Chapter 12

Question 1

What protocol offers the capability to deploy RADIUS in an Ethernet network?

a) CHAP V2
b) PAP
c) EAP
d) MSCHAP
e) CHAP V3

Answer 1

EAP

Question 2

The security administrator for Corp.com has been directed by the CIO toimplement a secure wireless authentication method that uses a remote RADIUS server for authentication. Which of the follwing authentication methods should be used?

a) CHAP
b) LEAP
c) MS-CHAP
d) PAP

Answer 2

b) LEAP

Question 3

Which of the following are both an access server and also a system of distributed security that secures remote access against improper attempts?

a) NAC+
b) SSH
c) TELNET
d) RRAS
e) RADIUS

Answer 3

RADIUS

Question 4

A sytem administrator is using a packet sniffer to troubleshoot remote authentication. The sniffer detects a device trying to communicate on UDP ports 1812 and 1813. Which of the following authenictation methods is being attempted?

a) TACACS
b) LDAP
c) Kerberos
d) RADIUS

Answer 4

RADIUS

Question 5

What is the core priniciple behind RADIUS?

a) centralized security
b) distributed challenge and response
c) ticket granting ticket
d) distributed security

Answer 5

d) distributed security

Question 6

What is the current version of TACACS?

a. XTACACS
b. TACACS+
c. TACACS v9
d. TRACACS

Answer 6

b. TACACS+

Question 7

How is the Security Assertion Markup Language (SAML) used?

a. It allows secure web domains to exchange user authentication and authorization data.
b. It is a backup to a RADIUS server.
c. It is an authenticator in IEEE 802.1x.
d. It is no longer used because it has been replaced by LDAP.

Answer 7

a. It allows secure web domains to exchange user authentication

Question 8

A RADIUS authentication server requires the ________ to be authenticated first.

a. authenticator
b. user
c. authentication server
d. supplicant

Answer 8

d. supplicant

Question 9

Which of the following is NOT true regarding how an enterprise should handle an orphaned or dormant account?

a. A formal procedure should be in place for disabling accounts for employees who are dismissed, resign, or retire from the organization.
b. Access should be ended as soon as the employee is no longer part of the organization.
c. Logs should be monitored because current employees are sometimes tempted to use an older dormant account instead of their own account.
d. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

Answer 9

d. All orphaned and dormant accounts should be deleted immediately whenever they are discovered.

Question 10

With the development of IEEE 802.1x port security, what type of authentication server has seen even greater usage?

a. RADIUS
b. Lite RDAP
c. DAP
d. RDAP

Answer 10

a. RADIUS

Question 11

Which of the following is NOT part of the AAA framework?

a. Authentication
b. Access
c. Authorization
d. Accounting

Answer 11

b. Access

Question 12

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

a. Lite RDAP
b. DAP
c. LDAP
d. IEEE X.501

Answer 12

c. LDAP

Question 13

Raul has been asked to serve as the individual to whom day-to-day actions have been assigned by the owner. What role is Raul taking?

a. Privacy officer
b. End-user
c. Custodian
d. Operator

Answer 13

c. Custodian

Question 14

Which access control model is the most restrictive?

a. DAC
b. MAC
c. Role-Based Access Control
d. Rule-Based Access Control

Answer 14

b. MAC

Question 15

Which type of access control model uses predefined rules that makes it flexible?

a. ABAC
b. DAC
c. MAC
d. Rule-Based Access Control

Answer 15

a. ABAC

Question 16

Which can be used to establish geographical boundaries where a mobile device can and cannot be used?

a. Location-based policies
b. Restricted access control policies
c. Geolocation policies
d. Mobile device policies

Answer 16

a. Location-based policies

Question 17

Which statement about Rule-Based Access Control is true?

a. It requires that a custodian set all rules.
b. It is considered obsolete today.
c. It dynamically assigns roles to subjects based on rules.
d. It is considered a real-world approach by linking a user’s job function with security.

Answer 17

c. It dynamically assigns roles to subjects based on rules.

Question 18

Which of the following would NOT be considered as part of a clean desk policy?

a. Do not share passwords with other employees.
b. Lock computer workstations when leaving the office.
c. Place laptops in a locked filing cabinet.
d. Keep mass storage devices locked in a drawer when not in use.

Answer 18

a. Do not share passwords with other employees.

Question 19

Which of these is a set of permissions that is attached to an object?

a. Access control list (ACL)
b. Subject Access Entity (SAE)
c. Object modifier
d. Security entry designator

Answer 19

a. Access control list (ACL)

Question 20

Which Microsoft Windows feature provides group-based access control for centralized management and configuration of computers and remote users who are using Active Directory?

a. Windows Registry Settings
b. AD Management Services (ADMS)
c. Group Policy
d. Resource Allocation Entities

Answer 20

c. Group Policy

Question 21

What can be used to provide both file system security and database security?

a. RBASEs
b. LDAPs
c. CHAPs
d. ACLs

Answer 21

d. ACLs

Question 22

What is the least restrictive access control model?

a. DAC
b. ABAC
c. MAC
d. Rule-Based Access Control

Answer 22

a. DAC

Question 23

What is the secure version of LDAP?

a. LDAPS
b. Secure DAP
c. X.500
d. 802.1x

Answer 23

a. LDAPS

Question 24

Which of the following is the Microsoft version of EAP?

a. EAP-MS
b. MS-CHAP
c. PAP-MICROSOFT
d. AD-EAP

Answer 24

b. MS-CHAP

Question 25

Which of the following involves rights given to access specific resources?

Answer 25

a. Identification
b. Access
c. Authorization
d. Accounting