20

Question 1

Which of the following passwords is the most complex?

Answer 1

** G$L3tU8wY@z **

It has 3 of the character groups in it

Question 2

An account policy setting that forces users to come up with a new password every time they are required to change their old password is called:

Answer 2

Password history

Question 3

Which of the account policy settings prevents users from reusing old passwords?

Answer 3

Password history

Question 4

Which of the following account management security measures narrows down a user’s computer access to specified hours?

Answer 4

Login time restrictions

Question 5

Which of the account policies listed below provides a countermeasure against malicious users attempting to determine an account password by trial and error?

Answer 5

Account lockout

Question 6

The term “Password vault” refers to a credential manager program that stores usernames and passwords in an encrypted form. Password vault requires a single master password for accessing a number of different passwords used for different websites or services.

Answer 6

True

Question 6

Which of the following answers refer(s) to (an) example(s) of physical authentication token(s)? (Select all that apply)

Answer 6

• RFID badge
• Password key
• Key fob
• Smart card

Question 7

During a password reminder procedure the system asks security question that covers personal details that should be known only to the user (e.g. user’s favorite holiday destination). This type of authentication method is an example of:

Answer 7

** KBA **

Knowledge-based authentication

Question 8

The difference between static KBA and dynamic KBA is that in the case of static KBA authentication process relies on pre-determined security questions and answers chosen in advance by the user during the account creation process. On the other hand, setting up dynamic KBA does not require user input, i.e. users are not asked to choose security questions during the account creation process. Instead, dynamic KBA relies on various public and private data sources that pertain to the user which makes it a more secure authentication method.

Answer 8

True

Question 9

Challenge Handshake Authentication Protocol (CHAP) is a remote access authentication protocol that periodically re-authenticates client at random intervals to prevent session hijacking.

Answer 9

True

Question 10

Which of the answers listed below refers to an obsolete authentication protocol that sends passwords in cleartext?

Answer 10

** PAP **

The authentication protocol that sends passwords in cleartext and is considered obsolete and insecure is PAP, which stands for Password Authentication Protocol. PAP transmits the password in plaintext, making it vulnerable to eavesdropping and interception.

Question 11

What are the characteristic features of RADIUS?

Answer 11

• Primarily used for network access
• Combines authentication and authorization
• Encrypts only the password in the access-request packet

Question 12

802.1X is an IEEE standard for implementing:

Answer 12

Port-based NAC

Question 13

An authentication subsystem that enables a user to access multiple, connected system components (such as separate hosts on a network) after a single login on only one of the components is known as:

Answer 13

** SSO **

Single sign-on (SSO)

Question 14

Which of the answers listed below refers to an XML-based markup language for exchanging authentication and authorization data?

Answer 14

** SAML **

The XML-based markup language for exchanging authentication and authorization data is SAML, which stands for Security Assertion Markup Language. SAML is commonly used in single sign-on (SSO) and identity federation scenarios to enable secure authentication and authorization between different domains, applications, or organizations. It allows for the exchange of assertions (security information) in a standardized XML format, facilitating trust and interoperability between systems and services.

Question 15

What are the characteristics of TACACS+?

Answer 15

• Encrypts the entire payload of the access-request packet
• Primarily used for device administration
• Separates authentication and authorization

Question 16

OAuth is an open standard for:

Answer 16

** OAuth **

OAuth (short for “Open Authorization”) is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords.

Question 17

OpenID Connect is a protocol used for:

Answer 17

Authentication

Question 18

A common implementation of identity and access controls used in federated SSO systems includes OpenID Connect and Oauth 2.0 used in conjunction to provide authentication and authorization services.

Answer 18

True

Question 19

Which of the following authentication protocols can be used to enable SSO in Windows-based network environments?

Answer 19

** Kerberos **

Kerberos is a widely used authentication protocol in Windows Active Directory environments for achieving SSO. It allows users to log in once and access various network resources without the need to enter their credentials repeatedly. It provides secure authentication and ticket-based authorization, making it a fundamental component of Windows-based SSO solutions.

Question 20

Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of:

Answer 20

** Kerberos **

Assigning a unique encrypted key, called a ticket, to each user that logs on to the network is a characteristic feature of Kerberos.

Kerberos is an authentication protocol that uses tickets to verify the identity of users and provide secure access to network resources. When a user logs on, they receive a ticket that proves their identity to other network services without sending their credentials in plaintext. This ticket-based authentication is a fundamental feature of Kerberos, ensuring secure and efficient authentication in network environments.

Question 21

In the Kerberos-based authentication process, the purpose of the client’s timestamp is to provide countermeasure against:

Answer 21

Replay attacks

Question 22

Which protocol ensures the reliability of the Kerberos authentication process?

Answer 22

NTP

Question 23

Which access control model defines access control rules with the use of statements that closely resemble natural language?

Answer 23

** ABAC **

The access control model that defines access control rules with the use of statements that closely resemble natural language is ABAC, which stands for Attribute-Based Access Control.

ABAC is a more flexible and dynamic access control model that uses attributes (characteristics or properties) of users, objects, and the environment to make access control decisions. These attributes can be combined in policies using statements that are more human-readable and resemble natural language, making it easier to define and manage access control rules based on various conditions and attributes.

Question 24

Examples of properties used for defining access policies in Attribute-Based Access Control (ABAC) model include:

Answer 24

• Subject (i.e. user or process requesting access)
• Type of action (for example “read”, “write”, “execute”)
• Resource type (medical record, bank account etc.)
• Environment (contextual data, such as time of day or geolocation)
  All of the above