CompTIA Security+ Practice Exam (1)

With role-based access control, access decisions are based on the roles that individual users have as part of an organization. Users take on assigned roles (such as doctor, nurse, teller, manager). The process of defining roles should be based on a thorough analysis of how an organization operates and should include input from a wide spectrum of users in an organization.

Most access control systems are rule-based -- that is, they use a preset list of rules when deciding whether or not a user should have access to a resource; this is not specific to access control systems based on user role. Most networks use server-based access control to control access to network resources, however, local resources are typically under the control of the local machine. Neither is particularly unique to role-based access control. Some networks may use token-based access control, but that is not a requirement for role-based access control, either.

A honeypot is the correct answer because it is a technology used to simulate a network of vulnerable devices in order to attract and deceive attackers. It is designed to appear as a legitimate target to attackers, allowing security professionals to monitor their activities and gather information about their techniques. By deploying a honeypot, organizations can study attack patterns, identify vulnerabilities, and develop effective countermeasures to protect their actual network from similar attacks.

Authentication is accomplished through something you know, something you have and/or something you are. One form of authentication requires possession of something ("something you have") such as a key, a smart card, a disk, or some other device. Whatever form it takes, the authenticating item should be difficult to duplicate and may require synchronization with systems other than the one to which you are requesting access. Highly secure environments may require you to satisfy multiple authentication criteria to guarantee authenticity.

Something you know, would be a piece of data known only to you, such as a password. Something you are, would be a physical characteristic of you, like your fingerprint.

Single sign-on (SSO) is a process where users can access numerous resources without needing multiple credentials. With SSO, users only need to authenticate once, usually through a central identity provider, and then they can access multiple applications and systems without having to enter their credentials again. This improves user experience, reduces the risk of password fatigue or forgetting passwords, and enhances security by centralizing authentication and authorization processes.

Biometrics These technologies are becoming more reliable, and they will become widely used over the next few years. Many companies use smart cards as their primary method of access control. Implementations have been limited in many applications because of the high cost associated with these technologies. Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 265

Authentication is accomplished through something you know, something you have and/or something you are. The canonical example of something you know is a password or pass phrase. You might type or speak the value. A number of schemes are possible for obtaining what you know. It might be assigned to you, or you may have picked the value yourself. Constraints may exist regarding the form the value can take, or the alphabet from which you are allowed to construct the value might be limited to letters only. If you forget the value, you may not be able to authenticate yourself to the system.

Something you have, would be a physical item you possess, such as a smartcard. Something you are, would be a personal characteristic of you, not a piece of information you know.

The correct answer is the Multifactor authentication model because it involves the use of multiple factors for authentication, such as a smart card and a User ID/Password. This adds an extra layer of security by requiring the user to provide more than one form of identification to access network resources.

This question is asking about the access control model where users are assigned access rights based on their function within the organization. This is a feature of Role Based Access Control (RBAC). In RBAC, access rights are assigned to users based on their roles or job functions. This allows for easier management of access control as users can be assigned to roles and their access rights can be managed at the role level rather than individually for each user.

Biometrics devices use physical characteristics to identify the user.
Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 18

Single Sign-on is an authentication system where a unique username and password are used to access multiple systems within a company. This means that users only need to enter their credentials once and they will be granted access to all authorized systems without the need to re-enter their credentials for each individual system. This simplifies the authentication process for users and improves overall security by reducing the need for multiple passwords and the potential for password reuse or weak passwords.

RADIUS (Remote Authentication Dial-In User Service) lowers administration costs and increases security by having a centralized database for authenticating remote users. PAP is the simplest of authentication protocols, which uses clear text.

Enabling network auditing policies allows the administrator to monitor and track logon activities on the network. By logging both logon successes and logon failures, the administrator can have a comprehensive view of all logon attempts, whether they were successful or not. This information is crucial for detecting and investigating any unauthorized access attempts or suspicious activities on the network. Logging only logon failures for non-existent users or only logon successes or only logon failures would provide limited information and may not give a complete picture of the network's security status.

The presence of an undocumented login that does not require authentication against the domain poses a security issue because it can be exploited as a backdoor into the company's databases. This means that unauthorized individuals could potentially gain access to sensitive information and compromise the company's data security. It is important to ensure that all logins and access points are properly authenticated and secured to prevent unauthorized access.

The RBAC model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. Users can be assigned certain roles system wide.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12

The actual verification of a client's identity is done by validating an authenticator. The authenticator contains the client's identity and a timestamp. To insure that the authenticator is up-to-date and is not an old one that has been captured by an attacker, the timestamp in the authenticator is checked against the current time. If the timestamp is not close enough to the current time (typically within five minutes) then the authenticator is rejected as invalid. Thus, Kerberos requires your system clocks to be loosely synchronized (the default is 5 minutes, but it can be adjusted in Version 5 to be whatever you want).

Reference: http://www.faqs.org/faqs/kerberos-faq/general/section-22.html

The correct answer is "You should make use of the Kerberos authentication method." Kerberos is a network authentication protocol that uses a trusted third-party authentication server to issue tickets to users. These tickets are then used by users to authenticate themselves to various services on the network. This method provides secure authentication and helps prevent unauthorized access to network resources.

All logs collected are used in the active and passive monitoring process. All logs are kept on archive for a period of time, called a retention period. This period of time will be determined by your company policies. This allows the use of logs for regular audits, and annual audits if retention is longer then a year. Logs must be secured to prevent modification, deletion, and destruction.

Administrator preference is often used to determine certain things like how long logs are retained ... but since these decisions can affect the ability of the company to go back and research potential security issues, it is a corporate issue that should be governed by a deliberate policy statement.

MTTF and MTTR are not relevant to setting the time for which logs will be retained. MTTF (Mean Time To Failure, sometimes called MTBF, Mean Time Before Failure) is related to the average amount of time a piece of equipment will be in service before it fails. MTTR (Mean Time To Repair) is a measure of how long it will take to repair the equipment when it fails.

Passwords should be easy to memorize, because that minimizes the chance that users will write the password down somewhere that others could see it.

Passwords should not be the same as the user ID, because that is one of the common passwords that common "password cracker" programs try, when attempting to discover passwords for accounts. Passwords must be changed at least once every 60 days (depending on your environment). Password aging or expiration must be enforced on all systems. Upon password expiration, if the password is not changed, only three grace logins must be allowed then the account must be disable until reset by an administrator or the help desk. Password reuse is not allowed (rotating passwords).

The correct answer is that you should make use of the Mandatory Access Control (MAC) model. This model uses security labels connected to the objects to determine access control. In MAC, access decisions are based on the security classification of the objects and the security clearances of the subjects. It ensures that only authorized users with the appropriate security clearances can access objects with matching security labels.

Mandatory Access Control (MAC) is a type of access control that is based on security labels assigned to every data item and every user. It enforces access control policies based on predefined rules and regulations, ensuring that only authorized users with the necessary security clearance can access specific data items. MAC is commonly used in high-security environments such as government or military systems to protect sensitive information. Role Based Access Control (RBAC), Discretionary Access Control (DAC), and List Based Access Control (LBAC) are also access control models, but they are not specifically based on security labels assigned to every data item and every user.

The MAC model is a static model that uses a predefined set of access privileges to files on the system. The system administrator establishes these parameters and associates them with an account, files or resources. The MAC model can be very restrictive.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 11

The correct answer is the Mandatory Access Control (MAC) access control model. This model assigns sensitivity labels to users and their data, ensuring that access to resources is based on predefined security policies and rules. In MAC, access decisions are determined by the system administrator rather than the user, and users have limited control over the access permissions.

The Role Based Access Control (RBAC) access control model would be most suitable for the given scenario. RBAC allows access to be granted based on the roles and responsibilities of users within an organization. In this case, the finance department only needs access to personal staff data, while the marketing department only needs access to production data. RBAC would allow administrators to assign specific roles to users in each department, ensuring that they have access to the appropriate data based on their job responsibilities. This model provides a more efficient and secure way of managing access control within the organization.

Social Engineering attacks: in computer security systems, this type of attack is usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. An example of a social engineering attack has a hacker impersonating a network service technician. The serviceman approaches a low-level employee and requests their password for network servicing purposes. When using smartcards instead of passwords, this type of attack is a bit more difficult. Most people would not trust an impersonator wishing to have their smartcard and PIN for service purposes.

Logical, physical and Trojan horse attacks are often much less successful when security is properly implemented on a network.

Each distinct department (sales, marketing, management, and production) has their own role in the company, which probably includes using the: filer server, print server, and mail server. So it would be wise to create roles for each department.

Multifactor authentication is the only option that includes multiple factors of authentication, such as a username, password, and thumbprint scan. Biometric authentication only includes the thumbprint scan, Kerberos authentication does not mention a thumbprint scan, and Mutual authentication does not mention any specific authentication factors. Therefore, Multifactor authentication is the most appropriate choice for this scenario.

A performance baseline is a reference point that represents the normal functioning and performance of a system. By establishing a baseline, any deviations from the normal behavior can be easily identified. In the context of security, detecting performance anomalies can be a strong indicator of a security breach. Unusual or unexpected changes in performance metrics may suggest that an attacker is manipulating the system or attempting to exploit vulnerabilities. Therefore, a performance baseline is most useful for detecting performance anomalies that may be due to security breaches.

The DAC model allows the owner of a resource to establish privileges to the information they own. The DAC model would allow a user to share a file or use a file that someone else has shared. The DAC model establishes an ACL that identifies the users who have authorized to that information. This allows the owner to grant or revoke access to individuals or group of individuals based on the situation. This model is dynamic in nature and allows information to be shared easily between users.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 12

In a Mandatory Access Control (MAC) environment, access decisions are based on sensitivity labels. Sensitivity labels are used to classify and categorize data based on its level of sensitivity or importance. These labels determine the level of access that users or processes have to the data. Access control lists, group membership, and ownership are not specifically associated with MAC environments, although they may be used in conjunction with MAC policies.

Explanation: Ensuring least privilege requires identifying what the user's job is, determining the minimum set of privileges required to perform that job, and restricting the user to a domain with those privileges and nothing more. By denying to subjects transactions that are not necessary for the performance of their duties, those denied privileges couldn't be used to circumvent the organizational security policy. Although the concept of least privilege currently exists within the context of the TCSEC, requirements restrict those privileges of the system administrator. Through the use of RBAC (role based access control), enforced minimum privileges for general system users can be easily achieved.

A DNS (Domain Name Service) server requires port 53. DNS servers use this port to listen for and respond to DNS queries from clients. When a client wants to resolve a domain name to an IP address, it sends a DNS query to the DNS server on port 53. The server then looks up the requested domain name in its database and returns the corresponding IP address to the client. Port 53 is specifically designated for DNS traffic, allowing DNS servers to efficiently handle DNS requests and provide domain name resolution services.

The correct answer is 65,535. TCP/IP has 65,535 ports, which are used for communication between devices on a network. Each port is assigned a specific number and is vulnerable to being scanned, exploited, or attacked if not properly secured. It is important to have robust security measures in place to protect these ports from unauthorized access and potential threats.

MAC is the acronym for Mandatory Access Control. It is important to note that mandatory controls are prohibitive (i.e., all that is not expressly permitted is forbidden), not permissive. Only within that context do discretionary controls operate, prohibiting still more access with the same exclusionary principle. In this type of control system decisions are based on privilege (clearance) of subject (user) and sensitivity (classification) of object (file). It requires labeling.

Under MAC, you define who is allowed to access objects, and if you haven't defined an access right, access is not permitted. So, it is not the case that All that is expressly permitted is forbidden, or that All that is not expressly permitted is not forbidden

Access control lists enable devices in your network to ignore requests from specified users or systems, or grant certain network capabilities to them. ACLs allow a stronger set of access controls to be established in your network. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 235

Mandatory Access Control is a strict hierarchical model usually associated with governments. All objects are given security labels known as sensitivity labels and are classified accordingly. Then all users are given specific security clearances as to what they are allowed to access.

Trojan Horse attacks - This attack involves a rogue, Trojan horse application that has been planted on an unsuspecting user's workstation. The Trojan horse waits until the user submits a valid PIN from a trusted application, thus enabling usage of the private key, and then asks the smartcard to digitally sign some rogue data. The operation completes but the user never knows that their private key was just used against their will.

Physical attacks involve physical access to hardware such as a network cable or keyboard. Social engineering attacks are based on taking advantage of human interaction rather than technology itself. (Frequently, social engineering attacks don't even require access to a computer.) There is no such thing as a "logical" attack, although many attacks do involve the use of logic to figure out how an application works and where its security vulnerabilities may be.

Netscape, Oracle, and Sun Microsystems have announced an alliance to ensure that their extranet products can work together by standardizing on JavaScript and the Common Object Request Broker Architecture (CORBA). Microsoft supports the Point-to-Point Tunneling Protocol (PPTP) and IPSec.

CORBA and DCOM are programming technologies.

Mutual authentication is the method that should be used to ensure that both the user and the server can authenticate each other. This method requires both parties to present valid credentials to establish trust and verify the identity of each other. It provides a higher level of security compared to other authentication methods mentioned, such as biometric, username/password, or multifactor authentication.

Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

Time synchronization is crucial because Kerberos uses server and workstation time as part of the authentication process.

not-available-via-ai

Mandatory Access Control is a strict hierarchical model, first developed by governments and it is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data. For instance, the most important piece of data would have the highest classification, where only the President would of that department would have access; while the least important resources would be classified at the bottom where everyone in the organization including the janitors could access it.

A file and print server should be located on a private network because it contains sensitive and confidential data that should only be accessed by authorized users within the organization. Placing it on a private network ensures that the server is protected from external threats and unauthorized access. Additionally, a private network provides better control and security measures, such as firewalls and access restrictions, to safeguard the data stored on the file and print server.

Access controls that are not based on the policy are characterized as discretionary controls by the U.S. government and as need-to-know controls by other organizations. The latter term connotes least privilege - those who may read an item of data are precisely those whose tasks entail the need.

Mandatory controls are based on policy. Secret controls and corrective controls are not related to access control.

If the key distribution centre is down, all of other systems dependent on those keys won't be able to function.

Rule based access control is based on a specific profile for each user. Information can be easily changed for only one user but this scheme may become a burden in a very large environment. A rule-based access control unit will intercept every request to the server and compare the source specific access conditions with the rights of the user in order to make an access decision. A good example could be a firewall. Here a set of rules defined by the network administrator is recorded in a file. Every time a connection is attempted (incoming or outgoing), the firewall software checks the rules file to see if the connection is allowed. If it is not, the firewall closes the connection.

Lattice-based access control is associated with Mandatory Access Control (MAC). Directory based and ID based access controls are not relevant.

Message authentication codes (MACs) are cryptographic algorithms that are used to provide integrity service. Integrity service ensures that the message has not been altered or tampered with during transmission. By using MACs, the sender can generate a tag or code that is attached to the message. The receiver can then verify the integrity of the message by recalculating the tag and comparing it with the received one. If the tags match, it means that the message has not been modified. MACs do not provide key recovery, fault recovery, or acknowledgement services.

A one time password is simply a password that has to be changed every time you log on; effectively making any intercepted password good for only the brief interval of time before the legitimate user happens to login themselves. So by chance, if someone were to intercept a password it would probably already be expired, or be on the verge of expiration within a matter of hours.

In a DAC model, network users have some flexibility regarding how information is accessed. This model allows users to dynamically share information with other users. The process allows a more flexible environment, but it increases the risk of unauthorized disclosure of information. Administrators will have a more difficult time ensuring that information access is controlled and that only appropriate access is given.

Reference: Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p 440

The word lattice is used to describe the upper and lower level bounds of a user' access permission.