Chapter 7 & 8 Security +
- 1.Which of the following logical access control methods would a security administrator need to modify in order to control network traffic passing through a router to a different network?
- A.
Configuring VLAN 1
- B.
ACL
- C.
Logical tokens
- D.
Role-based access control changes
- 2.After installing database software the administrator must manually change the default administrative password, remove a default database, and adjust permissions on specific files. These actions are BEST described as:
- A.
Vulnerability assessment
- B.
Mandatory access control
- C.
Application hardening
- D.
Least priviledge
- 3.Which of the following methods is a best practice for granting access to resources?
- A.
Add ACLs to computers, add computers to groups
- B.
Add ACLs to user; add users to groups
- C.
Add users to ACLs; add computers to groups
- D.
Add groups to ACLs; add users and computers to groups
- 4.Which of the following may cause a user, connected to NAC-enabled network, to not be prompted for credentials
- A.
The user's PC is missing the authentication agent
- B.
The user's PC is not fully patched
- C.
The user's PC is not at the latest service pack
- D.
The user's PC has out-of-date antivirus software
- 5.Which of the following is an example of two-factor authentication?
- A.
PIN and password
- B.
Smartcard and token
- C.
Smartcard and PIN
- D.
Fingerprint and retina scan
- 6.Which of the following uses a three-way handshake for authentication and is commonly used in PPP connections?
- A.
MD5
- B.
CHAP
- C.
Kerberos
- D.
SLIP
- 7.To ensure users are logging into their systems using a least priviledge method, which of the following should be done?
- A.
Create a user account without administrator priviledges
- B.
Employ a BIOS password that differs from the domain password
- C.
Enforce a group policy with the least amount of account restrictions
- D.
Allow users to determine their needs and access to resources
- 8.A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:
- A.
Seperation of duties
- B.
Job-based access control
- C.
Least priviledge
- D.
Remote access policy
- 9.Which of the following is a BEST practice for organizing users when impementing a least priviledge model?
- A.
By function
- B.
By department
- C.
By geographic location
- D.
By management level
- 10.The process of validating a user's claimed identity is called:
- A.
Identification
- B.
Authorization
- C.
Validation
- D.
Repudiation
- 11.Which of the following is a detective security control?
- A.
CCTV
- B.
Firewall
- C.
Design reviews
- D.
Bollards
- 12.Which of the following is a reason to implement Kerberos over local system authentication?
- A.
Authentication to multiple devices
- B.
Centralized file integrity protection
- C.
Non-repudiation
- D.
Greater password complexity
- 13.Which of the following faciliates computing for heavily utilized systems and networks?
- A.
Remote access
- B.
Provider cloud
- C.
VPN concentrator
- D.
Telephony
- 14.Which of the following is a reason to use TACACS+ over RADIUS?
- A.
Combines authentication and authorization
- B.
Encryption of all data between client and server
- C.
TACACS+ uses the UDP protocol
- D.
TACACS+ has less attribute-value pairs
- 15.Which of the following describes an attack technique by which an intruder gains physical access by following an authorized user into a fcility before the door is closed?
- A.
Shoulder surfing
- B.
Tailgating
- C.
Escalation
- D.
Impersonation
- 16.Which of the following access control methods provides the BEST protection against attackers logging on as authorized user?
- A.
Require a PIV card
- B.
Utilize time of day restrictions
- C.
Implement deny
- D.
Utilize seperation of duties
- 17.Centrally authenticating multiple systems and applications against a federated user database is an example of:
- A.
Smart card
- B.
Common access card
- C.
Single sign-on
- D.
Access control list
- 18.Which of the following uses tickets to identify users to the network?
- A.
RADIUS
- B.
LDAP
- C.
TACACS+
- D.
Kerberos
- 19.Which of the following is an example of implementing security using the least priviledge principle?
- A.
Confidentiality
- B.
Availability
- C.
Integrity
- D.
Non-repudiation
- 20.Which of the following is an authentication method that uses symmetric key encryption and a key distribution center?
- A.
MS-CHAP
- B.
Kerberos
- C.
802.1x
- D.
EAP
- 21.Which of the following is a preventative physical security measure?
- A.
Video surveillance
- B.
External lighting
- C.
Physical access log
- D.
Access control system
- 22.Mandatory Acess Control (MAC) allows:
- A.
Access rights indicated by the role of the individual
- B.
Access associated with the classification of data
- C.
A system administrator to centralized policy
- D.
Rights to be assigned by the data owner
- 23.The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this?
- A.
Set a local password policy on each workstation and server
- B.
Set a domain password policy
- C.
Set a group policy to enforce password changes
- D.
Post a memo detailing the requirement of the new password complexity requirements
- 24.Which of the following would be used to eliminate the need for an administrator to manually configure passwords on each network device in a larg LAN?
- A.
RADIUS
- B.
OVAL
- C.
RAS
- D.
IPSec VPN
- 25.The security administrato needs to determine whether common words and phrases are being used as passwords on the company server. Which of the following attacks would MOST easily accomplish this task?
- A.
NTLM hashing
- B.
Dictionary
- C.
Brute Force
- D.
Encyclopedia
Related Topics
Recent Quizzes
Featured Quizzes
Back to top