitigate password cracking attacks, how would restricting the number of failed logon attempts be categorized as a vulnerability? The user is exposed to a replay attack. The user is exposed to a brute force attack. The user is exposed to a DoS attack. The user is exposed to an offline attack.
The user is exposed to a DoS attack.
Based on knowledge of the fundamentals of One-time Passwords (OTP), which of the following choices represents the problem that exists with HMAC-based One-time Password Algorithm (HOTP) and is addressed by Time-based One-time Password Algorithm (TOTP)? HOTP isn't configured with a shared secret. The server isn't configured with a counter in HOTP. Only the HOTP server computes the hash. Tokens can be allowed to continue without expiring in HTOP.
Tokens can be allowed to continue without expiring in HTOP.
Consider the lifecycle of an encryption key. Which of the following is NOT a stage in a key's lifecycle? Storage Verification Expiration and renewal Revocation
Verification
Compare X.509 certificates with Pretty Good Privacy (PGP) certificates and identify which of the following is NOT true. X.509 certificates are signed by a single Certificate Authority, where PGPs are signed by multiple users. X.509 links the identiy of a user to a public key, while PGP links that identity to a private key. X.509 operates under a hierarchical trust model, where PGP uses a web of trust. X.509 and PGP are both implementations of the PKI Trust Model.
X.509 links the identiy of a user to a public key, while PGP links that identity to a private key.