Domain 5.0 Access Control and Identity Management Flashcards
What element of a Kerberos ticket makes it secure against re-use?
A. It requires the subject to claim an identity
B. Multiple KDCs can exist on the same network
C. A timestamp is added before being sent to the user
D. It is based on the hash of the password
C. A timestamp is added before being sent to the user
Which of the following is not one of the three features or services commonly referred to as AAA provided by TACACS?
A. Authentication
B. Availability
C. Authorization
D. Auditing
B. Availability
AAA - Authentication, Authorization, Accounting
TACACS - Terminal Access Controller Access Control System
LDAP’s naming and organizational scheme is based on what standard?
A. X.500
B. 802.11x
C. RFC 1918
D. RBAC
A. X.500
LDAP - Lightweight Directory Access Protocol
RFC - Request For Comments (??)
RBAC - Role Based Access Control and Rules Based Access Control
What is the default service port of RADIUS?
A. UDP 1812
B. TCP 1812
C. UDP 49
D. TCP 49
A. UDP 1812
RADIUS - Remote Authentication Dial-In User Server
TACACS is TCP 49
(TCP 1812 and UDP 49 are unused)
Which of the following was a Cisco proprietary variation of the original RFC 1492 technology, and was later replaced by a non-compatible “plus” version?
A. RADIUS
B. TEMPEST
C. DIAMETER
D. XTACACS
D. XTACACS
RADIUS - Remote Authentication Dial-In Server
TACACS - Terminal Access Controller Access Control System
Which of the following is true?
A. Identification can only be something you know
B. Authentication cannot be a single factor
C. A single factor can be used securely for both authentication and identification simultaneously
D. An authentication factor verifies a claimed identity
D. An authentication factor verifies a claimed identity
What is it known as when a password, a fingerprint scan, and a swipe of a smart card are used in order to log into a workstation?
A. Kerberos authentication
B. multifactor authentication
C. Domain authentication
D. mutual authentication
B. multifactor authentication
Which of the following is an example of a smart card?
A. Debit card
B. USB thumb drive
C. Common access card
D. Biometric scanner
C. Common access card
CAC - Common Access Card
What is an example of an implementation of Linux considered to be a Trusted OS?
A. Nessus
B. Mandriva
C. SE Linux
D. VLOS
C. SE Linux
What is an additional requirement needed to gain access to sensitive resources that is commonly used in hierarchical environments known as?
A. Role based access
B. Rule based access
C. Metered access
D. Need to know access
D. Need to know access
When single sign-on is used, what mechanism of controlling privileges on resources is needed?
A. Token based systems
B. Time based tickets
C. Certificate based ACLs
D. Any standard mechanism of authorization
D. Any standard mechanism of authorization
Which of the following is the most secure method to store a certificate used for identification purposes?
A. Windows 7’s registry
B. Hidden directory off of the root directory
C. Smart card
D. Text file in home folder
C. Smart card
What is the security mechanism that divides all sensitive tasks into groupings and assigns each grouping to a unique subject commonly known as?
A. Need to know
B. Separation of duties
C. Job rotation
D. Collusion protection
B. Separation of duties
What is the policy of granting users only sufficient access to accomplish assigned work tasks known as?
A. Principle of least privilege
B. Single sign-on
C. Implicit deny
D. Job rotation
A. Principle of least privilege
If a person is assigned administrative duties as part of their overall responsibilities, which of the following should be true?
A. The person is given the root account credentials
B. The person is given access to use the shared administrator account
C. The person is given two accounts, one standard and one administrative
D. The person is issued a temporary account
C. The person is given two accounts, one standard and one administrative
