Logical Security

Question 1

What is the goal of logical security?

Answer 1

Protect digital data

Question 2

Logical security helps prevent what?

Answer 2

Unauthorized access

Question 3

What does IAM manage?

Answer 3

Identification, authentication, authorization

Question 4

Which accounts must be audited more strictly?

Answer 4

Privileged accounts

Question 5

Why should shared accounts be avoided?

Answer 5

No accountability

Question 6

What does provisioning do in IAM?

Answer 6

Creates new accounts

Question 7

What does deprovisioning prevent?

Answer 7

Stale account risk

Question 8

What IAM task resets passwords or changes permissions?

Answer 8

Managing accounts

Question 9

What logs are reviewed during IAM audits?

Answer 9

Authentication events

Question 10

What authentication type uses passwords or PINs?

Answer 10

Something you know

Question 11

Why is username + password not MFA?

Answer 11

Same category

Question 12

What’s an example of “something you have”?

Answer 12

RSA token

Question 13

What is an example of “something you are”?

Answer 13

Fingerprint

Question 14

Behavior-based authentication uses what factor?

Answer 14

Something you do

Question 15

What factor involves GPS/geolocation?

Answer 15

Somewhere you are

Question 16

Which password attack uses common words?

Answer 16

Dictionary attack

Question 17

Which attack tries every possible combo?

Answer 17

Brute force

Question 18

Hybrid attacks mix what?

Answer 18

User info + brute force

Question 19

What password length is considered strong?

Answer 19

12+ characters

Question 20

TOTP generates codes based on what?

Answer 20

Time + shared secret

Question 21

What does MFA defend against?

Answer 21

Credential compromise

Question 22

What authentication method stores credentials on the device?

Answer 22

Local authentication

Question 23

Which protocol centralizes user authentication across systems?

Answer 23

LDAP

Question 24

What ports are used by LDAP and LDAPS?

Answer 24

389, 636

Question 25

Which protocol uses tickets and avoids sending passwords?

Answer 25

Kerberos

Question 26

What port does Kerberos use?

Answer 26

88

Question 27

What is the Kerberos KDC responsible for?

Answer 27

Issuing service tickets

Question 28

What is SSO used for?

Answer 28

One login to access multiple systems

Question 29

What’s a key risk with SSO?

Answer 29

One password breach = full access

Question 30

What protocol allows federated identity via assertions?

Answer 30

SAML

Question 31

Who authenticates in a SAML exchange?

Answer 31

Identity Provider

Question 32

What network protocol supports AAA over UDP?

Answer 32

RADIUS

Question 33

Which Cisco protocol uses TCP and encrypts full packets?

Answer 33

TACACS+

Question 34

What port does TACACS+ use?

Answer 34

49

Question 35

What is the goal of Least Privilege?

Answer 35

Limit access to minimum needed

Question 36

Which access model is owner-controlled?

Answer 36

DAC

Question 37

Which model assigns labels like “Secret” or “Top Secret”?

Answer 37

MAC

Question 38

What access model ties permissions to job roles?

Answer 38

RBAC

Question 39

Why is DAC risky in enterprises?

Answer 39

Owner misconfigurations

Question 40

Why is RBAC scalable?

Answer 40

Permissions tied to roles, not users

Question 41

What is encryption used for?

Answer 41

Confidentiality

Question 42

Plaintext data is also called what?

Answer 42

Clear text

Question 43

What type of encryption uses the same key to encrypt/decrypt?

Answer 43

Symmetric

Question 44

What encryption uses separate keys for encrypt/decrypt?

Answer 44

Asymmetric

Question 45

What protects stored data?

Answer 45

Full disk encryption

Question 46

What protects data in transit?

Answer 46

TLS, VPN

Question 47

What protects data in use?

Answer 47

Secure enclaves

Question 48

What are the three states of data?

Answer 48

At rest, in transit, in use

Question 49

What protocol secures IP communications?

Answer 49

IPSec

Question 50

What are IPSec's four goals?

Answer 50

Confidentiality, Integrity, Authentication, Anti-replay

Question 51

What protocol is used to exchange keys in IPSec?

Answer 51

IKE

Question 52

What key exchange method does IPSec use?

Answer 52

Diffie-Hellman

Question 53

What does AH in IPSec provide?

Answer 53

Integrity

Question 54

What does ESP in IPSec provide?

Answer 54

Encryption + integrity

Question 55

Which IPSec mode encrypts entire packet?

Answer 55

Tunnel

Question 56

Which mode leaves IP header visible?

Answer 56

Transport

Question 57

What causes fragmentation in IPSec?

Answer 57

Increased packet size

Question 58

What should you adjust if IPSec breaks large packets?

Answer 58

MTU

Question 59

What is PKI based on?

Answer 59

Asymmetric encryption

Question 60

What role issues and signs certificates?

Answer 60

Certificate Authority (CA)

Question 61

What component verifies users before certs are issued?

Answer 61

Registration Authority (RA)

Question 62

What standard defines cert structure?

Answer 62

X.509

Question 63

What does the browser use the server’s public key for?

Answer 63

Encrypt session key

Question 64

What does the server use its private key for?

Answer 64

Decrypt session key

Question 65

What happens after the HTTPS handshake?

Answer 65

Symmetric encryption

Question 66

What is stored securely for key recovery?

Answer 66

Key escrow

Question 67

What happens if a root CA is compromised?

Answer 67

All certs revoked

Question 68

Wildcard certs can secure what?

Answer 68

All subdomains

Question 69

What cert type is common on public sites?

Answer 69

Single-sided

Question 70

What cert authenticates both sides?

Answer 70

Dual-sided

Question 71

Why do self-signed certs trigger browser warnings?

Answer 71

No trusted third-party

Question 72

What is a Certificate Revocation List (CRL)?

Answer 72

List of invalidated certs

Question 73

What is included in a CSR?

Answer 73

Public key + identity info

Question 74

What’s a SAN in a certificate?

Answer 74

Supports multiple domain names

Question 75

What does the chain of trust link?

Answer 75

Root CA → Intermediate CA → Cert

Question 76

What helps enforce certificate expiration?

Answer 76

Validity period

Question 77

What ensures a message sender can’t deny it?

Answer 77

Non-repudiation

Question 78

What can decrypt data if the user forgets their password?

Answer 78

Key Recovery Agent

Question 79

Why are third-party certs trusted by browsers?

Answer 79

Issued by known CA