Intro to Network Security sixth ed chapter 12
B. TACACS+
1. What is the current version of TACACS? A. XTACACS B. TACACS+ C. TACACS v9 D. TRACACS
A. ABAC
10. Which type of access control model uses predefined rules that makes it flexible? A. ABAC B. DAC C. MAC D. Rule-Based Access Control
A. Location-based policies
11. Which can be used to establish geographical boundaries where a mobile device can and cannot be used? A. Location-based policies B. Restricted access control policies C. Geolocation policies D. Mobile device policies
C. It dynamically assigns roles to subjects based on rules.
12. Which statement about Rule-Based Access Control is true? A. It requires that a custodian set all rules. B. It is considered obsolete today. C. It dynamically assigns roles to subjects based on rules. D. It is considered a real-world approach by linking a user's job function with security.
A. Do not share passwords with other employees.
13. Which of the following would NOT be considered as part of a clean desk policy? A. Do not share passwords with other employees. B. Lock computer workstations when leaving the office. C. Place laptops in a locked filing cabinet. D. Keep mass storage devices locked in a drawer when not in use.
A. Access control list (ACL)
14. Which of these is a set of permissions that is attached to an object? A. Access control list (ACL) B. Subject Access Entity (SAE) C. Object modifier D. Security entry designator
C. Group Policy
15. Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory? A. Windows Registry Settings B. AD Management Services (ADMS) C. Group Policy D. Resource Allocation Entities
D. ACLs
16. What can be used to provide both file system security and database security? A. RBASEs B. LDAPs C. CHAPs D. ACLs
A. DAC
17. What is the least restrictive access control model? A. DAC B. ABAC C. MAC D. Rule-Based Access Control
A. LDAPS
18. What is the secure version of LDAP? A. LDAPS B. Secure DAP C. X.500 D. 802.1x
B. MS-CHAP
19. Which of the following is the Microsoft version of EAP? A. EAP-MS B. MS-CHAP C. PAP-MICROSOFT D. AD-EAP
A. It allows secure web domains to exchange user authentication and authorization data.
2. How is the Security Assertion Markup Language (SAML) used? A. It allows secure web domains to exchange user authentication and authorization data. B. It is a backup to a RADIUS server. C. It is an authenticator in IEEE 802.1x. D. It is no longer used because it has been replaced by LDAP.
B. Access
20. Which of the following involves rights given to access specific resources? A. Identification B. Access C. Authorization D. Accounting
D. supplicant
3. A RADIUS authentication server requires the ________ to be authenticated first. A. authenticator B. user C. authentication server D. supplicant
D. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
4. Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account? A. A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization. B. Access should be ended as soon as the employee is no longer part of the organization. C. Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account. D. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.
A. RADIUS
5. With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage? A. RADIUS B. Lite RDAP C. DAP D. RDAP
B. Access
6. Which of the following is NOT part of the AAA framework? A. Authentication B. Access C. Authorization D. Accounting
C. LDAP
7. What is the version of the X.500 standard that runs on a personal computer over TCP/IP? A. Lite RDAP B. DAP C. LDAP D. IEEE X.501
C. Custodian
8. Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking? A. Privacy officer B. End-user C. Custodian D. Operator
B. MAC
9. Which access control model is the most restrictive? A. DAC B. MAC C. Role-Based Access Control D. Rule-Based Access Control
Role-Based Access Control (RBAC)
A "real-world" access control model in which access is based on a user's job function within the organization.
directory service
A database stored on the network itself that contains information about users and network devices.
privacy officer
A manager who oversees data privacy compliance and manages data risk.
owner
A person responsible for the information.
clean desk
A policy designed to ensure that all confidential or sensitive materials are removed from a user's workspace and secured when the items are not in use or an employee leaves her workspace.
access control model
A predefined framework found in hardware and software that a custodian can use for controlling access.
Lightweight Directory Access Protocol (LDAP)
A protocol for a client application to access an X.500 directory.
accounting
A record that is preserved of who accessed the network, what resources they accessed, and when they disconnected from the network.
permission auditing and review
A review that is intended to examine the permissions that a user has been given to determine if each is still necessary.
Challenge-Handshake Authentication Protocol (CHAP)
A weak version of Extensible Authentication Protocol (EAP).
Password Authentication Protocol (PAP)
A weak version of Extensible Authentication Protocol (EAP).
Security Assertion Markup Language (SAML)
An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data.
Rule-Based Access Control
An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.
Attribute-Based Access Control (ABAC)
An access control model that uses more flexible policies that can combine attributes.
usage auditing and review
An audit process that looks at the applications that the user is provided, how frequently they are used, and how they are being used.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
RADIUS (Remote Authentication Dial In User Service)
An industry standard authentication service with widespread support across nearly all vendors of networking equipment.
group-based access control
Configuring multiple computers by setting a single policy for enforcement.
identification
Credentials presented by a user accessing a computer system. Also used in forensics as an action step in the incident response process that involves determining whether an event is actually a security incident.
authorization
Granting permission to take an action.
custodian (steward)
Individual to whom day-to-day actions have been assigned by the owner.
time-of-day restriction
Limitation imposed as to when a user can log in to a system or access resources.
location-based policies
Policies that establish geographical boundaries where a mobile device can and cannot be used.
least privilege
Providing only the minimum amount of privileges necessary to perform a job or function.
mandatory vacations
Requiring that all employees take vacations.
standard naming conventions
Rules for creating account names.
LDAP over SSL (LDAPS)
Securing LDAP traffic by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
database security
Security functions provided by access control lists (ACLs) for protecting SQL and relational database systems.
file system security
Security functions provided by access control lists (ACLs) for protecting files managed by the operating system.
MS-CHAP
The Microsoft version of Challenge-Handshake Authentication Protocol (CHAP).
job rotation
The act of moving individuals from one job responsibility to another.
TACACS+
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
Discretionary Access Control (DAC)
The least restrictive access control model in which the owner of the object has total control over it.
access control
The mechanism used in an information system for granting or denying approval to use specific resources.
Mandatory Access Control (MAC)
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
separation of duties
The practice of requiring that processes should be divided between two or more individuals.
recertification
The process of periodically revalidating a user's account, access control, and membership role or inclusion in a specific group.
employee offboarding
The tasks associated when an employee is released from the enterprise.
employee onboarding
The tasks associated when hiring a new employee.
