CISSP Oicial (ISC)2 Practice Tests

NEXT

PREV

Chapter 4 Communication and Network Security (Domain 4)

Chapter 6 Security Assessment and Testing (Domain 6)

Chapter 5
Identity and Access Management (Domain 5)
1.Whichofthefollowingisbestdescribedasanaccesscontrolmodelthat
focusesonsubjectsandidentifiestheobjectsthateachsubjectcanaccess?
1.Anaccesscontrollist
2.Animplicitdeniallist
3.Acapabilitytable
4.Arightsmanagementmatrix

2.JimsorganizationwideimplementationofIDaaSoffersbroadsupport
forcloudbasedapplications.TheexistinginfrastructureforJims
companydoesnotusecentralizedidentityservicesbutusesActive
DirectoryforAAAservices.Whichofthefollowingchoicesisthebest
optiontorecommendtohandlethecompanysonsiteidentityneeds?
1.IntegrateonsitesystemsusingOAuth.
2.Useanonpremisethirdpartyidentityservice.
3.IntegrateonsitesystemsusingSAML.
4.Designaninhousesolutiontohandletheorganizationsuniqueneeds.

3.WhichofthefollowingisnotaweaknessinKerberos?
1.TheKDCisasinglepointoffailure.
2.CompromiseoftheKDCwouldallowattackerstoimpersonateanyuser.
3.Authenticationinformationisnotencrypted.
4.Itissusceptibletopasswordguessing.

4.Voicepatternrecognitioniswhattypeofauthenticationfactor?
1.Type1
2.Type2
3.Type3
4.Type4

5.IfSusansorganizationrequireshertologinwithherusername,aPIN,a
password,andaretinascan,howmanydistincttypesoffactorhasshe
used?
1.One
2.Two
3.Three
4.Four

6.Whichofthefollowingitemsarenotcommonlyassociatedwithrestricted
interfaces?
1.Shells
2.Keyboards
3.Menus

Enjoy Safari? Subscribe Today

4.Databaseviews

7.Duringalogreview,Sariadiscoversaseriesoflogsthatshowlogin
failuresasshownhere:
1.Jan3111:39:12ip10002sshd[29092]:Invaliduseradminfrom
remotehostpasswd=orange
2.Jan3111:39:20ip10002sshd[29098]:Invaliduseradminfrom
remotehostpasswd=Orang3
3.Jan3111:39:23ip10002sshd[29100]:Invaliduseradminfrom
remotehostpasswd=Orange93
4.Jan3111:39:31ip10002sshd[29106]:Invaliduseradminfrom
remotehostpasswd=Orangutan1
5.Jan3120:40:53ip1000254sshd[30520]:Invaliduseradminfrom
remotehostpasswd=Orangemonkey
WhattypeofattackhasSariadiscovered?
1.Abruteforceattack
2.Amaninthemiddleattack
3.Adictionaryattack
4.Arainbowtableattack

8.Whattypeofattackcanbepreventedbyusingatrustedpath?
1.Dictionaryattacks
2.Bruteforceattacks
3.Maninthemiddleattacks
4.Loginspoofing

9.Whatmajorissueoftenresultsfromdecentralizedaccesscontrol?
1.Accessoutagesmayoccur.
2.Controlisnotconsistent.
3.Controlistoogranular.
4.Trainingcostsarehigh.

10.Callbacktoahomephonenumberisanexampleofwhattypeoffactor?
1.Type1
2.Somewhereyouare
3.Type3
4.Geographic

11.KathleenneedstosetupanActiveDirectorytrusttoallowauthentication
withanexistingKerberosK5domain.Whattypeoftrustdoessheneedto
create?
1.Ashortcuttrust
2.Aforesttrust
3.Anexternaltrust
4.Arealmtrust

12.WhichofthefollowingAAAprotocolsisthemostcommonlyused?
1.TACACS
2.TACACS+
3.XTACACS
4.SuperTACACS

13.Whichofthefollowingisnotasinglesignonimplementation?
1.Kerberos
2.ADFS
3.CAS
4.RADIUS

14.Asseeninthefollowingimage,auseronaWindowssystemisnotableto
usetheSendMessagefunctionality.Whataccesscontrolmodelbest
describesthistypeoflimitation?

Enjoy Safari? Subscribe Today

1.Leastprivilege
2.Needtoknow
3.Constrainedinterface
4.Separationofduties

15.Whattypeofaccesscontrolsallowtheownerofafiletograntotherusers
accesstoitusinganaccesscontrollist?
1.Rolebased
2.Nondiscretionary
3.Rulebased
4.Discretionary

16.Alexsjobrequireshimtoseepersonalhealthinformation(PHI)to
ensurepropertreatmentofpatients.Hisaccesstotheirmedicalrecords
doesnotprovideaccesstopatientaddressesorbillinginformation.What
accesscontrolconceptbestdescribesthiscontrol?
1.Separationofduties
2.Constrainedinterfaces
3.Contextdependentcontrol
4.Needtoknow
UsingyourknowledgeoftheKerberoslogonprocessandthefollowing
diagram,answerquestions17,18,and19.

17.AtpointAinthediagram,theclientsendstheusernameandpasswordto
theKDC.Howistheusernameandpasswordprotected?
1.3DESencryption
2.TLSencryption
3.SSLencryption
4.AESencryption

18.AtpointBinthediagram,whattwoimportantelementsdoestheKDC
sendtotheclientafterverifyingthattheusernameisvalid?

Enjoy Safari? Subscribe Today

1.AnencryptedTGTandapublickey
2.Anaccessticketandapublickey

3.Anencrypted,timestampedTGTandasymmetrickeyencryptedwitha
hashoftheuserspassword
4.Anencrypted,timestampedTGTandanaccesstoken

19.WhattasksmusttheclientperformbeforeitcanusetheTGT?
1.ItmustgenerateahashoftheTGTanddecryptthesymmetrickey.
2.ItmustinstalltheTGTanddecryptthesymmetrickey.
3.ItmustdecrypttheTGTandthesymmetrickey.
4.ItmustsendavalidresponseusingthesymmetrickeytotheKDCand
mustinstalltheTGT.

20.Jacobisplanninghisorganizationsbiometricauthenticationsystemand
isconsideringretinascans.Whatconcernmayberaisedaboutretina
scansbyothersinhisorganization?
1.Retinascanscanrevealinformationaboutmedicalconditions.
2.Retinascansarepainfulbecausetheyrequireapuffofairintheusers
eye.
3.Retinascannersarethemostexpensivetypeofbiometricdevice.
4.Retinascannershaveahighfalsepositiverateandwillcausesupport
issues.

21.Mandatoryaccesscontrolisbasedonwhattypeofmodel?
1.Discretionary
2.Groupbased
3.Latticebased
4.Rulebased

22.Whichofthefollowingisnotatypeofattackusedagainstaccesscontrols?
1.Dictionaryattack
2.Bruteforceattack
3.Teardrop
4.Maninthemiddleattack

23.Whatisthebestwaytoprovideaccountabilityfortheuseofidentities?
1.Logging
2.Authorization
3.Digitalsignatures
4.Type1authentication

24.Jimhasworkedinhumanrelations,payroll,andcustomerserviceroles
inhiscompanyoverthepastfewyears.Whattypeofprocessshouldhis
companyperformtoensurethathehasappropriaterights?
1.Reprovisioning
2.Accountreview
3.Privilegecreep
4.Accountrevocation

25.Bibaiswhattypeofaccesscontrolmodel?
1.MAC
2.DAC
3.RoleBAC
4.ABAC

26.Whichofthefollowingisaclient/serverprotocoldesignedtoallow
networkaccessserverstoauthenticateremoteusersbysendingaccess
requestmessagestoacentralserver?
1.Kerberos
2.EAP
3.RADIUS
4.OAuth

Enjoy Safari? Subscribe Today

27.Whattypeofaccesscontrolisbeingusedinthefollowingpermission
listing:

1.StorageDeviceX
HighlySensitive

Red

Blue

Green

2.User1:Canread,write,list
3.User2:Canread,list
4.User3:Canread,write,list,delete
5.User4:Canlist
1.Resourcebasedaccesscontrols
2.Rolebasedaccesscontrols
3.Mandatoryaccesscontrols
4.Rulebasedaccesscontrols

28.AngelausesasniffertomonitortrafficfromaRADIUSserverconfigured
withdefaultsettings.Whatprotocolshouldshemonitorandwhattraffic
willshebeabletoread?
1.UDP,none.AllRADIUStrafficisencrypted.
2.TCP,alltrafficbutthepasswords,whichareencrypted
3.UDP,alltrafficbutthepasswords,whichareencrypted
4.TCP,none.AllRADIUStrafficisencrypted.

29.WhichofthefollowingisnotpartofaKerberosauthenticationsystem?
1.KDC
2.TGT
3.AS
4.TS

30.Whenanapplicationorsystemallowsaloggedinusertoperform
specificactions,itisanexampleofwhat?
1.Roles
2.Groupmanagement
3.Logins
4.Authorization

31.Alexhasbeenemployedbyhiscompanyforoveradecadeandhashelda
numberofpositionsinthecompany.Duringanaudit,itisdiscoveredthat
hehasaccesstosharedfoldersandapplicationsduetohisformerroles.
WhatissuehasAlexscompanyencountered?
1.Excessiveprovisioning
2.Unauthorizedaccess
3.Privilegecreep
4.Accountreview

32.Whichofthefollowingisnotacommonthreattoaccesscontrol
mechanisms?
1.Fakeloginpages
2.Phishing
3.Dictionaryattacks
4.Maninthemiddleattacks

33.Whattermproperlydescribeswhatoccurswhentwoormoreprocesses
requireaccesstothesameresourceandmustcompletetheirtasksinthe
properorderfornormalfunction?
1.Collisions
2.Raceconditions
3.Determinism
4.Outoforderexecution

34.Whattypeofaccesscontrolschemeisshowninthefollowingtable?
HighlySensitive

Red

Blue

Green

Confidential

Purple

Orange

Yellow

InternalUse

Black

Gray

White

Public

Clear Subscribe
Clear
Clear
Enjoy Safari?
Today

1.RBAC
2.DAC
3.MAC
4.TBAC

35.WhichofthefollowingisnotavalidLDAPDN(distinguishedname)?
1.cn=ben+ou=sales
2.ou=example
3.cn=ben,ou=example
4.ou=example,dc=example,dc=com+dc=org

36.Whenasubjectclaimsanidentity,whatprocessisoccurring?
1.Login
2.Identification
3.Authorization
4.Tokenpresentation

37.Dogs,guards,andfencesareallcommonexamplesofwhattypeof
control?
1.Detective
2.Recovery
3.Administrative
4.Physical

38.Susansorganizationisupdatingitspasswordpolicyandwantstousethe
strongestpossiblepasswords.Whatpasswordrequirementwillhavethe
highestimpactinpreventingbruteforceattacks?
1.Changemaximumagefrom1yearto180days.
2.Increasetheminimumpasswordlengthfrom8charactersto16
characters.
3.Increasethepasswordcomplexitysothatatleastthreecharacterclasses
(suchasuppercase,lowercase,numbers,andsymbols)arerequired.
4.Retainapasswordhistoryofatleastfourpasswordstopreventreuse.

39.Whatisthestoredsampleofabiometricfactorcalled?
1.Areferencetemplate
2.Atokenstore
3.Abiometricpassword
4.Anenrollmentartifact

40.Whenmightanorganizationusingbiometricschoosetoallowahigher
FRRinsteadofahigherFAR?
1.Whensecurityismoreimportantthanusability
2.Whenfalserejectionisnotaconcernduetodataquality
3.WhentheCERofthesystemisnotknown
4.WhentheCERofthesystemisveryhigh

41.Susanisworkingtoimprovethestrengthofherorganizationspasswords
bychangingthepasswordpolicy.Thepasswordsystemthatsheisusing
allowsupperandlowercaselettersaswellasnumbersbutnoother
characters.Howmuchadditionalcomplexitydoesaddingasingle
charactertotheminimumlengthofpasswordsforherorganization
create?
1.26timesmorecomplex
2.62timesmorecomplex
3.36timesmorecomplex
4.2^62timesmorecomplex

42.Whichpairofthefollowingfactorsarekeyforuseracceptanceof
biometricidentificationsystems?
1.TheFAR
2.Thethroughputrateandthetimerequiredtoenroll

Enjoy Safari? Subscribe Today

3.TheCERandtheERR

4.Howoftenusersmustreenrollandthereferenceprofilerequirements
AlexisinchargeofSAMLintegrationwithamajorthirdpartypartner
thatprovidesavarietyofbusinessproductivityservicesforhis
organization.UsingthefollowingdiagramandyourknowledgeofSAML
integrationsandsecurityarchitecturedesign,answerquestions43,44,
and45.

43.AlexisconcernedabouteavesdroppingontheSAMLtrafficandalso
wantstoensurethatforgedassertionswillnotbesuccessful.Whatshould
hedotopreventthesepotentialattacks?
1.UseSAMLssecuremodetoprovidesecureauthentication.
2.ImplementTLSusingastrongciphersuite,whichwillprotectagainst
bothtypesofattacks.
3.ImplementTLSusingastrongciphersuiteandusedigitalsignatures.
4.ImplementTLSusingastrongciphersuiteandmessagehashing.

44.IfAlexsorganizationisonethatisprimarilymadeupofoffsite,traveling
users,whatavailabilityriskdoesintegrationofcriticalbusiness
applicationstoonsiteauthenticationcreateandhowcouldhesolveit?
1.ThirdpartyintegrationmaynotbetrustworthyuseSSLanddigital
signatures.
2.Ifthehomeorganizationisoffline,travelinguserswontbeabletoaccess
thirdpartyapplicationsimplementahybridcloud/localauthentication
system.
3.Localusersmaynotbeproperlyredirectedtothethirdpartyservices
implementalocalgateway.
4.Browsersmaynotproperlyredirectusehostfilestoensurethatissues
withredirectsareresolved.

45.Whatsolutioncanbesthelpaddressconcernsaboutthirdpartiesthat
controlSSOdirectsasshowninstep2inthediagram?
1.Anawarenesscampaignabouttrustedthirdparties
2.TLS
3.Handlingredirectsatthelocalsite
4.ImplementinganIPStocaptureSSOredirectattacks

46.Susanhasbeenaskedtorecommendwhetherherorganizationshoulduse
amandatoryaccesscontrolschemeoradiscretionaryaccesscontrol
scheme.Ifflexibilityandscalabilityisanimportantrequirementfor
implementingaccesscontrols,whichschemeshouldsherecommendand
why?
1.MAC,becauseitprovidesgreaterscalabilityandflexibilitybecauseyou
cansimplyaddmorelabelsasneeded
2.DAC,becauseallowingindividualadministratorstomakechoicesabout
theobjectstheycontrolprovidesscalabilityandflexibility
3.MAC,becausecompartmentalizationiswellsuitedtoflexibilityand
addingcompartmentswillallowittoscalewell
4.DAC,becauseacentraldecisionprocessallowsquickresponsesandwill
providescalabilitybyreducingthenumberofdecisionsrequiredand
flexibilitybymovingthosedecisionstoacentralauthority

Enjoy Safari? Subscribe Today

47.Whichofthefollowingtoolsisnottypicallyusedtoverifythata

provisioningprocesswasfollowedinawaythatensuresthatthe

organizationssecuritypolicyisbeingfollowed?
1.Logreview
2.Manualreviewofpermissions
3.Signaturebaseddetection
4.Reviewtheaudittrail

48.Laurenneedstosendinformationaboutservicessheisprovisioningtoa
thirdpartyorganization.Whatstandardsbasedmarkuplanguageshould
shechoosetobuildtheinterface?
1.SAML
2.SOAP
3.SPML
4.XACML

49.Duringapenetrationtest,Chrisrecoversafilecontaininghashed
passwordsforthesystemheisattemptingtoaccess.Whattypeofattackis
mostlikelytosucceedagainstthehashedpasswords?
1.Abruteforceattack
2.Apassthehashattack
3.Arainbowtableattack
4.Asaltrecoveryattack

50.Googlesidentityintegrationwithavarietyoforganizationsand
applicationsacrossdomainsisanexampleofwhichofthefollowing?
1.PKI
2.Federation
3.Singlesignon
4.Provisioning

51.Laurenstartsathernewjobandfindsthatshehasaccesstoavarietyof
systemsthatshedoesnotneedaccesstotoaccomplishherjob.What
problemhassheencountered?
1.Privilegecreep
2.Rightscollision
3.Leastprivilege
4.Excessiveprivileges

52.WhenChrisverifiesanindividualsidentityandaddsauniqueidentifier
likeauserIDtoanidentitysystem,whatprocesshasoccurred?
1.Identityproofing
2.Registration
3.Directorymanagement
4.Sessionmanagement

53.JimconfigureshisLDAPclienttoconnecttoanLDAPdirectoryserver.
Accordingtotheconfigurationguide,hisclientshouldconnecttothe
serveronport636.WhatdoesthisindicatetoJimaboutthe
configurationoftheLDAPserver?
1.ItrequiresconnectionsoverSSL/TLS.
2.Itsupportsonlyunencryptedconnections.
3.Itprovidesglobalcatalogservices.
4.Itdoesnotprovideglobalcatalogservices.

54.TheX.500standardscoverwhattypeofimportantidentitysystems?
1.Kerberos
2.Provisioningservices
3.Biometricauthenticationsystems
4.Directoryservices

55.MicrosoftsActiveDirectoryDomainServicesisbasedonwhichofthe
followingtechnologies?
1.RADIUS
2.LDAP

Enjoy Safari? Subscribe Today

3.SSO
4.PKI

56.Laurenisresponsibleforbuildingabankingwebsite.Sheneedsproofof
theidentityoftheuserswhoregisterforthesite.Howshouldshevalidate
useridentities?
1.Requireuserstocreateuniquequestionsthatonlytheywillknow.
2.Requirenewuserstobringtheirdriverslicenseorpassportinpersonto
thebank.
3.Useinformationthatboththebankandtheuserhavesuchasquestions
pulledfromtheircreditreport.
4.Calltheuserontheirregisteredphonenumbertoverifythattheyarewho
theyclaimtobe.

57.Bydefault,inwhatformatdoesOpenLDAPstorethevalueofthe
userPasswordattribute?
1.Intheclear
2.Saltedandhashed
3.MD5hashed
4.EncryptedusingAES256encryption

58.Anewcustomeratabankthatusesfingerprintscannerstoauthenticate
itsusersissurprisedwhenhescanshisfingerprintandisloggedinto
anothercustomersaccount.Whattypeofbiometricfactorerroroccurred?
1.Aregistrationerror
2.AType1error
3.AType2error
4.Atimeofuse,methodofuseerror

59.Whattypeofaccesscontrolistypicallyusedbyfirewalls?
1.Discretionaryaccesscontrols
2.Rulebasedaccesscontrols
3.Taskbasedaccesscontrol
4.Mandatoryaccesscontrols

60.WhenyouinputauserIDandpassword,youareperformingwhat
importantidentityandaccessmanagementactivity?
1.Authorization
2.Validation
3.Authentication
4.Login

61.Kathleenworksforadatacenterhostingfacilitythatprovidesphysical
datacenterspaceforindividualsandorganizations.Untilrecently,each
clientwasgivenamagneticstripbasedkeycardtoaccessthesectionof
thefacilitywheretheirserversarelocated,andtheywerealsogivena
keytoaccessthecageorrackwheretheirserversreside.Inthepast
month,anumberofservershavebeenstolen,butthelogsforthe
passcardsshowonlyvalidIDs.WhatisKathleensbestoptiontomake
surethattheusersofthepasscardsarewhotheyaresupposedtobe?
1.AddareaderthatrequiresaPINforpasscardusers.
2.Addacamerasystemtothefacilitytoobservewhoisaccessingservers.
3.Addabiometricfactor.
4.Replacethemagneticstripekeycardswithsmartcards.

62.Whichofthefollowingisaticketbasedauthenticationprotocoldesigned
toprovidesecurecommunication?
1.RADIUS
2.OAuth
3.SAML
4.Kerberos

63.Whattypeofaccesscontroliscomposedofpoliciesandproceduresthat
supportregulations,requirements,andtheorganizationsownpolicies?

Enjoy Safari? Subscribe Today

1.Corrective

2.Logical
3.Compensating
4.Administrative

64.InaKerberosenvironment,whenauserneedstoaccessanetwork
resource,whatissenttotheTGS?
1.ATGT
2.AnAS
3.TheSS
4.Asessionkey

65.WhichobjectsandsubjectshavealabelinaMACmodel?
1.ObjectsandsubjectsthatareclassifiedasConfidential,Secret,orTop
Secrethavealabel.
2.Allobjectshavealabel,andallsubjectshaveacompartment.
3.Allobjectsandsubjectshavealabel.
4.Allsubjectshavealabelandallobjectshaveacompartment.
Chrisistheidentityarchitectforagrowingecommercewebsitethat
wantstoleveragesocialidentity.Todothis,heandhisteamintendto
allowuserstousetheirexistingGoogleaccountsastheirprimary
accountswhenusingtheecommercesite.Thismeansthatwhenanew
userinitiallyconnectstotheecommerceplatform,theyaregiventhe
choicebetweenusingtheirGoogle+accountusingOAuth2.0,orcreating
anewaccountontheplatformusingtheirownemailaddressanda
passwordoftheirchoice.
Usingthisinformationandthefollowingdiagramofanexample
authenticationflow,answerquestions66,67,and68.

66.WhentheecommerceapplicationcreatesanaccountforaGoogle+user,
whereshouldthatuserspasswordbestored?
1.Thepasswordisstoredintheecommerceapplicationsdatabase.
2.Thepasswordisstoredinmemoryontheecommerceapplications
server.
3.ThepasswordisstoredinGooglesaccountmanagementsystem.
4.Thepasswordisneverstoredinstead,asaltedhashisstoredinGoogles
accountmanagementsystem.

67.Whichsystemorsystemsis/areresponsibleforuserauthenticationfor
Google+users?
1.Theecommerceapplication
2.BoththeecommerceapplicationandGoogleservers
3.Googleservers
4.Thediagramdoesnotprovideenoughinformationtodeterminethis.

68.Whattypeofattackisthecreationandexchangeofstatetokensintended
toprevent?
1.XSS
2.CSRF

Enjoy Safari? Subscribe Today

3.SQLinjection

4.XACML

69.QuestionslikeWhatisyourpetsname?areexamplesofwhattypeof
identityproofing?
1.Knowledgebasedauthentication
2.Dynamicknowledgebasedauthentication
3.Outofbandidentityproofing
4.AType3authenticationfactor

70.Laurenbuildsatablethatincludesassignedprivileges,objects,and
subjectstomanageaccesscontrolforthesystemssheisresponsiblefor.
Eachtimeasubjectattemptstoaccessanobject,thesystemscheckthe
tabletoensurethatthesubjecthastheappropriaterightstotheobjects.
WhattypeofaccesscontrolsystemisLaurenusing?
1.Acapabilitytable
2.Anaccesscontrollist
3.Anaccesscontrolmatrix
4.Asubject/objectrightsmanagementsystem

71.Duringareviewofsupportincidents,Bensorganizationdiscoveredthat
passwordchangesaccountedformorethanaquarterofitshelpdesks
cases.Whichofthefollowingoptionswouldbemostlikelytodecrease
thatnumbersignificantly?
1.Twofactorauthentication
2.Biometricauthentication
3.Selfservicepasswordreset
4.Passphrases

72.BrianslargeorganizationhasusedRADIUSforAAAservicesforits
networkdevicesforyearsandhasrecentlybecomeawareofsecurity
issueswiththeunencryptedinformationtransferredduring
authentication.HowshouldBrianimplementencryptionforRADIUS?
1.UsethebuiltinencryptioninRADIUS.
2.ImplementRADIUSoveritsnativeUDPusingTLSforprotection.
3.ImplementRADIUSoverTCPusingTLSforprotection.
4.UseanAES256presharedcipherbetweendevices.

73.Jimwantstoallowcloudbasedapplicationstoactonhisbehalftoaccess
informationfromothersites.Whichofthefollowingtoolscanallowthat?
1.Kerberos
2.OAuth
3.OpenID
4.LDAP

74.Bensorganizationhashadanissuewithunauthorizedaccessto
applicationsandworkstationsduringthelunchhourwhenemployees
arentattheirdesk.Whatarethebesttypeofsessionmanagement
solutionsforBentorecommendtohelppreventthistypeofaccess?
1.UsesessionIDsforallaccessandverifysystemIPaddressesofall
workstations.
2.Setsessiontimeoutsforapplicationsandusepasswordprotected
screensaverswithinactivitytimeoutsonworkstations.
3.UsesessionIDsforallapplications,andusepasswordprotected
screensaverswithinactivitytimeoutsonworkstations.
4.SetsessiontimeoutsforapplicationsandverifysystemIPaddressesof
allworkstations.

75.Laurenisaninformationsecurityanalysttaskedwithdeploying
technicalaccesscontrolsforherorganization.Whichofthefollowingis
notalogicalortechnicalaccesscontrol?
1.Passwords
2.Firewalls
3.RAIDarrays
4.Routers

Enjoy Safari? Subscribe Today

76.ThefinancialservicescompanythatSusanworksforprovidesaweb
portalforitsusers.Whenusersneedtoverifytheiridentity,thecompany
usesinformationfromthirdpartysourcestoaskquestionsbasedontheir
pastcreditreports,suchas,Whichofthefollowingstreetsdidyouliveon
in2007?WhatprocessisSusansorganizationusing?
1.Identityproofing
2.Passwordverification
3.AuthenticatingwithType2authenticationfactor
4.Outofbandidentityproofing

77.TheUSgovernmentCACisanexampleofwhatformofType2
authenticationfactor?
1.Atoken
2.Abiometricidentifier
3.Asmartcard
4.APIV

78.WhatauthenticationtechnologycanbepairedwithOAuthtoperform
identityverificationandobtainuserprofileinformationusingaRESTful
API?
1.SAML
2.Shibboleth
3.OpenIDConnect
4.Higgins

79.JimhasSecretclearanceandisaccessingfilesthatuseamandatory
accesscontrolschemetoapplytheTopSecret,Secret,Confidential,and
Unclassifiedlabelscheme.Ifhisrightsincludetheabilitytoaccessall
dataofhisclearancelevelorlower,whatclassificationlevelsofdatacan
heaccess?
1.TopSecretandSecret
2.Secret,Confidential,andUnclassified
3.Secretdataonly
4.SecretandUnclassified

80.ThesecurityadministratorsatthecompanythatSusanworksforhave
configuredtheworkstationsheusestoallowhertologinonlyduringher
workhours.Whattypeofaccesscontrolbestdescribesthislimitation?
1.Constrainedinterface
2.Contextdependentcontrol
3.Contentdependentcontrol
4.Leastprivilege

81.WhenLaurenusesafingerprintscannertoaccessherbankaccount,
whattypeofauthenticationfactorissheusing?
1.Type1
2.Type2
3.Type3
4.Type4

82.Whichofthefollowingisnotanaccesscontrollayer?
1.Physical
2.Policy
3.Administrative
4.Technical

83.Benusesasoftwarebasedtokenwhichchangesitscodeeveryminute.
Whattypeoftokenisheusing?
1.Asynchronous
2.Smartcard
3.Synchronous
4.Static

Enjoy Safari? Subscribe Today

84.Whattypeoftokenbasedauthenticationsystemusesa
challenge/responseprocessinwhichthechallengehastobeenteredon
thetoken?
1.Asynchronous
2.Smartcard
3.Synchronous
4.RFID
Bensorganizationisadoptingbiometricauthenticationforitshigh
securitybuildingsaccesscontrolsystem.Usingthefollowingchart,
answerquestions85,86,and87abouttheorganizationsadoptionofthe
technology.

85.Benscompanyisconsideringconfiguringitssystemstoworkatthelevel
shownbypointAonthediagram.Towhatlevelisitsettingthe
sensitivity?
1.TheFRRcrossover
2.TheFARpoint
3.TheCER
4.TheCFR

86.AtpointB,whatproblemislikelytooccur?
1.Falseacceptancewillbeveryhigh.
2.Falserejectionwillbeveryhigh.
3.Falserejectionwillbeverylow.
4.Falseacceptancewillbeverylow.

87.WhatshouldBendoiftheFARandFRRshowninthisdiagramdoesnot
provideanacceptableperformancelevelforhisorganizationsneeds?
1.Adjustthesensitivityofthebiometricdevices.
2.Assessotherbiometricsystemstocomparethem.
3.MovetheCER.
4.AdjusttheFRRsettingsinsoftware.

88.WhatLDAPauthenticationmodecanprovidesecureauthentication?
1.Anonymous
2.SASL
3.Simple
4.SLDAP

89.WhichofthefollowingType3authenticatorsisappropriatetouseby
itselfratherthanincombinationwithotherbiometricfactors?
1.Voicepatternrecognition
2.Handgeometry
3.Palmscans
4.Heart/pulsepatterns

90.WhatdangeriscreatedbyallowingtheOpenIDrelyingpartytocontrol
theconnectiontotheOpenIDprovider?
1.ItmaycauseincorrectselectionoftheproperOpenIDprovider.

Enjoy Safari? Subscribe Today

2.Itcreatesthepossibilityofaphishingattackbysendingdatatoafake
OpenIDprovider.

3.Therelyingpartymaybeabletostealtheclientsusernameand
password.
4.Therelyingpartymaynotsendasignedassertion.

91.Jimisimplementingacloudidentitysolutionforhisorganization.What
typeoftechnologyisheputtinginplace?
1.IdentityasaService
2.EmployeeIDasaService
3.CloudbasedRADIUS
4.OAuth

92.RAID5isanexampleofwhattypeofcontrol?
1.Administrative
2.Recovery
3.Compensation
4.Logical

93.WhenAlexsetsthepermissionsshowninthefollowingimageasoneof
manyusersonaLinuxserver,whattypeofaccesscontrolmodelishe
leveraging?

1.Rolebasedaccesscontrol
2.Rulebasedaccesscontrol
3.Mandatoryaccesscontrol
4.Discretionaryaccesscontrol

94.WhatopenprotocolwasdesignedtoreplaceRADIUSincludingsupport
foradditionalcommandsandprotocols,replacingUDPtrafficwithTCP,
andprovidingforextensiblecommandsbutdoesnotpreservebackward
compatibilitywithRADIUS?
1.TACACS
2.RADIUSNG
3.Kerberos
4.Diameter

95.LDAPdistinguishednames(DNs)aremadeupofcommaseparated
componentscalledrelativedistinguishednames(RDNs)thathavean
attributenameandavalue.DNsbecomelessspecificastheyprogress
fromlefttoright.WhichofthefollowingLDAPDNbestfitsthisrule?
1.uid=ben,ou=sales,dc=example,dc=com
2.uid=ben,dc=com,dc=example
3.dc=com,dc=example,ou=sales,uid=ben
4.ou=sales,dc=com,dc=example

96.SusanistroubleshootingKerberosauthenticationproblemswith
symptomsincludingTGTsthatarenotacceptedasvalidandaninability
toreceivenewtickets.Ifthesystemsheistroubleshootingisproperly
configuredforKerberosauthentication,herusernameandpasswordare
correct,andhernetworkconnectionisfunctioning,whatisthemost
likelyissue?
1.TheKerberosserverisoffline.
2.Thereisaprotocolmismatch.
3.TheclientsTGTshavebeenmarkedascompromisedanddeauthorized.
4.TheKerberosserverandthelocalclientstimeclocksarenot
synchronized.

97.Kerberos,KryptoKnight,andSESAMEareallexamplesofwhattypeof
system?
1.SSO
2.PKI
3.CMS

Enjoy Safari? Subscribe Today

4.Directory

98.Whichofthefollowingtypesofaccesscontrolsdonotdescribealock?
1.Physical
2.Directive
3.Preventative
4.Deterrent

99.WhatauthenticationprotocoldoesWindowsusebydefaultforActive
Directorysystems?
1.RADIUS
2.Kerberos
3.OAuth
4.TACACS+

100.AlexconfigureshisLDAPservertoprovideserviceson636and3269.
WhattypeofLDAPserviceshasheconfiguredbasedonLDAPsdefault
ports?
1.UnsecureLDAPandunsecureglobaldirectory
2.UnsecureLDAPandsecureglobaldirectory
3.SecureLDAPandsecureglobaldirectory
4.SecureLDAPandunsecureglobaldirectory

NEXT

PREV

Recommended
/ Queue / History
Topics / Tutorials
/ Settings4)/ Blog / Get the App / Sign
Chapter
Out 6 Security Assessment and Testing (Domain 6)
Chapter 4 Communication
and/Network
Security (Domain
2016 Safari. Terms of Service / Privacy Policy

Enjoy Safari? Subscribe Today