logo image

Chapter 2 Access control and Identity all questions

2.1.6 Practice questions
You have decided to implement a remote access solution that uses multiple remote access servers. You want to implement RADIUS to centralize remote access authentication and authorization. Which of the ff. would be a required part of your configuration?

Obtain certificates from a public or private PKI.
Configure the remote access servers as RADIUS clients.
Configure remote access clients as RADIUS clients.
Configure the remote access servers as RADIUS servers.

Configure the remote access servers as RADIUS clients.
Which form of access control enforces security based on user identities and allows individual users to define access controls over owned resources?
TBAC
MAC
RBAC
DAC
DAC (Discretionary Access Control) uses identities to control resource access
RBAC (Rolebased Access Control), MAC (Mandatory Access Control), and TBAC (Taskbased Access Control) enforce security based on rules. The rules of RBAC are job descriptions .The rules of MAC are classifications. The rules of TBAC are work tasks
Which type of access control focuses on assigning privileges based on security clearance and data sensitivity?

MAC
DAC
TBAC
RBAC

MAC
In which form of access control environment is access controlled by rules rather than by identity?

ACL
MAC
Most clientserver environments
DAC

MAC
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?

MAC
RBAC (based on roles)
RBAC (based on rules)
DAC

DAC
Which is the star property of Bell-LaPadula?

No write up
No write down
No read down
No read up

No write down
Which of the following defines an object as used in access control?

Users, applications, or processes that need to be given access.
Data, applications, systems, networks, and physical space.
Resources, policies, and systems.
Policies, procedures, and technologies that are implemented within a system.

Data, applications, systems, networks, and physical space.
Which of the following terms for the process of validating a subject’s identity?

Authentication
Authorization
Auditing
Identification

Authentication
Which of the following is used for identification?

Password
Cognitive question
PIN
Username

Username
A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources?

Authentication and accounting
Authentication and authorization
Identity proofing and authentication
Identity proofing and authorization

Authentication and authorization.
You have implemented an access control method that allows only users who are managers to
access specific data. Which type of access control model is used?
RBAC
MAC
DAC
DACL
RBAC
Which access control model manages rights and permissions based on job description and responsibilities?

Task Based Access Control (TBAC)
Role Based Access Control (RBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)

Role Based Access Control (RBAC)
You have implemented an access control method that allows only users who are managers to access specific data. Which type of access control model is used?

RBAC
MAC
DAC
DACL

RBAC
The Clark-Wilson model is primarily based on?
Dynamic access controls
A matrix
Controlled intermediary access applications
A directed graph
Controlled intermediary access applications
The Brewer-Nash model is designed primarily to prevent?

Conflicts of interest
Inference attacks
False acceptance
Denial of service attacks

Conflicts of interest
Discretionary Access Control (DAC) manages access to resources using what primary element or aspect?

Rules
Identity
Age
Classification

Identity
Which form of access control is based on job descriptions?
Role-based access control (RBAC)
2.2.7 Practice questions
Which of the following authentication methods uses tickets to provide single sign-on?

Kerberos
802.1x
MSCHAP
PKI

Kerberos
Which of the ff. is the strongest form of multi-factor authentication?

A password, a biometric scan, and a token device
A password and a biometric scan
Two passwords
Twofactor authentication

A password, a biometric scan, and a token device
Which of the following is an example of two-factor authentication?

pass phrase and a PIN
A username and a password
A fingerprint and a retina scan
A token device and a PIN

A Token device and a PIN
Which of the following is an example of three-factor authentication?

Photo ID, smart card, fingerprint
Smart card, digital certificate, PIN
Token device, keystroke analysis, cognitive question
Pass phrase, palm scan, voice recognition

Token device, Keystroke analysis, Cognitive question
Which of the following are examples of Type II authentication credentials? (Select two).

Smart card
Cognitive question
Voice recognition
Photo ID
PIN
Handwriting analysis

Photo ID, Smart card’

Type I (something you know, such as a password, PIN, pass phrase, or cognitive question)
• Type II (something you have, such as a smart card, token device, or photo ID)
• Type III (something you are, such as fingerprints, retina scans, voice recognition, or
keyboard dynamics)

Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter?

False positive
False acceptance
Error rate
False negative

False negative
Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon?

SSID
Smart card
Biometric
Security Policy
WAP

Smart Card
Which of the ff. advantages can Single Sign-On (SSO) provide? (Select two).

Enhanced password complexity requirements
Secure remote access
The elimination of multiple user accounts and passwords for an individual
Access to all authorized resources with a single instance of authentication

Access to all authorized resources with a single instance of authentication,
The elimination of multiple user accounts and passwords for an individual.
Match the authentication factor types on the left with the appropriate authentication factor on the right.

PIN=
Smart card=
Password=
Retina scan=
Fingerprint scan=
Hardware token=
Passphrase=
Voice recognition=
Wi-Fi triangulation=
Typing behaviors=

Something you do
Somewhere you are
Something you know
Something you are
Something you know
Something you have

PIN= Something you know
Smart card= Something you have
Password= Something you know
Retina scan= Something you are
Fingerprint scan= Something you are
Hardware token= Something you have
Passphrase= Something you know
Voice recognition= Something you are
Wi-Fi triangulation= Somewhere you are
Typing behaviors= Something you do
Which of the following defines the crossover rate for evaluating biometric systems?

The point where the number of false positives matches the number of false negatives in a biometric system.
The rate of people who are denied access that should be allowed access.
The number of subjects or authentication attempts that can be validated.
The rate of people who are given access that should be denied access.

The point where the number of false positives matches the number of false negatives in a biometric system.
Which of the following are examples of Single Sign-on authentication (Select two).

Kerberos
RADIUS
Biometrics
DIAMETER
SESAME
Digital Certificates

SESAME
Kerberos
Which of the following is stronger than any biometric authentication factor?
A dynamic asynchronous token device without a PIN
A 47 character password
A two factor authentication
A USB device hosting PKI certificates
A two-factor authentication
A device which is synchronized to an authentication server is which type of authentication?

Synchronous token
Swipe card
Asynchronous token
Smart card

Synchronous token
The mathematical algorithm used by HMAC-based One-Time Passwords (HOTP) relies on two types of information to generate a new password based on the previously generated password. Which information is used to generate the new password. (Select two)

Passphrase
Password
Shared secret
Counter
User name

Counter
Shared secret
The mathematical algorithm used to generate Time-based One-Time Passwords (TOTP) uses a shared secret and a counter to generate unique, one-time passwords. Which even causes the counter to increment when creating TOTP passwords?

The creation of a new onetime password
A signal from the TPM chip on the system motherboard
A value set in a hidden CPU register
The passage of time

The passage of time
2.3.5 Practice questions
Which of the following information is typically not included in an access token?

User account password
User security identifier
Group membership
User rights

User account password
Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group to access to a special folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do?

Add his user account to the ACL for the shared folder
Have Marcus log off and log back on
Manually refresh Group Policy settings on the file server

Have Marcus log off and log back on
Which of the following terms describes the component that is generated ff. authentication and which is used to gain access to resources following logon?

Access token
Cookie
Proxy
Account policy

Access token
Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subject has access to certain objects and the level or type of access allowed?

Kerberos
Mandatory access control
User ACL
Hashing

User ACL
2.4.4 Practice questions
Which type of media preparation is sufficient for media that will be reused in a different security context within your organization?

Formatting
Sanitization
Destruction
Deleting

Sanitization
Which of the ff. is an example of privilege escalation?

Mandatory vacations
Creeping privileges
Separation of duties
Principle of least privilege

Creeping privileges
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution?

Dual administrator accounts
Separation of duties
Principle of least privilege
Need to know

Separation of duties
By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with?

Job rotation
Principle of least privilege
Cross training
Need to know

Principle of least privilege
An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list?

Implicit deny
Explicit allow
Explicit deny
Implicit allow

Implicit deny
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal?

Implicit deny
Mandatory vacations
Job rotation
Least privilege
Separation of duties

Separation of duties
You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement?

Explicit deny
Job rotation
Least privilege
Separation of duties
Need to know

Job rotation
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access.

Implicit allow, implicit deny
Explicit allow, implicit deny
Explicit allow, explicit deny
Implicit allow, explicit deny

Explicit allow, implicit deny
Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels?

Separation of duties
Clearance
Least privilege
Ownership
Need to know

Need to know
What is the primary purpose of separation of duties?

Inform managers that they are not trusted
Grant a greater range of control to senior management
Prevent conflicts of interest
Increase the difficulty in performing administration

Prevent conflicts of interest
Separation of duties is an example of which type of access control?

Compensative
Corrective
Preventive
Detective

Preventive
Need to know is required to access which types of resources?

Low-security resources
Resources with unique ownership
Compartmentalized resources
High-security resources

Compartmentalized resources
2.5.5 Practice questions
Which of the following is an example of a decentralized privilege management solution?

Active Directory
Workgroup
TACACS+
RADIUS

Workgroup
Match the Active Directory component on the left with the appropriate description on the right.

Holds a copy of the Active Directory database-
Manages access for a workstation-
Manages access for an employee-
Can be created to logically organize network resources-
Cannot be moved, renamed, or deleted-
Defines a collection of network resources that share a common directory database-

Domain
Domain Controller
Generic Container
Organization Unit
Computer Object
User Object
Computer Object

Holds a copy of the Active Directory database
Domain Controller
Manages access for a workstation
Computer Object
Manages access for an employee
User Object
Can be created to logically organize network resources
Organization Unit
Cannot be moved, renamed, or deleted
Generic Container
Defines a collection of network resources that share a common directory database
Domain
Click on the object in the testoutdemo.com Active directory domain that is used to manage desktop workstation access
CORPWS7
2.6.9 Practice questions
What should be done to a user account if the user goes on an extended vacation?

Remove all rights from the account
Monitor the account more closely
Delete the account
Disable the account

Disable the account
Tom Plask’s user account has been locked because he entered too many incorrect passwords. You need to unlock the account. Click on the tab in the properties of the Tom Plask user object you would use to unlock his account.
Account
Tom Plask recently transferred to the Tech Support department. He now needs access to the network resources used by Support employees. To do this, you need to add Tom Plasks user account to the Support group in the Active Directory domain. Click the tab in the properties of Tom Plask user object you would use to accomplish this.
Member of
You are creating a new Active Directory domain user account for the Robert Tracy user account. During the account setup process, you assigned a password to the new account. However, you know that for security reasons the system administrator should not know any users passwords. Only the user should know his or her own password-no one else. Click on the option you would use in the new object user dialog to remedy this situation.
User must change password at net logon
You are the network administrator in a small nonprofit organization, currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months the volume of help…. Currently, permissions to network resources are assigned directly to Craig’s user object. Because the new employee needs exactly the same level of access, you decide to simply copy
Craig’s Active Directory domain user object and rename it with the new employee’s name.will this strategy work?
NO, permissions are not copied when a user account is copied.
2.7.10 Practice questions
One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the ff. commands will accomplish this?

usermod -u kjones kscott
usermod -l kscott kjones
usermod -l kjones kscott
usermod -u kscott kjones

usermod -l kjones kscott
You have performed an audit and have found active accounts from employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account?

usermod -L joer
usermod -l joer
usermod -d joer
usermod -u joer

usermod -L joer
An employee named Bob Smith, with a user name of bsmith, has left the company. You have been instructed by your supervisor to delete his user account along with his home directory. Which of the ff. commands would produce the required outcome? (Choose all that apply.)

userdel bsmith
userdel -r bsmith
userdel -h bsmith
userdel bsmith?rm -rf /home/bsmith

userdel bsmith;rm -rf /home/bsmith
userdel -r bsmith,
A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory?

userdel larry
userdel -h larry
userdel -home larry
userdel -r larry

userdel -r larry
In the /etc/shadow file, which character in the password field indicates that a standar user account is locked?
!
! or !! in the password field of /etc/shadow indicates the account is locked
Which of the following utilities would you typically use to lock a user account? (Select two).

usermod
passwd
userdel
useradd

passwd
usermod
You suspect that the gshant user account is locked. Which command will show the status of user account? (Tip: Enter the command as if at the command prompt.)

passwd -S gshant
passwd gshant

passwd -S gshant
2.8.6 Practice questions
You are the administrator for a small company. You need to add a new group user, named sales, to the system. Which command will accomplish this?

addgroup x sales
addgroup sales
groupadd r sales
groupadd sales

groupadd sales
Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the ff. commands will accomplish this?

grpconv marketing sales
groupadd -c marketing sales
groupmod -n marketing sales
grpchange marketing sales

groupmod -n marketing sales
You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the ff. commands should you use?

groupmod -n temp_sales
groupdel temp_sales
groupmod -R temp_sales
newgroup -R temp_sales

groupdel temp_sales
2.9.4 Practice questions
What is the effect of the ff. command? chage -M 60 -W 10 jsmith?

Forces jsmith to keep the password 60 days before changing it and gives a warning 10 days before changing it.
Deletes the jsmith user account after 60 days and gives a warning 10 days before it expires.
Sets the password for jsmith to expire after 6 days and gives a warning 10 days before it expires.
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
What “chage” command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)

chage -M 60 -W 10 jsmith
chage -W 60 -M10 jsmith
change -m 60 -w 10 jsmith

chage -M 60 -W 10 jsmith
Which “chage” option keeps a user from changing password every two weeks?

-M 33
-m 33
-W 33
-a 33

-m 33

-M sets the maximum number of days before the password expires.
-W sets the number of days before the password expires that a warning message displays.
-m sets the minimum number of days that must pass after a password has been changes
before a user can change the password again.

Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.)

/etc/security/limits.conf
/etc/users/limits.conf

/etc/security/limits.conf
Within the “/etc/security/limits.conf file”, you notice the ff. entry: @guest hard maxlogins 3
What effect does the line have on the Linux system?

Limits the maximum file size that the guest group can create to 3GB.
Limits concurrent logins from the same user to three.
Limits the total amount of memory used by the guest group to 3 MB
Limits the number of max logins from the guest group to three.

Limits the number of max logins from the guest group of three.
2.10.5 Practice questions
You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use?

Create a GPO user policy for the Development OU.
Create a GPO computer policy for the Computers container.
Create a GPO computer policy for the computers in the Development OU.
Create a GPO folder policy for the folders containing the files.

Create a GPO computer policy for the computers in the Development OU.
Computer policies include a special category called user rights. Which action do they allow an administrator to perform?

Set ACL rights for users on specified computers in an OU.
Specify the registry settings for all users in an OU.
Identify users who can perform maintenance tasks on computers in an OU.
Designate a basic set of rights for all users in an OU.

Identify users who can perform maintenance tasks on computers in the OU.
Which statement is true regarding application of GPO settings?
If a setting is defined in the Local Group Policy on the computer and not defined in the
GPO linked to the OU, the setting will be applied.
If a setting is defined in the Local Group Policy on the computer and not defined in the
GPO linked to the OU, the setting will not be applied.
If a setting is not defined in the Local Group Policy and is defined in the GPO linked to
the OU, the setting will not be applied.
If a settings is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the settings will be applied.
2.11.11 Practice questions
Which of the following is the single best rule to enforce when designing complex passwords?

Longer passwords
Computer generated passwords
Force use of all four types of characters (uppercase, lowercase, numbers, symbols)
Maximum password age

Longer passwords
For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes. What should you do?

Configure the enable/disable feature in the user accounts
Configure account lockout policies in Group Policy
Configure account expiration in the user accounts
Configure day/time restrictions in the user accounts

Configure account lockout policies in Group Policy
You want to make sure that all users have passwords over 8 character and that passwords must be changed every 30 days. What should you do?

Configure account lockout policies in Group Policy
Configure expiration settings in the user accounts
Configure account policies in Group Policy
Configure day/time settings in the user accounts

Configure account policies in Group policy
You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do?

Configure account lockout policies in Group Policy
Configure expiration settings in the user accounts
Configure account policies in Group Policy
Configure day/time settings in the user accounts

Configure day/time restrictions in the user accounts
You are configuring the local security policy of a Windows 7 system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which policies should you configure? (Select two.)

Minimum password age
Enforce password history
Maximum password age
Password complexity

Minimum password age
Enforce password history
You are configuring the local security policy of a Windows 7 system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent logon after three unsuccessful logon attempts. Which policies should you configure? (Select two.)

Password complexity
Maximum password age
Account lockout duration
Account lockout threshold
Minimum password length

Minimum password length
Account lockout threshold
You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration?

The previous 10 passwords cannot be reused.
Users must change the password at least every 10 days.
The password must contain 10 or more characters.
Users cannot change the password for 10 days.

User cannot change the password for 10 days.
You are teaching new users about security and passwords. Which example of the passwords would be the most secure password?
Stiles_2031
8181952
JoHnSmITh
T1a73gZ9!
T1a73gZ9
Which of the following is not important aspect of password management?

Training users to create complex passwords that are easy to remember
Enable account lockout
Prevent use of personal information in a password
Always store passwords in a secure medium

Enable account lockout
You have implemented account lockout with a clipping level of 4. What will be the effect of this setting?

Password hashes will be generated using a salt value of 4.
Incorrect logon attempts during the past 4 hours will be tracked.
The account will be locked after 4 incorrect attempts.
Locked accounts will remain locked for 4 hours.

The account will be locked after 4 incorrect attempts.
Upon running a security audit in your organization, you discover that several sales employees are using the same domain user account to log in and update the company customer database. Which action should you take.

Train sales employees to use their own user accounts to update the customer
database.
Delete the account that the sales employees are currently using.
Implement a Group Policy object that implements time of day logon restrictions.
Apply the Group Policy object to the container where the sales user accounts reside. (pick 2)

Delete the account that the sales employees are currently using
Train sales employees to user their own user accounts to update the customer database.
You manage a single domain named widgets.com. OUs have been created for each company department. Users and computer accounts have been moved into there OUs. you need to make the change as easily as possible.
You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users.what should you do.

-Create a GPO linked to the Directors OU. Configure the password policy in the new GPO.
-Create a new domain. Move the contents of the Directors OU to the new domain.
-Configure the necessary password policy on the domain.
-Implement a granular password policy for the users in the Directors OU.
-In Active Directory Users and Computers, select all user accounts in the Directors OU.
-Edit the user account properties to require the longer password.

Implement a granular password policy for the users in the directors OU.
You manage a single domain named widgets.com. OUs have been created for each company department. Users and computer accounts have been moved into there OUs. you would like to define a granular password policy. which tool should you use?

Active Directory Domains and Trusts
Group Policy Management Console and Group Policy Management Editor
Active Directory Sites and Services
ADSI Edit

ADSI edit
You manage a single domain named widgets.com. OUs have been created for each company department. Users and computer accounts have been moved into there OUs. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. you need to make the change as easily as possible. what should you do.

Create a granular password policy. Create a distribution group. Apply the policy to the
group. Add all users in the Directors OU to the group.
Create a granular password policy. Apply the policy to all users in the Directors OU.
Create a granular password policy. Apply the policy to all users in the widgets.com domain.
Create a granular password policy. Apply the policy to the Directors OU.

Create a granular password policy. apply the policy to all users in the directors OU
You manage a single domain named widgets.com. Ohs have been created for each company department. Users and computer accounts have been moved into there OUs. Matt Barnes is the chief financial officer. He would like his account to have even more strict password policies than is required for other members in the Directors OU.
what should you do.

-Create a granular password policy for Matt. Apply the new policy directly to Matt’s user account.
-Create a granular password policy for Matt. Create a new group, and then make Matt a member of the group. Apply the new policy directly to the new group. Make sure the
new policy has a higher precedence value than the value for the existing policy.
-Create a granular password policy for Matt. Apply the new policy directly to Matt’s user account. Remove Matt from the DirectorsGG group.

Create a granular password policy for Matt. apply the new policy to Matts user account.
Match each smart card attack on the left with the appropriate description on the right.

Exploite vulnérabilités in the card’s protocols or encryption methods
Capturing transmittion data produced by the card as it is used
Deliberately inducing malfunctions in the card
Accessing the chip surface directly to obsoerve, manipulate, and interfere with the circuit

Software attacks
Microprobing
Fault Generation
Eavesdropping

Software attacks
Exploite vulnérabilités in the card’s protocols or encryption methods
Eavesdropping
Capturing transmittion data produced by the card as it is used
Fault Generation
Deliberately inducing malfunctions in the card
Microprobing
Accessing the chip surface directly to obsoerve, manipulate, and interfere with the circuit
2.12.7 Practice questions
Which of the following are methods for providing centralized authentication, authorization for remote access? (Select two.)
EAP
PKI
TACACS+
RADIUS
AAA
RADIUS
TACACS+
Which of the following are characteristics of TACACS+? (Select two.)
Uses TCP
Allows for a possible of two different servers, one for authentication and authorization, and another for accounting
Allows for a possible of three different servers, one each for authentication, authorization, and accounting
Uses UDP
Allows for a possible of three different servers, one each for authentication, authorization, and accounting.
Uses TCP
Which of the following are differences between RADIUS and TACACS+?

-RADIUS uses TCP? TACACS+ uses UDP.
-RADIUS encrypts the entire packet contents? TACACS+ only encrypts the password.
-RADIUS supports more protocols than TACACS+.
-RADIUS combines authentication and authorization into a single function? TACACS+ allows these services to be split between different servers.

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers.
Which of the following protocols can be used to centralize remote access authentication?

Kerberos
EAP
CHAP
TACACS
SESAME

TACACS
RADUIS is primarily used for what purpose?

Managing RAID faulttolerant drive configurations
Controlling entry gate access using proximity sensors
Authenticating remote clients before access to the network is granted
Managing access to a network over a VPN

Authenticating remote clients before access to the network is granted
Which of the following is a characteristic of TACACS+?

Supports only TCP/IP
Encrypts the entire packet, not just authentication packets
Requires that authentication and authorization are combined in a single server
Uses UDP ports 1812 and 1813

Encrypts the entire packet, not just authentication packets
Which of the following ports are used with TACACS?

22
49
50 and 51
1812 and 1813

49
What does a remote access server use for authorization?

Remote access policies
SLIP or PPP
CHAP or MSCHAP
Usernames and passwords

Remote access policies
Which of the following is the best example of remote access authentication?

A user accesses a shared folder on a server
A user establishes a dialup connection to a server to gain access to shared resources
A user connects using Remote Desktop to a computer on the LAN
A user logs on to an ecommerce site that use SSL

A user establishes a dialup connection to a server to gain access to shared resources
Which of the following is a feature of MS-CHAP v2 that is not included in CHAP?

Hashed shared secret
Threeway handshake
Certificatebased authentication
Mutual authentication

Mutual authentication
Chap performs which of the following security functions?

Links remote systems together
Periodically verifies the identity of a peer using a threeway
handshake
Allows the use of biometric devices
Protects usernames

Periodically verifies the identity of a peer using a three-way handshake.
Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks?

RADIUS
CHAP
EAP
PAP

PAP
Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default?

EAP
PAP
Certificates
CHAP

CHAP
Which of the following authentication protocols uses a three-way handshake to authenticate users to the network? (Choose two.)
MSCHAP
PAP
CHAP
EAP
MS-CHAP
CHAP
2.13.5 Practice questions
When using Kerberos authentication, which of the ff. terms is used to describe the token that verifies the identity of the user to the target system?

Coupon
Voucher
Ticket
Hashkey

Ticket
Which of the following are required when implementing Kerberos for authentication and authorization? (Select two.)

Time synchronization
PPPoE
PPP
RADIUS or TACACS+ server
Ticket granting server

Ticket granting server
Time synchronization
Which of the following are requirements to deploy Kerberos on a network? (Select two.)

A centralized database of users and passwords
Use of token devices and onetime passwords
Time synchronization between devices
A directory service
Blocking of remote connectivity

Time synchronization between devices
A centralized database of users and password
Which ports does LDAP use by default? (Select two.)

110
69
636
389

636
389
You want to deploy SSL to protect authentication traffic with you LDAP-based directory service. Which port would this use?

80
389
443
636
2208

636
Your LDAP directory service solution uses simple authentication. What should you always do when using simple authentication?

Add SASL and use TLS.
Use IPSec and certificates.
Use Kerberos.
Use SSL

Use SSL.
You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose?

Mutual
EAP
Simple
SASL

SASL
A user has just authenticated using Kerberos. What object is issued to the user immediately following logon?

Digital certificate
Ticket granting ticket
Digital signature
Clienttoserver ticket

Ticket granting ticket
Which of the following protocols uses port 88?

L2TP
LDAP
Kerberos
PPTP

Kerberos
Which of the following authentication mechanisms is designed to protect a 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash?

LDAP
LANMAN
NTLMv2
NTLM

LANMAN
What is mutual authentication?

The use of two or more authentication factors
A process by which each party in an online communication verifies the identity of the other party
Using a CA (certificate authority) to issue certificates

A process by which each party in an online communication verifies the identity of the other party
KWalletManager is a linux-based credential management system that stores encrypted account credentials for network resources. Which encryption methods can KWalletManager use to secure account credentials? Select two

Kerberos
Twofish
GPG
HMACSHA1
Blowfish

Blowfish
GPG
A manager has told you she is concerned about her employees writing their password for websites, network files, and database resources on sticky notes. Your office runs exclusively in a windows eviroment. Which tool could be used to prevent this?

Key Management Service
Computer Management
Local Users and Groups
Credential Manager

Credential Manager
You want to protect the authentication credentials you use to connect to the LAB server in your network by copying then to a usb drive.
click the option you want to use in Credential Manager to do this.

Backup Credentials
Restore Credentials

Back up Credentials
2.14.11 Practice questions
In an Identity Management System, What is the function of the Authoritative Source?

Specify the owner of a data item.
Coordinate the management of user identity across system boundaries.
Obtain the current password for a user through the psync
system.
Remove a user from the system and revoke user rights to system resources

Specify the owner of a data item.
In an Identity Management System, What is the function of the Identity Vault?

Implement the Psync system.
Coordinate the management of user identity across system boundaries.
Store the user’s access to resources.
Ensure that each employee has the appropriate level of access in each system.

Ensure that each employee has the appropriate level of access in each system.
You are a network administrator for a small company. Your organization currently uses the following server system. Because each of these systems uses its own unique set of authentication credentials, you must spend a considerable amount of time each week keeping user account information updated on each system. In addition, if a user changes his or her password on one system, it is not updated for the user’s accounts on the other two systems.
Which should you do? (Select two.)

Migrate GroupWise to Microsoft Exchange.
Implement an Identity Vault.
Migrate the NoSQL database to Microsoft SQL Server.
Migrate the Novell Open Enterprise Server system to Windows Server.
Implement password synchronization.

Implement password synchronization
implement an identity vault
Match each identity management (IDM) term on the left with the corresponding description on the right.

Synchronizes user creation across all systems

Allows users to manage their passwords throughout all systems

Acts as the authoritative source for user credentials for each connected system

Serves as repository for the identity of each user

Defines a permission a user has to access resources in connected systems

Removes a user from all systems and revokes all rights

Automated De-provisioning
Automated Provisioning
Entitlement
Identity Vault
Password Synchronization

Synchronizes user creation across all systems
Automated Provisioning
Allows users to manage their passwords throughout all systems
Password Synchronization
Acts as the authoritative source for user credentials for each connected system
Identity Vault
Serves as repository for the identity of each user
Identity Vault
Defines a permission a user has to access resources in connected systems
Entitlement
Removes a suer from all systems and revokes all rights
Automated De-provisioning
2.15.3 Practice questions

Need essay sample on "Chapter 2 Access control and Identity all questions"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy