CompTIA Security+ Module 4 Q & A

Ace your homework & exams now with Quizwiz!

When implementing both identity federation and SSO capabilities, which of the following advantages are granted to the user? [choose two] -Easier password management -More secure access to multiple systems -A more complicated log in which is harder to breach -Allowing multiple services to be accessed with one logon

-Allowing multiple services to be accessed with one logon -Easier password management

Which of the following forms of NAC allows for a user's device to be authorized on the network as well as the user's credentials? 802.1x CAC FSS PIV

802.1x

When implementing a hardware token, which of the following types of passwords would be the most secure? A set password A HOTP An encrypted password A TOTP

A TOTP (Time-based One Time Password)

Which of the following packages contains a user's credentials that are presented to the end system in order to gain access while using Kerberos? A Certificate A Ticket Granting Ticket A Ticket A Key

A Ticket

Which two factors, when combined would NOT produce two factor authentication? [Choose two] A birthday A retina scan A username/password combo A smart card

A birthday & A username/password Combo

To prevent users from reusing old passwords, which of the following are the most important to implement in your security policy? [Choose two] Password age Minimum password age Password history Account lockout

Minimum password age & Password history

Your boss wants to fire a certain employee. Which of the following processes is important to remove assets from a network, so they cannot be exploited later? Onboarding Offboarding Sideboarding Outboarding

Offboarding

Which of the following authentication protocols just provides a basic form of authentication, where passwords are transmitted in clear-text? CHAP EAP NTLMv2 PAP

PAP (Password Authentication Protocol)

What type of account has complete control of the system, and is considered the most powerful user on a system or network? Privileged accounts User accounts Credentialed accounts Power-user accounts

Privileged accounts

Which of the following describes a device that will open a door using a card with a built in contactless circuit? Smart Card Reader Proximity Reader Fingerprint reader Token reader

Proximity Reader

Which of the following AAA servers would work best in a mixed vendor environment? TACACS RADIUS TACACS+ Kerberos

RADIUS (Remote Authentication Dial-In User Service)

In which of the following access control models, does the user's job primarily determine what access they have to various resources? MAC RBAC (Rules-based Access Control DAC RBAC (Role-based Access Control

RBAC (Role-based Access Control

Which of the following access control models is most likely utilized by ACLs in firewalls and routers? MAC RBAC (Rules-based Access Control) DAC RBAC (Role-based Access Control

RBAC (Rules-based Access Control)

Which of the following biometrics access systems has the lowest crossover error rate? Fingerprint scanner Facial recognition Retina scan Voice scan

Retina Scan

Which of the following SSO solutions can be used to exchange authentication information across numerous web based applications? Kerberos Facebook logins SAML RADIUS

SAML (Security Assertion Markup Language)

How can you set a password lockout policy to require a user to go to the administrator in order to unlock their account? Set lockout duration to zero Disable lockout duration Set lockout duration to eight years Set lockout duration to admin

Set lockout duration to zero

Which of the following types of card stores a user's credentialing a certificate that is stored on the card's chip? Smart Card Biometric Card Proximity Card Card Certificate card

Smart Card

Which of the following describes an authentication device that utilizes a temporary password that is installed on a smartphone, providing "something you have" authentication? Hardware Token HOTP Smart card Software Token

Software Token

Which of the following AAA system is Cisco proprietary and works best in a Cisco network? TACACS+ Kerberos RADIUS TACACS

TACACS+ (Terminal Access Controller Access-Control System Plus)

What type of control is least privilege? Administrative Control Technical Control Management Control Operational Control

Technical Control

Which of the following describes the concept that if company A trusts company B, and company B trust C, then company A much trust company C? Choose the best answer. Web of trust Hierarchical trust Transitive trust Sigle sign on

Transitive trust

Defense in depth is important so that if one security feature fails, like a password being stolen, there are other layers to prevent compromise, like also utilizing a hardware token. True or false?

True

OAuth is an open standard used to authenticate a user between two different services, utilizing a token in order to protect a user's password from the 3rd party service. True or False?

True

Time of day restrictions can not only prevent access from certain times of day, but also prevent access on certain days. For example, it can be used to prevent somebody from logging in at all on a Sunday. True or false?

True

When securing a files system, it is important to implement least privilege in order to only allow the necessary privileges to be given to a user. True of False?

True

Which of the following types of auditing will check where resources are being allotted and making sure they are being only accessed for their intended purpose? Choose the best answer. Permission auditing Security auditing Usage auditing Asset auditing

Usage auditing

Which of the following is not an example of, "Something you are"? -Fingerprint -Eye color -Facial recognition -Voice recognition

Eye color

Password complexity is more important than length when determining how hard a password is to crack. True or false?

False

Retina scans provide multi-factor authentications that has certain privacy concerns associated with it. This is because certain medical data can be gleamed from examining a person's retina. T/F

False

When implementing a hardware or software token, a more secure alternative to TOTP is HOTP. True or False?

False

LDAP (Lightweight Directory Access Protocol) is the only option when it comes to accessing an active or open directory. True or false?

False although LDAP is a set of protocols for accessing information directories such as Windows Active Directory or Open Directory

Multi-factor authentication's main benefit is that if one factor of authentication is lost or stolen, another form of authentication can be used to authenticate the user, instead of the stolen factor. T/F

Fasle

What is the name of the technology that allows a security policy to be applied to the network as a whole, and centralizes control of the network? Networked Password Policy Local Group Policy Global Policy Objects Group Policy Objects

Group Policy Objects

What type of account needs to be disabled in order to prevent it from being exploited by an attacker because of the easy to access nature of the account? System accounts Standard User accounts Privileged accounts Guest accounts

Guest accounts

Which of the following is most important when deciding what information is included in security logs? Choose the best answer. The types of logs Having enough relevant information Log retention Where logs will be stored

Having enough relative information

Which of the following sets is an example of three-factor authentication? -Retina scan, password, and username -Voice recognition, pin, and birthday -Birthday, password, and smart card -ID badge, password, and fingerprint reader

ID badge, passcode, and fingerprint reader

Which of the following access systems utilizes timestamped tickets in order to allow access to multiple systems on a network? RADIUS Kerberos TACACS OAuth

Kerberos

Which of the following types of access control models is concerned with sensitivity labels? MAC RBAC (Rules-based Access Control) DAC RBAC (Role-based Access Control

MAC (Mandatory Access Control)

Your boss wants to implement a type of operating system that is compatible with a certain type of access control model, allowing the operating system to logically separate data. Which of the following access control models can utilize this trusted operating system? MAC DAC Role-based access control Rule-based access control

MAC (Mandatory Access Control)

Which of the following access control models allows the owner of the data to decide who has control over that data? MAC RBAC (Rules-based Access Control DAC RBAC (Role-based Access Control

DAC (Discretionary Access Control)


Related study sets

PrepU Ch. 19 Documenting and Reporting

View Set

TestOut :B.3.4 CompTIA A+ 220-1101 (Core 1) Domain 4: Virtualization and Cloud Computing

View Set

fundamentals of corporate finance 13th edition - Chapter 1+2

View Set