Network Security 4.1 , 4.2, and 4.3 Quiz
Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login?
Access token
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?
Attribute-based access control (ABAC)
What is the process of controlling access to resources such as computers, files, or printers called?
Authorization
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why?
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
Discretionary access control (DAC)
You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?
Explicit allow, implicit deny
Your financial planning company is forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing?
Federation
You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend?
Fingerprint recognition
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
Gap analysis
Which of the following objects identifies a set of users with similar access needs?
Group
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?
Have Marcus log off and log back in.
You are a network administrator for a large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants to implement a system that stores information about users, computers, security groups/roles, and services, and allows for interoperability between different vendors' products. Which directory service would you recommend?
Lightweight Directory Access Protocol (LDAP)
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
Need to know
Which of the following is an example of rule-based access control?
Router access control lists that allow or deny traffic based on the characteristics of an IP packet.
Which of the following is the MOST common form of authentication?
Password
A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts seamlessly through a secure link sent to their verified email or via a push notification on a trusted device. This approach should not involve traditional passwords, fingerprint scans, or multiple validation steps. Which authentication method is the security team planning to implement for users?
Passwordless authentication
Which of the following identifies the type of access that is allowed or denied for an object?
Permissions
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate?
Policy-driven access control
What is the primary purpose of separation of duties?
Prevent conflicts of interest.
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?
Role-based access control (RBAC)
Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object?
SACL
Which type of group can be used for controlling access to objects?
Security
The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implementing various security measures and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security?
Security keys
Lori, who has been a member of the Project Management group, was recently promoted to manager of the team. She has been added as a member of the Managers group. Several days after being promoted, Lori needs to have performance reviews with the team she manages. However, she cannot access the performance management system. As a member of the Managers group, she should have the Allow permission to access this system. What is MOST likely preventing her from accessing this system?
She is still a member of the Project Management group, which has been denied permission to this system. Deny permissions always override Allow permissions.
Which of the following are examples of something you have authentication controls? (Select two.)
Smart card and photo ID
After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication (MFA) procedures. What MFA philosophy applies a location-based factor for authentication?
Somewhere you are
Which of the following defines the crossover error rate for evaluating biometric systems?
The point where the number of false positives matches the number of false negatives in a biometric system.
Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself. The list defines which subjects have access to certain objects. The list specifies the level or type of access allowed to certain objects.
User ACL
Which of the following is a privilege or action that can be taken on a system?
User rights
Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system?
Username