Institute Of Electrical And Electronics Engineers IEEE Quiz
Settings
.
- 1.A RADIUS authentication server requires that the _____ be authenticated first.authentication server.
- A.
Authentication server
- B.
Supplicant
- C.
Authenticator
- D.
User
- 2.Each of the following make up the AAA elements in network security except _______.
- A.
Controlling access to network resources (authentication)
- B.
Enforcing security policies (authorization)
- C.
Determining user need (analyzing)
- D.
Auditing usage (accounting)
- 3.With the development of IEEE 802.1x port security, the authentication server _____ has seen even greater usage.
- A.
RDAP
- B.
DAP
- C.
RADIUS
- D.
AAA
- 4._____ is an authentication protocol available as a free download that runs on Microsoft Windows 7/Vista, Windows Server 2008, Apple Mac OS X, and Linux.
- A.
IEEE 802.1x
- B.
RADIUS
- C.
Kerberos
- D.
LDAP
- 5.The version of the X.500 standard that runs on a personal computer over TCP/IP is_____.
- A.
DAP
- B.
LDAP
- C.
IEEE X.501
- D.
Lite RDAP
- 6.A user entering her user name would correspond to the _____ action in access control.
- A.
Authentication
- B.
Identification
- C.
Authorization
- D.
Access
- 7.A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.
- A.
Object
- B.
Subject
- C.
Resource
- D.
Operation check
- 8.The individual who periodically reviews security settings and maintains records of access by users is called the _____.
- A.
Supervisor
- B.
Owner
- C.
Custodian
- D.
Manager
- 9.In the _____ model, the end user cannot change any security settings.
- A.
Discretionary Access Control
- B.
Security Access Control
- C.
Mandatory Access Control
- D.
Restricted Access Control
- 10.Rule Based Access Control _____.
- A.
Is considered obsolete today
- B.
Dynamically assigns roles to subjects based on rules
- C.
Is considered a real-world approach by linking a user’s job function with security
- D.
Requires that a custodian set all rules
- 11.Separation of duties requires that _____.
- A.
Processes should be divided between two or more individuals
- B.
End users cannot set security for themselves
- C.
Managers must monitor owners for security purposes
- D.
Jobs be rotated among different individuals
- 12._____ in access control means that if a condition is not explicitly met then access is to be rejected.
- A.
Denial of duties
- B.
Implicit deny
- C.
Explicit rejection
- D.
Prevention control
- 13.A(n) _____ is a set of permissions that is attached to an object.
- A.
Access control list (ACL)
- B.
Subject Access Entity (SAE)
- C.
Object modifier
- D.
Security entry designator
- 14._____ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory.
- A.
Windows Register Settings
- B.
Group Policy
- C.
Resource Allocation Entities
- D.
AD Management Services (ADMS)
- 15.A(n) _____ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.
- A.
SQL/LDAP insert attack
- B.
Modified Trojan attack
- C.
LDAP injection attack
- D.
RBASE plug-in attack
- 16.The least restrictive access control model is _____.
- A.
Role Based Access Control (RBAC)
- B.
Mandatory Access Control (MAC)
- C.
Discretionary Access Control (DAC)
- D.
Rule Based Access Control (RBAC)
- 17.The principle known as _____ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function.
- A.
Enterprise Security
- B.
Least privilege
- C.
Deny all
- D.
Mandatory Limitations
- 18.A(n) _____ is the person responsible for the information and determines the level of security needed for the data and delegates security duties as required.
- A.
Owner
- B.
Custodian
- C.
End user
- D.
Administrator
- 19.In the Mandatory Access Control (MAC) model, every subject and object _____.
- A.
Is restricted and cannot be accessed
- B.
Is assigned a label
- C.
Can be changed by the owner
- D.
Must be given a number from 200–900
- 20.A user account that has not been accessed for a lengthy period of time is called a(n) _____ account.
- A.
Orphaned
- B.
Limbo
- C.
Static
- D.
Dormant
- 21.Each of the following is a type of authentication credential except _______.
- A.
What you have
- B.
What you are
- C.
What you discover
- D.
What you know
- 22.
- A.
A lengthy and complex password can be difficult to memorize.
- B.
A security policy requires a password to be changed regularly.
- C.
Having multiple passwords makes it hard to remember all of them.
- D.
Most sites force users to create weak passwords although they do not want to.
- 23.
- A.
Resetting
- B.
Capturing
- C.
Social engineering
- D.
Online guessing
- 24.
- A.
An attack that combines a dictionary attack with an online guessing attack
- B.
A brute force attack that uses special tables
- C.
An attack that slightly alters dictionary words
- D.
An attack that uses both automated and user input
- 25.Each of the following is a step in creating a strong password except _______.
- A.
Use a short password so the computer can process it more quickly
- B.
Avoid using phonetic words
- C.
Do not use sequences
- D.
Do not use personal information
- 26.A token code is valid _______.
- A.
For as long as it appears on the device
- B.
For up to 1 hour
- C.
Only for the user who possesses the device
- D.
If it is longer than 8 characters
- 27.A token system that requires the user to enter the code along with a PIN is called a _______.
- A.
Single-factor authentication system
- B.
Dual-prong verification system
- C.
Multi-factor authentication system
- D.
Token-passing authentication system
- 28.A _____ is a U.S. Department of Defense (DoD) smart card that is used for identification for active-duty and reserve military personnel.
- A.
Personal Identity Verification (PIV) card
- B.
Government Smart Card (GSC)
- C.
Secure ID Card (SIDC)
- D.
Common Access Card (CAC)
- 29.Keystroke dynamics is an example of _____ biometrics.
- A.
Resource
- B.
Cognitive
- C.
Adaptive
- D.
Behavioral
- 30.Creating a pattern of when and from where a user accesses a remote Web account is an example of ________.
- A.
Time-Location Resource Monitoring (TLRM)
- B.
Keystroke dynamics
- C.
Cognitive biometrics
- D.
Computer footprinting
- 31._____ is a decentralized open source FIM that does not require specific software to be installed on the desktop.
- A.
SSO Login Resource (SSO-LR)
- B.
Windows CardSpace
- C.
OpenID
- D.
Windows Live ID
- 32.
- A.
Face
- B.
Weight
- C.
Fingerprint
- D.
Retina
- 33._____ biometrics is related to the perception, thought processes, and understanding of the user.
- A.
Standard
- B.
Intelligent
- C.
Behavioral
- D.
Cognitive
- 34.Using one authentication credential to access multiple accounts or applications is known as _______.
- A.
Credentialization
- B.
Identification authentication
- C.
Single sign-on
- D.
Federal login
- 35.A disadvantage of biometric readers is _______.
- A.
Speed
- B.
Size
- C.
Cost
- D.
Standards
- 36.
- A.
OAuth
- B.
CardSpace
- C.
OpenID
- D.
All SSO technologies use tokens.
- 37.
- A.
It could decrease calls to the help desk.
- B.
Because the network administrator would then have to manually reset the account.
- C.
So the user would not have to wait too long to have their password reset.
- D.
It could result in denial of service (DoS) attacks.
- 38.
- A.
Operating systems by default use the principle of least privilege.
- B.
Operating systems are complex programs with millions of lines of code that make vulnerabilities extremely difficult to recognize.
- C.
Operating systems do not isolate applications from each another so that one application that is compromised can impact the entire computer.
- D.
Operating systems cannot create a trusted path between users and applications.
- 39.An operating system that is designed to be secure by controlling critical parts of it to limit access from attackers and administrators is a _______.
- A.
Secure OS
- B.
Trustworthy OS
- C.
Managed OS
- D.
Trusted OS
- 40.
- A.
Computer footprinting
- B.
OpenAuthorization
- C.
Cognitive biometrics
- D.
Internet Throttling
- 41.
- A.
Plaintext
- B.
Cleartext
- C.
Opentext
- D.
Ciphertext
- 42.
- A.
Confidentiality
- B.
Stop loss
- C.
Integrity
- D.
Authenticity
- 43.The areas of a file in which steganography can hide data include all of the following except ______.
- A.
In data that is used to describe the content or structure of the actual data
- B.
In the directory structure of the file system
- C.
In the file header fields that describe the file
- D.
In areas that contain the content data itself
- 44.Proving that a user sent an e-mail message is known as ______.
- A.
Repudiation
- B.
Integrity
- C.
Non-repudiation
- D.
Availability
- 45.Symmetric cryptographic algorithms are also called ______.
- A.
Private key cryptography
- B.
Cipherkey cryptography
- C.
Public/private key cryptography
- D.
Public key cryptography
- 46.A(n) _____ is not decrypted but is only used for comparison purposes.
- A.
Stream
- B.
Hash
- C.
Algorithm
- D.
Key
- 47.Each of the following is a characteristic of a secure hash algorithm except _______.
- A.
Collisions should be rare
- B.
The results of a hash function should not be reversed
- C.
The hash should always be the same fixed size
- D.
A message cannot be produced from a predefined hash
- 48.Hashing would not be used in which of the following examples?
- A.
Bank automatic teller machine (ATM)
- B.
Encrypting and decrypting e-mail attachments
- C.
Verifying a user password entered on a Linux system
- D.
Determining the integrity of a message
- 49._____ encrypts a hash with a shared secret key.
- A.
Key_hash
- B.
WEP
- C.
MDRIPE
- D.
Hashed Message Authentication Code (HMAC)
- 50.
- A.
Authenticity
- B.
Confidentiality
- C.
Integrity
- D.
Availability
- 51._____ is a hash that uses two different and independent parallel chains of computation, the result of which are then combined at the end of the process.
- A.
DES
- B.
AES
- C.
RC4
- D.
RIPEMD
- 52.
- A.
Advanced Encryption Standard
- B.
Data Encryption Standard
- C.
Triple Data Encryption Standard
- D.
Rivest Cipher (RC)
- 53.If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, the key he uses to encrypt the message is _______.
- A.
Alice’s private key
- B.
Alice’s public key
- C.
Bob’s public key
- D.
Bob’s private key
- 54.A digital signature can provide each of the following benefits except ______.
- A.
Prove the integrity of the message
- B.
Verify the receiver
- C.
Verify the sender
- D.
Enforce non-repudiation
- 55.
- A.
MEC-2
- B.
RSA
- C.
MD-17
- D.
SHA-2
- 56.
- A.
EFS
- B.
Quantum computing
- C.
ECC
- D.
RSA
- 57._____ uses lattice-based cryptography and may be more resistant to quantum computing attacks.
- A.
NTRUEncrypt
- B.
ECC
- C.
RC4
- D.
SHA-512
- 58.The Trusted Platform Module (TPM) _____.
- A.
Allows the user to boot a corrupted disk and repair it
- B.
Is only available on Windows computers running BitLocker
- C.
Includes a pseudorandom number generator (PRNG)
- D.
Provides cryptographic services in hardware instead of software
- 59.
- A.
Trusted Platform Module (TPM)
- B.
Self-encrypting hard disk drives (HDDs)
- C.
Encrypted hardware-based USB devices
- D.
Hardware Security Module (HSM)
- 60.The Microsoft Windows LAN Manager hash ______.
- A.
Is weaker than NTLMv2
- B.
Is part of BitLocker
- C.
Is required to be present when using TPM
- D.
Is identical to MD-4
Back to top