Identity and Access Management Flashcards
John is a network administrator for ACME company. He is trying to explain least privileges to a new technician. Which of the following is the basic premise of least privilege?
Always assign responsibilities to the administrator who has the minimum permissions required.
When assigning permissions, give users only the permissions they need to do their work and no more.
Regularly review user permissions and take away one that they currently have to see if they will complain or even notice that it is missing.
When assigning permissions, give users only the permissions they need to do their work and no more.
Least privileges means to grant just enough privileges to do the job and no more. The other answers do not describe least privileges
The present method of requiring access to be strictly defined on every object is proving too cumbersome for your environment. The edict has come down from upper management that access requirements should be slightly reduced. Which access model allows users some flexibility for information-sharing purposes?
DAC
MAC
RBAC
DAC
Discretionary access control allows users to define access. Answer B is incorrect, as this would be more restrictive. Answer C is role-based access control. Answer D is not an access control mechanism
Ahmed has been directed to ensure that LDAP on his network is secure. LDAP is an example of which of the following?
Directory access protocol
IDS
Tiered model application development environment
Directory access protocol
LDAP, or Lightweight Directory Access Control, is a directory access protocol. The other answers are simply not related to directory access
Upper management has suddenly become concerned about security. As the senior network administrator, you are asked to suggest changes that should be implemented. Which of the following access methods should you recommend if the technique to be used is one that is primarily based on preestablished access and can’t be changed by users?
MAC
DAC
RBAC
MAC
Mandatory Access Control cannot be modified by users and is considered more secure. Answer B is incorrect—DAC provides the users flexibility and is less secure. Answer C is incorrect. RBAC is not based on pre-established access, but rather roles. Answer D is incorrect. Kerberos is an authentication protocol, not an access method
Your office administrator is being trained to perform server backups. Which access control method would be ideal for this situation?
MAC
DAC
RBAC
RBAC
Role-Based Access Control is based on the user’s role, in this case the office administrator. Answers A and B are incorrect and are not based on user roles. Answer D is not related to access
You’ve been assigned to mentor a junior administrator and bring her up to speed quickly. The topic you’re currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?
CHAP
Kerberos
Biometrics
Kerberos
Kerberos uses a KDC or Key Distribution Center. The other answers do not
After a careful risk analysis, the value of your company’s data has been increased. Accordingly, you’re expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?
Multifactor
Biometrics
Smartcard
Kerberos
Multifactor
Multifactor authentication uses more than one method. Answers B, C, and D are all one-factor methods
Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data, it’s imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?
Tokens
Certificate
Smartcard
Kerberos
Tokens
Tokens are secure and can be one-time tokens. Answers B, C, and D can all be used more than once
Which of the following is the term used whenever two or more parties authenticate each other?
SSO
Multifactor authentication
Mutual authentication
Mutual authentication
Two parties authenticating each other is mutual authentication. The other answers do not describe this
You have added a new child domain to your network. As a result of this, the child has adopted all of the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?
LDAP access
Fuzzing access
Transitive access
Transitive access
This is a classic example of transitive access. Answer A is incorrect. LDAP is a directory access protocol. Answers B and C are not access descriptions
Which of the following is a type of smartcard issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?
POV
DLP
CAC
CAC
The CAC is the smart card used by the U.S. Department of Defense
You are working as a security administrator for a small financial institution. You want to use an authentication method that will periodically reauthenticate clients. Which protocol is best suited for this?
PAP
SPAP
KERBEROS
CHAP
CHAP
CHAP periodically re-authenticates. Answers A, B, and C are all authentication methods but do not re-authenticate
John is trying to determine the origin of an email. He has captured the email headers and knows the IP address of the originating email server. What command would show John the complete path to that IP address?
ping -a
arp
tracert
nslookup
tracert
tracert (or traceroute in Linux) will show the complete path to the IP address. Answer A is incorrect—pi ng shows if a site is reachable, but not the path to it. Answer B is incorrect—arp shows address resolution protocol tables. Answer D is incorrect; nslookup is used with DNS
Juanita is the security administrator for a large university. She is concerned about copyright issues and wants to ensure that her university does not violate copyrights. What would be her main concern regarding unauthorized software?
It might be copyrighted.
It might be used to circumvent copyright protection.
That should not be a copyright concern.
It might be copyrighted
Software is subject to copyright, and unauthorized software might be copyrighted software
Terrance is examining an authentication system that was developed at MIT and uses tickets for authentication. What system is Terrance most likely examining?
CHAP
MS-CHAP
KERBEROS
OATH
KERBEROS
Kerberos was invented at MIT and uses tickets for authentication. Answers A and B are Challenge Handshake Authentication Protocol, which does not use tickets. Answer D also is an authentication protocol that does not use tickets
