Lesson 4 Review Questions Flashcards
(21 cards)
A contractor only works for a company from 9 a.m. to 12 p.m. What kind of restriction could the company set up on the contractor’s account to prevent using it outside that range?
A. Location-based restrictions
B. Password restrictions
C. Time-based restrictions
D. Mandatory access control
Time-based restrictions
A time-based restriction would prevent access to corporate resources outside a set schedule. The company should set this account policy.
A company needs to improve its security posture regarding credentials. Which security policy changes would implement the National Institute of Standards and Technology (NIST) updated guidelines?
A. Password reuse
B. Single-factor authentication
C. Multifactor authentication
D. Password history
Multifactor authentication
Multifactor authentication has taken place as the recommendation by NIST, coupled with decreasing complexity and age requirements. Additionally, it adds another layer to prevent malicious actors from gaining access.
A recently hired information technology manager wants to implement more automation regarding the onboarding procedure. What process describes setting up accounts so a new employee can automatically access the software and file shares from the human resource platform?
A. Multifactor authentication
B. Following least privilege
C. Enabling a password reuse policy
D. Provisioning
Provisioning
Provisioning is the process of setting up a service according to a standard procedure or best practice checklist. Linking multiple systems together can increase the automation of onboarding procedures.
A company wants to set up single sign-on (SSO) without passing credentials through to each piece of software and cloud service. Which protocol would meet this requirement?
A. Kerberos
B. Fast IDentity Online
C. Virtual Private Network
D. Open Authorization
Open Authorization
The Open Authorization (OAuth) protocol is a system that facilitates the sharing of information (resources) within a user profile between sites. OAuth can be used to implement SSO by allowing users to log in once and access multiple applications without passing credentials through to each piece of software. OAuth can be integrated with other mechanisms to provide SSO capabilities and also supports OpenID Connect (OIDC) tokens to enhance identity verification when needed.
An engineering firm wants to implement an authentication design that uses a framework for passwordless authentication. What statement is not accurate regarding passwordless authentication?
A. The user chooses either a roaming authenticator, such as a security key, or a platform authenticator implemented by the device OS.
B. The relying party uses a private key to verify the signature and authenticate the account session.
C. The user registers with a web application or service, referred to as a relying party.
D. When presented with an authentication challenge, the user performs the local gesture to unlock the private key.
The relying party uses a private key to verify the signature and authenticate the account session.
To the contrary, part of the passwordless authentication framework involves the relying party to use the public key, not private, to verify the signature and authenticate the account session.
The chief information officer (CIO) tasked the network administrator with redeveloping the credential policy for the company. While working on the new policy, the chief executive officer (CEO) asked why having more than one factor to log into the computers was important. Why is just having a password not enough in today’s world?
A. Employees choose poor passwords
B. Employee passwords are always secure
C. Employees dislike using passwords
D. Employees choose strong passwords
Employees choose poor passwords
With the number of passwords people must remember and the various complexity requirements, people typically choose passwords that threat actors can easily crack and, unfortunately, reuse them across multiple services.
An engineer for an information technology department needs to develop a metrics dashboard by pulling data from the ticketing system. What technology would the engineer need from the ticketing system to complete this project?
A. Application Programming Interface
B. Virtual Private Network
C. Lightweight Directory Access Protocol
D. Fast IDentity Online
Application Programming Interface
An Application Programming Interface (API) is a scripting method to expose a service, allowing other scripts or programs to use it. For example, an API enables software developers to access Transmission Control Protocol/Internet Protocol (TCP/IP) network stack functions under a particular operating system.
A chief information security officer (CISO) wants to enhance the identity and access management security procedures in the company by adding an extra layer on top of the existing procedures. Which of the following would help achieve this objective by requiring verification through multiple methods or by tying authentication to a geographic area? (Select the two best options.)
A. Increase password length
B. Enable password history
C. Enforce multifactor authentication
D. Enable location-based authentication
-Enforce multifactor authentication
-Enable location-based authentication
Adding multifactor authentication (MFA) would have a greater impact on the company’s security posture. The CISO needs to consider which method of MFA is the most secure.
An employee travels out of the country for work but still needs to access the company’s shared drive. What would the information technology department need to set up on that employee’s computer to connect to the shared drive outside the office?
A. Mandatory access control
B. Virtual private network
C. Discretionary access control
D. Multifactor authentication
Virtual private network
Setting up a virtual private network (VPN) allows individuals to access corporate resources outside the corporate infrastructure. Without a VPN, employees cannot access a file share if they are not at their office.
An employee traveling in Europe for vacation submitted a ticket as they could not access their work email. Which policy does the company use?
A. Password management
B. Password age
C. Multifactor authentication
D. Location-based authentication
Location-based authentication
Location-based access policies would need a temporary exemption option to allow for travel. Location-based access policies prevent access to company systems outside a specified area (typically the company’s state).
A company is migrating its shared drives to a cloud repository service. While the majority of its drives use job titles for automated access, it has a few one-off project drives that it wants a specific owner to choose who has access to them. Which control type would fit these one-off drives?
A. Discretionary access control
B. Mandatory access control
C. Role-based access control
D. Multifactor authentication
Discretionary access control
The resource owner has primacy in a discretionary access control (DAC) model. Every resource has an owner who creates a file or service, although another user can receive ownership assignment.
A real estate investment firm wants to implement Single Sign-On (SSO) for its dozens of services and software. The firm found a vendor to implement that request using the eXtensible Markup Language (XML) standard. What solution does this vendor use for SSO?
A. SAML
B. VPN
C. LDAP
D. LSASS
SAML
Security assertion markup language (SAML) allows for federating a network or cloud system. SAML assertions and claims between the principal, the relying party, and the identity provider use eXtensible Markup Language as their structure.
One of the company’s accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software?
A. Licensing
B. Discretionary access control
C. Mandatory access control
D. Least privilege
Least privilege
To increase the security posture of any given system, users should only have the necessary access (least privilege) to complete their work and nothing more.
Which technology replaced NT LAN Manager in Active Directory?
A. Kerberos
B. Virtual Private Network
C. Fast IDentity Online
D. Unique security identifier
Kerberos
The preferred system for network authentication in a Windows environment is Kerberos, which replaces the legacy system NT LAN Manager (NTLM) authentication.
A network administrator is cleaning up the company’s shared drive resources. Through an audit, the administrator discovered that the company did not properly manage the permissions over the years. Which control type should the administrator change the permissions to that gives access determined by the job?
A. Role-based access control
B. Multifactor authentication
C. Discretionary access control
D. Mandatory access control
Role-based access control
Role-based access control (RBAC) means an organization defines its permission requirements in terms of the tasks that an employee or service must be able to perform. Each set of permissions is a role.
A company using Windows Server technology needs to link its Active Directory to a third-party service to allow single sign-on. Which service that uses the standard X.500 would work for the company?
A. Virtual Private Network
B. Lightweight Directory Access Protocol
C. Application Programming Interface
D. Local Security Authority Subsystem Service
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol (LDAP) is a protocol companies use for accessing network directory databases. LDAP stores information about authorized users, their privileges, and other organizational information.
While developing a new security policy, the network administrator suggests to the chief information officer (CIO) that the company remove the password age portion. Why has having a password age policy caused issues for companies? (Select the two best options.)
A. Password age policies allow for more secure passwords.
B. Employees choose weak passwords when they need to change them frequently.
C. Employees follow best practices regarding passwords.
D. Employees leave passwords readily accessible in their work area.
-Employees choose weak passwords when they need to change them frequently
-Employees leave passwords readily accessible in their work area.
With the number of passwords people must remember and the various complexity requirements, people typically choose passwords that threat actors can easily crack and, unfortunately, reuse them across multiple services.
During a recent audit, a company noticed a troubling trend where people had their passwords on sticky notes in their work area. The employees stated that the password policy made it too difficult to remember them. Which policy should the company change to alleviate this issue?
A. Password complexity
B. Password reuse
C. Password history
D. Password length
Password complexity
Modifying the password complexity policy to allow for longer but easily remembered passwords can aid in lowering the number of people saving their passwords insecurely.
A manufacturing company recently bought out another similar company. They need to link each company’s directory systems together to access their resources without merging the two. How can they link the two directory systems together?
A. Site-to-site VPN
B. Migration
C. Federation
D. Location-based restrictions
Federation
Federation directories allow two different subsets of accounts to work together for permissions and access.
Why might it be a bad policy to set up permissions individually instead of using an access control methodology?
A. It is harder to manage.
B. It allows for more control.
C. It allows for less control.
D. It is easier to manage.
It is harder to manage
Setting each permission individually may be an easier option if a file share is small. However, as file shares grow, maintaining this style of permissions can increase complexity.
A small defense contractor is setting up a new shared drive system and needs the proper controls to ensure that only those with the correct classification can access any given folder or file. Which control type would meet these requirements?
A. Multifactor authentication
B. Role-based access control
C. Mandatory access control
D. Discretionary access control
Mandatory access control
Security clearance levels form the basis of mandatory access control (MAC). Rather than defining access control lists (ACLs) on resources, each object receives a classification label. Depending on the clearance level, a subject receives access to that resource.
