Security+ Review Quiz 9
Which part of the AAA security architecture deals with the verification of the identity of a person or process? A. Authentication B. Authorization C. Accounting
A. Authentication
Which of the following are examples of hardware authentication tokens? (Select 3 answers) A. Key fob B. Cable lock C. Passphrase D. Biometric reader E. RFID badge F. Smart card
A. Key fob E. RFID badge F. Smart card
Which of the following examples meets the requirement of multifactor authentication? A. Password and biometric scan B. Username and PIN C. Smart card and ID badge D. Voice recognition and fingerprint scan
A. Password and biometric scan
Hardware RAID Level 0: (Select all that apply) A. Requires a minimum of 2 drives to implement B. Is also known as disk striping C. Decreases reliability (failure of any disk in the array destroys the entire array) D. Is also referred to as disk mirroring E. Offers less volume capacity in comparison to RAID 1 F. Requires at least 3 drives to implement G. Is suitable for systems where performance has higher priority than fault tolerance H. Offers improved reliability by creating identical data sets on each drive (failure of one drive does not destroy the array as each drive contains identical copy of the data)
A. Requires a minimum of 2 drives to implement B. Is also known as disk striping C. Decreases reliability (failure of any disk in the array destroys the entire array) G. Is suitable for systems where performance has higher priority than fault tolerance
Which of the following answers refers to an example implementation of certificate-based authentication? A. Smart card B. ID badge C. PIN code D. Biometric lock
A. Smart card
A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as: A. HomeGroup B. Active Directory (AD) C. Workgroup D. Windows domain
B. Active Directory (AD)
Which of the following is an example of a soft authentication token? A. USB token B. Authenticator app C. Smart card D. Key fob
B. Authenticator app
Which of the answers listed below refers to the process of granting or denying access to resources? A. Authentication B. Authorization C. Accounting
B. Authorization
A measure of the likelihood that a biometric security system will incorrectly accept an access attempt by an unauthorized user is known as: A. CRC (Cyclic Redundancy Check) B. FAR (False Acceptance Rate) C. CER (Crossover Error Rate) D. FRR (False Rejection Rate)
B. FAR (False Acceptance Rate)
Examples of static authentication methods include: (Select 2 answers) A. Token generator B. User-generated password C. Short Message Service (SMS) D. Personal Identification Number (PIN) E. Push notification
B. User-generated password D. Personal Identification Number (PIN)
In the AAA security architecture, the process of tracking accessed services as well as the amount of consumed resources is called: A. Authentication B. Authorization C. Accounting
C. Accounting
Which of the answers listed below refers to a type of metric used for evaluation of a biometric security system's accuracy? A. CRC (Cyclic Redundancy Check) B. FAR (False Acceptance Rate) C. CER (Crossover Error Rate) D. FRR (False Rejection Rate)
C. CER (Crossover Error Rate)
Examples of MFA attributes include: (Select all that apply) A. USB token B. Retina scan C. Handwritten signature D. Gait analysis E. GPS reading F. PIN G. Chain of trust
C. Handwritten signature D. Gait analysis E. GPS reading G. Chain of trust
Which of the following fall into the category of MFA factors? (Select 3 answers) A. GPS reading B. Handwritten signature C. PIN D. Chain of trust E. USB token F. Gait analysis G. Retina scan
C. PIN E. USB token G. Retina scan
A dedicated data storage solution that combines multiple disk drive components into a single logical unit to increase volume size, performance, or reliability is referred to as: A. Storage Area Network (SAN) B. Load balancer C. Redundant Array of Independent Disks (RAID) D. Network-Attached Storage (NAS)
C. Redundant Array of Independent Disks (RAID)
A measure of the likelihood that a biometric security system will incorrectly reject an access attempt by an authorized user is referred to as: A. CRC (Cyclic Redundancy Check) B. FAR (False Acceptance Rate) C. CER (Crossover Error Rate) D. FRR (False Rejection Rate)
D. FRR (False Rejection Rate)
An authentication subsystem in which a single set of authentication credentials provides access to multiple systems across different organizations is called: A. AAA framework B. Multi-factor authentication C. Group-based access control D. Federation
D. Federation
Which of the following RAID levels does not offer fault tolerance? A. RAID 6 B. RAID 10 C. RAID 5 D. RAID 0 E. RAID 1
D. RAID 0
Which of the following does not have an application in the authentication process? A. One-time passwords B. SMS messages C. Hardware / Software tokens D. Static codes E. Push notifications F. Phones G. All of the above can be used in the authentication process
G. All of the above can be used in the authentication process
Which of the following is not used in the process of biometric authentication? A. Fingerprint scan B. Voice recognition C. Vein analysis D. Retina / Iris scan E. Face recognition F. Gait analysis G. All of the above can be used in the biometric authentication process
G. All of the above can be used in the biometric authentication process
Which of the following answers refer to the characteristics of HOTP? (Select 3 answers) A. Valid for only one login session B. Based on a shared secret key and current time C. Vulnerable to replay attacks D. Based on a cryptographic hash function and a secret cryptographic key E. Valid for multiple login sessions F. Not vulnerable to replay attacks
HMAC - Hash-based Message Authentication Code HOTP - HMAC-based One-Time Password A. Valid for only one login session D. Based on a cryptographic hash function and a secret cryptographic key F. Not vulnerable to replay attacks
Which of the following answers describe the features of TOTP? (Select 3 answers) A. Vulnerable to replay attacks B. Based on a cryptographic hash function and a secret cryptographic key C. Valid for multiple login sessions D. Based on a shared secret key and current time E. Not vulnerable to replay attacks F. Valid for only one login session
TOTP - Time-Based One-Time Password D. Based on a shared secret key and current time E. Not vulnerable to replay attacks F. Valid for only one login session
An authenticator application is a software that generates additional authentication token (in the form of a random code) used in multi-step verification process.
True
Authentication process can be based on various categories of authentication factors and attributes. Authentication factors include unique physical traits of each individual such as fingerprints ("something you are"), physical tokens such as smart cards ("something you have"), or usernames and passwords ("something you know"). The categories of authentication attributes include geolocation ("somewhere you are"), user-specific activity patterns, such as keyboard typing style ("something you can do"), revealing something about an individual, e.g. wearing an ID badge ("something you exhibit"), or proving the relation with a trusted third party ("someone you know"). Multifactor authentication systems require implementation of authentication factors from two or more distinct categories.
True
In computer security, the term "Biometrics" refers to physical characteristics of the human body that can be used for identification and access control purposes.
True
