IS5403 Week 6 all Quizezz

7

Question

Which of the following aims to support distributed authentication and authorization over the Internet?

Trust link services

Transitive trust services

Federation services

Trust bridge services

DFS

Correct

 

7 of 13

8

Question

In Windows network, transitive trust is used among the different domains inside a forest for implementing:

Authentication

RPC

File systems

DCOM

Distributed file systems

Correct

 

8 of 13

9

Question

In which of the following types of access control is the default for Windows systems and has access determined by the owner of a resource?

Discretionary access control

Role based access control

Rule based access control

Mandatory access control

Correct

 

9 of 13

10

Question

Which of the following are responsibilities of the certificate authority (CA) that cannot be outsourced? (Choose all that apply.)

Identity proofing

Key generation

Key recovery

Key escrow

Maintaining the CRL

Correct

 

10 of 13

11

Question

Public keys of compromised certificates can be found in which ways? (Choose all that apply.)

Bcrypt

PBKDF2

OCSP

Blowfish

CRL

Correct

 

11 of 13

12

Question

A security administrator uses third-party certificate authorities plus their own set of enterprise certificate authorities. How is a list of trusted certificate authorities delivered to a browser? (Choose all that apply.)

Browser manufacturer

Group policy

Certificate Authority (CA)

Online Certificate Status Protocol (OCSP)

Registration Authority (RA)

Correct

 

12 of 13

13

Question

A network administrator has a domain that includes single location. They want to store a copy of digital certificates with a trusted third party. What should be implemented?

Recovery agent

Key escrow

Key backup

Dual keys

Correct 

2

Question

Which of the following are recompiled UNIX tools that can hide evidence of the intrusion?

Viruses

Spyware

Botnets

Adware

Rootkits

Correct

 

2 of 5

3

Question

Which of the following are valid types of password attack? [Choose all that apply.]

Dictionary attack

Rainbow table

Brute force attack

Birthday attack

Hybrid attack

Correct

 

3 of 5

4

Question

What is always the first line of defense in protecting data and information?

What you are

Tokens

Certificates

Accounts

Passwords

Correct

 

4 of 5

5

Question

Which of the following factors should be considered and addressed in regards to account policy enforcement? [Choose all that apply.]

Group policy

Password expiration

Account recovery

Credential management

Password complexity

Correct

What is a token system that requires the user to enter the code along with a PIN called?

• Multifactor authentication system
• Dual-prong verification system
• Single-factor authentication system
• Token-passing authentication system

CORRECT

Ilya has been asked to recommend a federation system technology that is an open source federation framework that can support the development of authorization protocols. Which of these technologies would he recommend?

• NTLM
• Shibboleth
• OAuth
• Open ID Connect

CORRECT

Creating a pattern of where a user accesses a remote web account is an example of which of the following?

• Time-Location Resource Monitoring (TLRM)
• Geolocation
• Cognitive biometrics
• Keystroke dynamics

CORRECT

Which authentication factor is based on a unique talent that a user possesses?

• What you know
• What you do
• What you are
• What you have

CORRECT

Each of the following accounts should be prohibited EXCEPT:

• Shared accounts
• Guest accounts
• Privileged accounts
• Generic accounts

CORRECT

Timur was making a presentation regarding how attackers break passwords. His presentation demonstrated the attack technique that is the slowest yet most thorough attack that is used against passwords. Which of these password attacks did he demonstrate?

• Custom attack
• Hybrid attack
• Brute force attack
• Dictionary attack

CORRECT

Which of these is NOT a characteristic of a weak password?

• A long password
• A common dictionary word
• Using a predictable sequence of characters
• Using personal information

CORRECT

Why should the account lockout threshold not be set too low?

• The user would not have to wait too long to have her password reset.
• It could decrease calls to the help desk.
• The network administrator would have to reset the account manually.
• It could result in denial of service (DoS) attacks.

CORRECT

How is key stretching effective in resisting password attacks?

• The license fees are very expensive to purchase and use it.
• It does not require the use of salts.
• It requires the use of GPUs.
• It takes more time to generate candidate password digests.

CORRECT

Which of the following should NOT be stored in a secure password database?

• Plaintext password
• Iterations
• Password digest
• Salt

CORRECT

____ biometrics is related to the perception, thought processes, and understanding of the user.

• Behavioral
• Cognitive
• Intelligent
• Standard

CORRECT

Which human characteristic is NOT used for biometric identification?

• Iris
• Retina
• Height
• Fingerprint

CORRECT

What is a hybrid attack?

• An attack that combines a dictionary attack with a mask attack
• An attack that uses both automated and user input
• A brute force attack that uses special tables
• An attack that slightly alters dictionary words

CORRECT

What is a disadvantage of biometric readers?

• Cost
• Standards
• Speed
• Weight

CORRECT

Using one authentication credential to access multiple accounts or applications is known as _____.

• federal login
• single sign-on
• credentialization
• identification authentication

CORRECT

Which of these is a U.S. Department of Defense (DoD) smart card that is used for identification of active-duty and reserve military personnel?

• Government Smart Card (GSC)
• Secure ID Card (SIDC)
• Common Access Card (CAC)
• Personal Identity Verification (PIV) card

CORRECT

Which type of password attack is a more targeted brute force attack that uses placeholders for characters in certain positions of the password?

• Pass the hash attack
• Rainbow attack
• Rule attack
• Mask attack

CORRECT

A TOTP token code is generally valid for what period of time?

• For up to 24 hours
• For as long as it appears on the device
• Only while the user presses SEND
• Until an event occurs

CORRECT

Which one-time password is event-driven?

• HOTP
• TOTP
• ROTP
• POTP

CORRECT

Which of these is NOT a reason why users create weak passwords?

• Having multiple passwords makes it hard to remember all of them.
• Most sites force users to create weak passwords even though they do not want to.
• A security policy requires a password to be changed regularly.
• A lengthy and complex password can be difficult to memorize.

CORRECT

Which of the following would NOT be considered as part of a clean desk policy?

• Lock computer workstations when leaving the office.
• Keep mass storage devices locked in a drawer when not in use.
• Do not share passwords with other employees.
• Place laptops in a locked filing cabinet.

CORRECT

What is the current version of TACACS?

• TACACS+
• XTACACS
• TRACACS
• TACACS v9

CORRECT

Which access control model is the most restrictive?

• MAC
• Role-Based Access Control
• Rule-Based Access Control
• DAC

CORRECT

Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory?

• AD Management Services (ADMS)
• Group Policy
• Resource Allocation Entities
• Windows Registry Settings

CORRECT

Which of the following is the Microsoft version of CHAP?

• AD-EAP
• PAP-MICROSOFT
• EAP-MS
• MS-CHAP

CORRECT

Which of the following is NOT true regarding how an enterprise should handle an orphaned or a dormant account?

• A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.
• Access should be ended as soon as the employee is no longer part of the organization.
• Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
• All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

CORRECT

Which type of access control model uses predefined rules that makes it flexible?

• MAC
• DAC
• Rule-Based Access Control
• ABAC

CORRECT

A RADIUS authentication server requires the ________ to be authenticated first.

• authentication server
• supplicant
• authenticator
• user

CORRECT

Which can be used to establish geographical boundaries where a mobile device can and cannot be used?

• Mobile device policies
• Restricted access control policies
• Location-based policies
• Geolocation policies

CORRECT

Which of the following involves rights given to access specific resources?

• Access
• Authorization
• Identification
• Accounting

CORRECT

How is the Security Assertion Markup Language (SAML) used?

• It is an authenticator in IEEE 802.1x.
• It allows secure web domains to exchange user authentication and authorization data.
• It is a backup to a RADIUS server.
• It is no longer used because it has been replaced by LDAP.

CORRECT

Which statement about Rule-Based Access Control is true?

• It requires that a custodian set all rules.
• It is considered a real-world approach by linking a user's job function with security.
• It dynamically assigns roles to subjects based on rules.
• It is considered obsolete today.

CORRECT

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

• Privacy officer
• End-user
• Custodian
• Operator

CORRECT

With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?

• RDAP
• DAP
• Lite RDAP
• RADIUS

CORRECT

What is the least restrictive access control model?

• ABAC
• Rule-Based Access Control
• DAC
• MAC

CORRECT

What is the secure version of LDAP?

• 802.1x
• Secure DAP
• X.500
• LDAPS

CORRECT

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

• Lite RDAP
• LDAP
• DAP
• IEEE X.501

CORRECT

What can be used to provide both file system security and database security?

• LDAPs
• RBASEs
• CHAPs
• ACLs

CORRECT

Which of the following is NOT part of the AAA framework?

• Authorization
• Accounting
• Authentication
• Access

CORRECT

Which of these is a set of permissions that is attached to an object?

• Object modifier
• Security entry designator
• Access control list (ACL)
• Subject Access Entity (SAE)

CORRECT