Test Out Chapter 4

You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? Discretionary access control (DAC) Mandatory access control (MAC) Rule-based access control Role-based access control (RBAC)

Discretionary access control (DAC)

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use? Explicit allow, implicit deny Implicit allow, explicit deny Explicit allow, explicit deny Implicit allow, implicit deny

Explicit allow, implicit deny

Which of the following objects identifies a set of users with similar access needs? DACL SACL Group Permissions

Group

Which of the following is the MOST common form of authentication? Photo ID Password Digital certificate on a smart card Fingerprint

Password

Which account type in Linux can modify hard limits using the ulimit command? Root Administrator Standard User

Root

Which of the following is used by Microsoft for auditing in order to identify past actions performed by users on an object? SACL Permissions User rights DACL

SACL

Which of the following commands is used to change the current group ID during a login session? usermod groups newgrp groupmod

newgrp

Which of the following utilities could you use to lock a user account? (Select two.) userdel usermod passwd useradd ulimit

passwd & usermod

Which of the following commands would you use to view the current soft limits on a Linux machine? ulimit -u ulimit -n ulimit -a ulimit -c

ulimit -a

An employee named Bob Smith, whose username is bsmith, has left the company. You have been instructed to delete his user account and home directory. Which of the following commands would produce the required outcome? (Select two.) userdel -r bsmith userdel bsmith userdel bsmith;rm -rf /home/bsmith userdel -Z bsmith userdel -h bsmith

userdel bsmith;rm -rf /home/bsmith userdel -r bsmith

Which of the following commands removes a user from all secondary group memberships? usermod -G "" usermod -aG usermod -g usermod -G

usermod -G ""

You have performed an audit and found an active account for an employee with the username joer. This user no longer works for the company. Which command can you use to disable this account? usermod -L joer usermod -u joer usermod -d joer usermod -l joer

usermod -L joer

Which of the following commands assigns a user to a primary group? groupadd - r usermod -G usermod -g groupadd -g

usermod -g

In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?

!

John, a security analyst, is using a smart card to gain access to a secure server room. He simply waves his card near the card reader and the door unlocks. Later, he uses the same card to log into his computer by inserting it into a card reader. Based on this information, is John using a contact or contactless smart card? Contactless smart card, because he waved the card near the door's card reader. Neither a contact nor contactless smart card, because smart cards cannot be used both ways. Contact smart card, because he inserted the card into his computer's card reader. Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader.

Both a contact and contactless smart card, because he used the card both by inserting it into a reader and by waving it near a reader.

Which of the following is a characteristic of TACACS+? Encrypts the entire packet, not just authentication packets Uses UDP ports 1812 and 1813 Requires that authentication and authorization are combined in a single server Supports only TCP/IP

Encrypts the entire packet, not just authentication packets

The IT department at a small company is revamping its password policies to bolster security. The company wants to ensure employees follow best practices for creating and managing passwords. The department aims to promote a secure environment by implementing password expiration policies. Which method for password management is BEST to promote a secure environment by requiring users to change their passwords after a certain period? Password recovery via email Password expiration Password complexity Password reuse prevention

Password expiration

A leading online retail company wants to improve user experience and security for its customers. The security team aims to eliminate the need for users to remember or input complex passwords, reducing the risk of password breaches. Instead, they propose a solution where users can access their accounts seamlessly through a secure link sent to their verified email or via a push notification on a trusted device. This approach should not involve traditional passwords, fingerprint scans, or multiple validation steps. Which authentication method is the security team planning to implement for users? Attestation Passwordless authentication Biometric authentication Multi-factor authentication

Passwordless authentication

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system? PGP secret key Username Password Biometric reference profile

Username

You have a group named Research on your system that needs a new password because a member of the group has left the company. Which of the following commands should you use? groupmod -p Research gpasswd Research gpasswd research newpasswd Research

gpasswd Research

Listen to exam instructions Which of the following chage option keeps a user from changing their password every two weeks? -M 33 -a 33 -W 33 -m 33

-m 33

Using the groupadd -p command overrides the settings found in which file? /etc/login.defs /usr/logins.txt /etc/logins.txt /root/logins.defs

/etc/login.defs

Which of the following ports are used with TACACS? 22 49 50 and 51 1812 and 1813 3389

49

Which of the following BEST describes the domain controller component of Active Directory? A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers. A domain controller is a user account that has administrative privileges to manage the Active Directory database. A domain controller is a physical device that connects the network to the Active Directory database. A domain controller is a software application that manages the replication of the Active Directory database. A domain controller is a specific type of network resource within a domain.

A domain controller is a server that holds a copy of the Active Directory database that can be written to and is responsible for copying changes to Active Directory between the domain controllers.

What is mutual authentication? Using a certificate authority (CA) to issue certificates. The use of two or more authentication factors. Deploying CHAP and EAP on remote access connections. A process by which each party in an online communication verifies the identity of the other party.

A process by which each party in an online communication verifies the identity of the other party.

Which of the following terms describes the component that is generated following authentication and is used to gain access to resources following login? Cookie Access token Account policy Proxy

Access token

What is the name of the service included with the Windows Server operating system that manages a centralized database containing user account and security information?

Active Directory

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject? Attribute-based access control (ABAC) Role-based access control (RBAC) Mandatory access control (MAC) Rule-based access control

Attribute-based access control (ABAC)

RADIUS is primarily used for what purpose? Managing access to a network over a VPN Authenticating remote clients before access to the network is granted Controlling entry-gate access using proximity sensors Managing RAID fault-tolerant drive configurations

Authenticating remote clients before access to the network is granted

What is the process of controlling access to resources such as computers, files, or printers called? Authentication Conditional access Authorization Mandatory access control

Authorization

You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why? Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency. Neither, focus on the application plane to ensure that applications are secure and function properly. Prioritize the data plane to ensure that data traffic flows securely and efficiently across the network. Focus on the control plane to ensure that all network devices are properly configured and managed.

Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.

A company is planning to implement a remote access architecture to allow its employees to work from home. The company has a central office where all its servers and applications are located. The employees need to access these resources securely from their home computers. Which remote access architecture would be the most suitable for this scenario? Transport Layer Security (TLS) Site-to-site VPN topology Host-to-host tunnel topology Client-to-site VPN technology

Client-to-site VPN technology

You have hired ten new temporary employees to be with the company for three months. How can you make sure that these users can only log on during regular business hours? Configure account lockout in Group Policy. Configure account policies in Group Policy. Configure day/time restrictions in user accounts. Configure account expiration in user accounts.

Configure day/time restrictions in user accounts.

You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which action should you take? Create a GPO folder policy for the folders containing the files. Create a GPO computer policy for the computers in the Development OU. Create a GPO user policy for the Development OU. Create a GPO computer policy for the Computers container.

Create a GPO computer policy for the computers in the Development OU.

Listen to exam instructions You manage an Active Directory domain. All users in the domain have a standard set of internet options configured by a GPO linked to the domain, but you want users in the Administrators OU to have a different set of internet options. What should you do? Create a GPO user policy for the domain. Create a Local Group Policy on the computers used by members of the Administrators OU. Create a GPO computer policy for the Administrators OU. Create a GPO user policy for the Administrators OU.

Create a GPO user policy for the Administrators OU.

A large multinational corporation has multiple domains that share the same contiguous DNS namespaces, as well as domains with different DNS namespaces. The IT department is tasked with organizing these domains. Which of the following options best describes how the domains should be grouped? Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. Domains with the same contiguous DNS namespaces should be grouped into a forest, and all forests should be grouped into a tree. Domains with different DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest. All domains should be grouped into a single tree, regardless of their DNS namespaces. All domains should be grouped into a single forest, regardless of their DNS namespaces.

Domains with the same contiguous DNS namespaces should be grouped into a tree, and all trees should be grouped into a forest.

A manufacturing company recently bought out another similar company. They need to link each company's directory systems together to access their resources without merging the two. How can they link the two directory systems together? Location-based restrictions Migration Federation Site-to-site VPN

Federation

Your financial planning company is forming a partnership with a real estate property management company. One of the requirements is that your company open up its directory services to the property management company to create and access user accounts. Which of the following authentication methods will you be implementing? Directory services Federation Attestation Single sign-on

Federation

You are a security consultant tasked with implementing a biometric authentication system for a small business. The business owner wants a system that is cost-effective, non-intrusive, and relatively simple for employees to use. Which biometric authentication method would you recommend? Retina scanning Iris recognition Vein recognition Facial recognition Fingerprint recognition

Fingerprint recognition

After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon? Penetration test Implement disaster recovery plan Implement business continuity plan Gap analysis

Gap analysis

Which of the following statements correctly describes the characteristics of generic containers in Active Directory? (Select two.) Generic containers have numerous properties you can edit. Generic containers are created by default. Generic containers can be moved, renamed, or deleted. Generic containers cannot hold other organizational units. Generic containers are used to organize Active Directory objects.

Generic containers are created by default. Generic containers are used to organize Active Directory objects.

Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group, which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? Manually refresh Group Policy settings on the file server. Add his user account to the ACL for the shared folder. Manually refresh Group Policy settings on his computer. Have Marcus log off and log back in.

Have Marcus log off and log back in.

A tech company is developing a new software product. The development team is distributed across different locations and needs to securely access and work on specific systems located in the company's main office. The team members need to establish secure communication channels between their individual devices and the specific systems in the office. Which remote access architecture would be the most suitable for this scenario? Client-to-site VPN technology Site-to-site VPN topology Virtual network computing (VNC) Host-to-host tunnel topology

Host-to-host tunnel topology

You are the IT security manager for a rapidly growing tech company. The company has been using simple password authentication for all systems. However, with the increasing number of employees and the sensitivity of the data being handled, you decide it's time to harden the authentication methods. Which of the following steps would be the MOST effective in achieving this goal? Requiring all employees to change their passwords every 30 days. Implementing a policy that allows employees to use their personal email addresses for system logins. Implementing a policy that requires all passwords to be at least 8 characters long. Implementing multifactor authentication (MFA) for all systems.

Implementing multifactor authentication (MFA) for all systems.

Which of the following is the correct acronym to remember the order in which Group Policy Objects (GPOs) are applied? DOLS LSDOU SLOD OSDL

LSDOU

You are a network administrator for a large multinational corporation. The corporation has offices in multiple countries and uses various software products from different vendors. The CEO wants to implement a system that stores information about users, computers, security groups/roles, and services, and allows for interoperability between different vendors' products. Which directory service would you recommend? Novell Directory Services (NDS) Active Directory X.500 Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP)

Group Policy Objects (GPOs) are applied in which of the following orders? Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (lowest to highest). GPO linked to site, GPO linked to domain, GPO linked to organizational unit (lowest to highest), Local Group Policy. Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest). GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest), Local Group Policy.

Local Group Policy, GPO linked to site, GPO linked to domain, GPO linked to organizational unit (highest to lowest).

You are configuring the Local Security Policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least five days before changing it again. Which policies should you configure? (Select two.) Minimum password age Password must meet complexity requirements Enforce password history Maximum password age

Minimum password age Enforce password history

You are configuring the Local Security Policy of a Windows system. You want to require users to create passwords that are at least ten characters in length. You also want to prevent login after three unsuccessful login attempts. Which policies should you configure? (Select two.) Account lockout threshold Account lockout duration Enforce password history Minimum password length Password must meet complexity requirements Maximum password age

Minimum password length Account lockout threshold

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? Need to know Separation of duties Principle of least privilege Clearance Ownership

Need to know

A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement? FIDO Kerberos VPN OAuth

OAuth

In a company, different departments actively access various cloud-based applications and services to perform their tasks efficiently. The company's security team has concerns about the growing complexity and risks of managing user credentials across multiple platforms. To address this concern proactively, the team implements a modern authentication solution that actively provides single sign-on (SSO) capabilities, ensuring enhanced user convenience and security. In this scenario, which technology should the organization proactively employ for federation and enabling SSO capabilities effectively across the diverse range of cloud-based applications? Role-based access control (RBAC) Open Authorization (OAuth) Lightweight Directory Access Protocol (LDAP) Public key infrastructure (PKI)

Open Authorization (OAuth)

Which of the following identifies the type of access that is allowed or denied for an object? User rights Permissions DACL SACL

Permissions

A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate? Authorization models AAA Policy-driven access control Zero trust

Policy-driven access control

What is the primary purpose of separation of duties? Grant a greater range of control to senior management. Inform managers that they are not trusted. Prevent conflicts of interest. Increase the difficulty of performing administrative duties.

Prevent conflicts of interest.

Which technology is primarily used by smart cards to store digital signatures, cryptography keys, and identification codes? Public Key Infrastructure (PKI) Hashing algorithms Advanced Encryption Standard (AES) Secure Sockets Layer (SSL) Blockchain technology

Public Key Infrastructure (PKI)

Which of the following are differences between RADIUS and TACACS+? RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password. RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. RADIUS supports more protocols than TACACS+. RADIUS uses TCP; TACACS+ uses UDP.

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.

Which of the following are the access levels that are generally granted on the directory in LDAP? (Select two.) Execute access Read/write access Delete access Read-only access Full control access

Read-only access Read/write access

A multinational corporation wants to enable its IT support team to provide remote assistance to employees across various locations. The support team needs to be able to take control of the employees' computers to troubleshoot and resolve issues. The corporation primarily uses Windows-based systems. Which technology would be the MOST suitable for this purpose? Transport Layer Security (TLS) Remote Authentication Dial-in User Service (RADIUS) Remote Desktop Protocol (RDP) Simple Network Management Protocol (SNMP)

Remote Desktop Protocol (RDP)

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used? Discretionary access control list (DACL) Role-based access control (RBAC) Mandatory access control (MAC) Discretionary access control (DAC)

Role-based access control (RBAC)

Which of the following is an example of rule-based access control? A subject with a government clearance that allows access to government classification labels of Confidential, Secret, and Top Secret. A member of the accounting team that is given access to the accounting department documents. A computer file owner who grants access to the file by adding other users to an access control list. Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

A real estate investment firm wants to implement single sign-on (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the eXtensible Markup Language (XML) standard. What solution does this vendor use for SSO? LSASS VPN LDAP SAML

SAML

Which type of group can be used for controlling access to objects? Security DACL Authorization Distribution

Security

The IT security team at a large tech company is strengthening its authentication methods to protect sensitive company data and systems. The team considered implementing various security measures and understood that each authentication method has distinct features and benefits. However, they must choose the MOST suitable option that aligns with the organization's security requirements and user convenience. Which authentication method utilizes a physical device or software to generate secure, unique codes and offers convenience and strong security? Hard authentication tokens Soft authentication tokens Biometric authentication Security keys

Security keys

The IT administrator for a large university uses an LDAP directory service to manage user access to various computing resources. To ensure the directory's security, which of the following measures should the administrator implement? Implement Simple Bind with plaintext transmission of distinguished name and password. Use the basic LDAP protocol without any additional security mechanisms. Allow anonymous access to the directory for easy user onboarding. Set up LDAP Secure (LDAPS) with a digital certificate on port 636 for secure user credential exchange.

Set up LDAP Secure (LDAPS) with a digital certificate on port 636 for secure user credential exchange.

What is the effect of the following command? chage -M 60 -W 10 jsmith Deletes the jsmith user account after 60 days and gives a warning 10 days before expiration. Sets the password for jsmith to expire after 10 days and gives a warning 60 days before expiration. Sets the password for jsmith to expire after 60 days and sets a minimum of 10 days before a user can change the password again. Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration. Forces jsmith to keep the password for 60 days before changing it while also giving a warning 10 days before expiration.

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before expiration.

You are the IT security manager for a large corporation. The company has been using shared accounts for certain systems due to ease of access and convenience. However, you are considering implementing a policy to prohibit the use of shared accounts. Which of the following are valid reasons for this decision? (Select two.) Shared accounts reduce the need for individual user training. Shared accounts can lead to accountability issues. Shared accounts allow for easier password management. Shared accounts increase the speed of system access. Shared accounts can compromise the principle of least privilege.

Shared accounts can lead to accountability issues. Shared accounts can compromise the principle of least privilege.

An educational institution's systems administrator is responsible for securing the LDAP directory service for the organization's computing resources. Which authentication method should the systems administrator implement to ensure secure access? Simple Authentication and Security Layer (SASL) No authentication LDAP Secure (LDAPS) Simple Bind

Simple Authentication and Security Layer (SASL)

Listen to exam instructions Which of the following are examples of something you have authentication controls? (Select two.) Smart card PIN Handwriting analysis Photo ID Cognitive question Voice recognition

Smart card and Photo ID

After finding a corporate phone unattended in a local mall, an organization decides to enhance its multi-factor authentication (MFA) procedures. What MFA philosophy applies a location-based factor for authentication? Something you are Something you have Something you know Somewhere you are

Somewhere you are

In a Kerberos authentication system, how does the Ticket Granting Service (TGS) contribute to the single sign-on (SSO) process? The TGS issues service tickets to clients for accessing specific services. The TGS validates the client's password and username. The TGS encrypts all data transferred between the client and the application server. The TGS generates the initial Ticket Granting Ticket (TGT) for the client.

The TGS issues service tickets to clients for accessing specific services.

Which of the following defines the crossover error rate for evaluating biometric systems? The rate of people who are given access when they should be denied access. The number of subjects or authentication attempts that can be validated. The point where the number of false positives matches the number of false negatives in a biometric system. The rate of people who are denied access when they should be allowed access.

The point where the number of false positives matches the number of false negatives in a biometric system.

You are attempting to delete the temp group but are unable to. Which of the following is the MOST likely cause? The primary group of an existing user cannot be deleted. Groups cannot be deleted. All users have already been deleted. The secondary group of an existing user cannot be deleted.

The primary group of an existing user cannot be deleted.

When using Kerberos authentication, which of the following terms is used to describe the token that verifies the user's identity to the target system? Voucher Hashkey Ticket Coupon

Ticket

What is the primary function of an AAA server in a network? To provide email services to all users To store all data and files in the network To handle user requests for access to computer resources To provide internet connectivity to all devices in the network

To handle user requests for access to computer resources

Which of the following protocols is primarily used for secure remote access to a network by creating an encrypted tunnel over the internet? Hypertext Transfer Protocol (HTTP) Transport Layer Security (TLS) Simple Network Management Protocol (SNMP) Remote Desktop Protocol (RDP)

Transport Layer Security (TLS)

You are a system administrator and you notice that a particular user's processes are consuming an unusually high amount of system resources, causing performance issues for other users. You decide to use the ulimit command to limit the resources available to this user's processes. Which of the following options would be the MOST effective solution and why? Use the -t option to limit the amount of CPU time a process can use. Use the -u option to limit the number of concurrent processes the user can run. Use the -f option to limit the file size of files created using the shell session. Use the -n option to limit the maximum number of files that the user can open.

Use the -t option to limit the amount of CPU time a process can use.

Which security mechanism uses a unique list that meets the following specifications: The list is embedded directly in the object itself. The list defines which subjects have access to certain objects. The list specifies the level or type of access allowed to certain objects. Mandatory access control User ACL Hashing Conditional access

User ACL

Which of the following is a privilege or action that can be taken on a system? DACL Permissions SACL User rights

User rights

You have just configured the password policy and set the minimum password age to 10. What is the effect of this configuration? Users must change the password at least every 10 days. Users cannot change the password for 10 days. The password must be entered within 10 minutes of the login prompt being displayed. The password must contain 10 or more characters. The previous 10 passwords cannot be reused.

Users cannot change the password for 10 days.

A global pharmaceutical company's IT team needs a secure solution for remote employees to access internal company resources from home. The solution must require user authentication, encapsulate and encrypt all traffic between the user and the internal network, and establish a secure tunnel. Which solution should the team choose? Secure Shell (SSH) Virtual Private Network (VPN) Remote Desktop Protocol (RDP) Simple Network Management Protocol (SNMP)

Virtual Private Network (VPN)

Which of the following commands creates a new group and defines the group password? groupadd -c groupadd -r groupadd -p groupadd -g

groupadd -p

You are the administrator for a small company, and you need to add a standard new group of users to the system. The group's name is sales. Which command accomplishes this task? addgroup --system sales addgroup sales groupadd -r sales groupadd sales

groupadd sales

You have a group named temp_sales on your system. The group is no longer needed, so you should remove it. Which of the following commands should you use? groupmod -R temp_sales newgroup -R temp_sales groupmod -n temp_sales groupdel temp_sales

groupdel temp_sales

You want to see which primary and secondary groups the dredford user belongs to. Enter the command you would use to display group memberships for dredford.

groups dredford

One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones with no other values changed. Which of the following commands would accomplish this? usermod -u kjones kscott usermod -l kjones kscott usermod -u kscott kjones usermod -l kscott kjones

usermod -l kjones kscott