Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
103 Cards in this Set
- Front
- Back
|
What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access Dial-In User System, Terminal Access Controller Access Control System) to authenticate dial-in users?
A. Single user logons are easier to manage and audit. B. Each session has a unique (one-time) password assigned to it. C. Audit and access information are not kept on the access server. D. Call-back is very difficult to defeat. |
Audit and access information are not kept on the access server.
|
|
|
Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both
A. The identity of a remote communicating entity and the authenticity of the source of the data that are received. B. The authenticity of a remote communicating entity and the path through which communications are received. C. The location of a remote communicating entity and the path through which communications are received. D. The identity of a remote communicating entity and the level of security of the path through which data are received. |
The identity of a remote communicating entity and the authenticity of the source of the data that are received
|
|
|
Which of the following is the most reliable authentication device?
A. ) Variable callback system B. ) Smart card system C. ) fixed callback system D. ) Combination of variable and fixed callback system |
Smart card system
|
|
|
Which of the following are proprietarily implemented by CISCO?
A. RADIUS+ B. TACACS C. XTACACS and TACACS+ D. RADIUS |
XTACACS and TACACS+
|
|
|
What is a protocol used for carrying authentication, authorization, and configuration information between a Network Access Server and a shared Authentication Server?
A. IPSec B. RADIUS C. L2TP D. PPTP |
RADIUS
|
|
|
RADIUS is defined by which RFC?
A. 2168 B. 2148 C. 2138 D. 2158 |
2138
|
|
|
In a RADIUS architecture, which of the following acts as a client?
A. A network Access Server. B. None of the choices. C. The end user. D. The authentication server. |
A network Access Server.
|
|
|
In a RADIUS architecture, which of the following can ac as a proxy client?
A. The end user. B. A Network Access Server. C. The RADIUS authentication server. D. None of the choices. |
The RADIUS authentication server.
|
|
|
Which of the following statements pertaining to RADIUS is incorrect?
A. ) A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains. B. ) Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy C. ) Most RADIUS servers have built-in database connectivity for billing and reporting purposes D. ) Most RADIUS servers can work with DIAMETER servers. |
Most RADIUS servers can work with DIAMETER servers.
|
|
|
Which of the following is the weakest authentication mechanism?
A. ) Passphrases B. ) Passwords C. ) One-time passwords D. ) Token devices |
Passwords
|
|
|
What is the PRIMARY use of a password?
A. ) Allow access to files B. ) Identify the user C. ) Authenticate the user D. ) Segregate various user's accesses |
Authenticate the user
|
|
|
Software generated passwords have what drawbacks?
A. Passwords are not easy to remember. B. Password are too secure. C. None of the choices. D. Passwords are unbreakable. |
Passwords are not easy to remember.
|
|
|
What are the valid types of one time password generator?
A. All of the choices. B. Transaction synchronous C. Synchronous/PIN synchronous D. Asynchronous/PIN asynchronous |
All of the choices
|
|
|
Which of the following will you consider as most secure?
A. Password B. One time password C. Login phrase D. Login ID |
One time password
|
|
|
What type of password makes use of two totally unrelated words?
A. Login phrase B. One time password C. Composition D. Login ID |
Composition
|
|
|
Which of the following is the correct account policy you should follow?
A. All of the choices. B. All active accounts must have a password. C. All active accounts must have a long and complex pass phrase. D. All inactive accounts must have a password. |
All active accounts must have a password
|
|
|
Which of the following are the advantages of using passphrase?
A. Difficult to crack using brute force. B. Offers numerous characters. C. Easier to remember. D. All of the choices. |
All of the choices.
|
|
|
Which of the following are the correct guidelines of password deployment?
A. Passwords must be masked. B. All of the choices. C. Password must have a minimum of 8 characters. D. Password must contain a mix of both alphabetic and non-alphabetic characters. |
All of the choices.
|
|
|
Why would a 16 characters password not desirable?
A. Hard to remember B. Offers numerous characters. C. Difficult to crack using brute force. D. All of the choices. |
Hard to remember
|
|
|
Which of the following is NOT a good password deployment guideline?
A. Passwords must not be he same as user id or login id. B. Password aging must be enforced on all systems. C. Password must be easy to memorize. D. Passwords must be changed at least once every 60 days, depending on your environment. |
Password must be easy to memorize
|
|
|
Routing password can be restricted by the use of:
A. Password age B. Password history C. Complex password D. All of the choices |
Password history
|
|
|
What should you do immediately if the root password is compromised?
A. Change the root password. B. Change all passwords. C. Increase the value of password age. D. Decrease the value of password history. |
Change all passwords
|
|
|
Which of the following is the most secure way to distribute password?
A. Employees must send in an email before obtaining a password. B. Employees must show up in person and present proper identification before obtaining a password. C. Employees must send in a signed email before obtaining a password. D. None of the choices. |
Employees must show up in person and present proper identification before obtaining a password.
|
|
|
Which of the following does not apply to system-generated passwords?
A. ) Passwords are harder to remember for users B. ) If the password-generating algorithm gets to be known, the entire system is in jeopardy C. ) Passwords are more vulnerable to brute force and dictionary attacks. D. ) Passwords are harder to guess for attackers |
Passwords are more vulnerable to brute force and dictionary attacks
|
|
|
Passwords can be required to change monthly, quarterly, or any other intervals:
A. ) depending on the criticality of the information needing protection B. ) depending on the criticality of the information needing protection and the password's frequency of use C. ) depending on the password's frequency of use D. ) not depending on the criticality of the information needing protection but depending on the password's frequency of use |
depending on the criticality of the information needing protection and the password's
|
|
|
In SSL/TLS protocol, what kind of authentication is supported?
A. ) Peer-to-peer authentication B. ) Only server authentication (optional) C. ) Server authentication (mandatory) and client authentication (optional) D. ) Role based authentication scheme |
Server authentication (mandatory) and client authentication (optional)
|
|
|
Which of the following correctly describe the difference between identification and authentication?
A. Authentication is a means to verify who you are, while identification is what you are authorized to perform. B. Identification is a means to verify who you are, while authentication is what you are authorized to perform. C. Identification is another name of authentication. D. Identification is the child process of authentication. |
Identification is the child process of authentication.
|
|
|
Identification establishes:
A. Authentication B. Accountability C. Authorization D. None of the choices. |
Accountability
|
|
|
Identification usually takes the form of:
A. Login ID. B. User password. C. None of the choices. D. Passphrase |
Login ID.
|
|
|
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. ) Authentication B. ) Identification C. ) Integrity D. ) Confidentiality |
Identification
|
|
|
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time?
A. ) Authentication B. ) Identification C. ) Integrity D. ) Confidentiality |
Authentication
|
|
|
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time?
A. ) Authentication B. ) Identification C. ) Integrity D. ) Confidentiality |
Authentication
|
|
|
Identification and authentication are the keystones of most access control systems. Identification establishes:
A. ) user accountability for the actions on the system B. ) top management accountability for the actions on the system C. ) EDP department accountability for the actions of users on the system D. ) authentication for actions on the system |
user accountability for the actions on the system
|
|
|
Identification and authentication are the keystones of most access control systems. Identification establishes:
A. ) user accountability for the actions on the system B. ) top management accountability for the actions on the system C. ) EDP department accountability for the actions of users on the system D. ) authentication for actions on the system |
user accountability for the actions on the system
|
|
|
Which one of the following authentication mechanisms creates a problem for mobile users?
A. ) address-based mechanism B. ) reusable password mechanism C. ) one-time password mechanism D. ) challenge response mechanism |
address-based mechanism
|
|
|
Which of the following centralized access control mechanisms is not appropriate for mobile workers access the corporate network over analog lines?
A. ) TACACS B. ) Call-back C. ) CHAP D. ) RADIUS |
Call-back
|
|
|
Authentication is typically based upon:
A. Something you have. B. Something you know. C. Something you are. D. All of the choices. |
All of the choices
|
|
|
A password represents:
A. Something you have. B. Something you know. C. All of the choices. D. Something you are. |
Something you know.
|
|
|
A smart card represents:
A. Something you are. B. Something you know. C. Something you have. D. All of the choices. |
Something you have.
|
|
|
Which of the following is the most commonly used check on something you know?
A. One time password B. Login phrase C. Retinal D. Password |
Password
|
|
|
Retinal scans check for:
A. Something you are. B. Something you have. C. Something you know. D. All of the choices. |
Something you are
|
|
|
What type of authentication takes advantage of an individuals unique physical characteristics in order to authenticate that persons identity?
A. Password B. Token C. Ticket Granting D. Biometric |
Biometric
|
|
|
What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics?
A. ) Biometrics B. ) Micrometrics C. ) Macrometrics D. ) MicroBiometrics |
Biometrics
|
|
|
Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier?
A. ) Dynamic authentication B. ) Continuous authentication C. ) Encrypted authentication D. ) Robust authentication |
Encrypted authentication
|
|
|
In which situation would TEMPEST risks and technologies be of MOST interest?
A. Where high availability is vital. B. Where the consequences of disclose are very high. C. Where countermeasures are easy to implement D. Where data base integrity is crucial |
Where the consequences of disclose are very high
|
|
|
Which one of the following addresses the protection of computers and components from electromagnetic emissions?
A. TEMPEST B. ISO 9000 C. Hardening D. IEEE 802.2 |
TEMPEST
|
|
|
Monitoring electromagnetic pulse emanations from PCs and CRTs provides a hacker with that significant advantage?
A. Defeat the TEMPEST safeguard B. Bypass the system security application. C. Gain system information without trespassing D. Undetectable active monitoring. |
Undetectable active monitoring.
|
|
|
What name is given to the study and control of signal emanations from electrical and electromagnetic equipment?
A. EMI B. Cross Talk C. EMP D. TEMPEST |
TEMPEST
|
|
|
TEMPEST addresses
A. The vulnerability of time-dependent transmissions. B. Health hazards of electronic equipment. C. Signal emanations from electronic equipment. D. The protection of data from high energy attacks. |
Signal emanations from electronic equipment.
|
|
|
Which one of the following is the MOST solid defense against interception of a network transmission?
A. Frequency hopping B. Optical fiber C. Alternate routing D. Encryption |
Optical fiber
|
|
|
Which of the following media is MOST resistant to tapping?
A. ) Microwave B. ) Twisted pair C. ) Coaxial cable D. ) Fiber optic |
Fiber optic
|
|
|
What type of wiretapping involves injecting something into the communications?
A. Aggressive B. Captive C. Passive D. Active |
Active
|
|
|
Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology?
A. IEEE 802.5 protocol for Ethernet cannot support encryption. B. Ethernet is a broadcast technology. C. Hub and spoke connections are highly multiplexed. D. TCP/IP is an insecure protocol. |
Ethernet is a broadcast technology.
|
|
|
What type of attacks occurs when a smartcard is operating under normal physical conditions, but sensitive information is gained by examining the bytes going to and from the smartcard?
A. Physical attacks. B. Logical attacks. C. Trojan Horse attacks. D. Social Engineering attacks. |
Logical attacks.
|
|
|
What is an effective countermeasure against Trojan horse attack that targets smart cards?
A. Singe-access device driver architecture. B. Handprint driver architecture. C. Fingerprint driver architecture. D. All of the choices. |
Singe-access device driver architecture
|
|
|
Which of the following could illegally capture network user passwords?
A. ) Data diddling B. ) Sniffing C. ) Spoofing D. ) Smurfing |
Sniffing
|
|
|
Which of the following statements is incorrect?
A. ) Since the early days of mankind humans have struggled with the problems of protecting assets B. ) The addition of a PIN keypad to the card reader was a solution to unreported card or lost cards problems C. ) There has never been a problem of lost keys D. ) Human guard is an inefficient and sometimes ineffective method of protecting resources |
There has never been a problem of lost keys
|
|
|
A system uses a numeric password with 1-4 digits. How many passwords need to be tried before it is cracked?
A. ) 1024 B. ) 10000 C. ) 100000 D. ) 1000000 |
10000
|
|
|
Which of the following can be used to protect your system against brute force password attack?
A. Decrease the value of password history. B. Employees must send in a signed email before obtaining a password. C. After three unsuccessful attempts to enter a password, the account will be locked. D. Increase the value of password age. |
After three unsuccessful attempts to enter a password, the account will be locked.
|
|
|
Which of the following is an effective measure against a certain type of brute force password attack?
A. Password used must not be a word found in a dictionary. B. Password history is used. C. Password reuse is not allowed. D. None of the choices. |
Password used must not be a word found in a dictionary.
|
|
|
Which type of attack will most likely provide an attacker with multiple passwords to authenticate to a system?
A. ) Password sniffing B. ) Dictionary attack C. ) Dumpster diving D. ) Social engineering |
Password sniffing
|
|
|
Which of the following are measures against password sniffing?
A. Passwords must not be sent through email in plain text. B. Passwords must not be stored in plain text on any electronic media. C. You may store passwords electronically if it is encrypted. D. All of the choices. |
All of the choices
|
|
|
Which one of the following conditions is NOT necessary for a long dictionary attack to succeed?
A. The attacker must have access to the target system. B. The attacker must have read access to the password file. C. The attacker must have write access to the password file. D. The attacker must know the password encryption mechanism and key variable. |
The attacker must have write access to the password file.
|
|
|
What is an important factor affecting the time required to perpetrate a manual trial and error attack to gain access to a target computer system?
A. Keyspace for the password. B. Expertise of the person performing the attack. C. Processing speed of the system executing the attack. D. Encryption algorithm used for password transfer. |
Keyspace for the password
|
|
|
Which one of the following BEST describes a password cracker?
A. A program that can locate and read a password file. B. A program that provides software registration passwords or keys. C. A program that performs comparative analysis. D. A program that obtains privileged access to the system. |
A program that performs comparative analysis.
|
|
|
Which one of the following BEST describes a password cracker?
A. A program that can locate and read a password file. B. A program that provides software registration passwords or keys. C. A program that performs comparative analysis. D. A program that obtains privileged access to the system. |
A program that performs comparative analysis.
|
|
|
If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?
A. Birthday B. Brute force C. Man-in-the-middle D. Smurf |
Brute force
|
|
|
Which of the following actions can increase the cost of an exhaustive attack?
A. Increase the age of a password. B. Increase the length of a password. C. None of the choices. D. Increase the history of a password. |
Increase the length of a password.
|
|
|
Which of the following attacks focus on cracking passwords?
A. SMURF B. Spamming C. Teardrop D. Dictionary |
Dictionary
|
|
|
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?
A. ) Using TACACS+ server B. ) Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. ) Setting modem ring count to at least 5 D. ) Only attaching modems to non-networked hosts. |
Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.
|
|
|
What is known as decoy system designed to lure a potential attacker away from critical systems?
A. Honey Pots B. Vulnerability Analysis Systems C. File Integrity Checker D. Padded Cells |
Honey Pots
|
|
|
Which of the following will you consider as a program that monitors data traveling over a network?
A. Smurfer B. Sniffer C. Fragmenter D. Spoofer |
Sniffer
|
|
|
Which of the following is NOT a system-sensing wireless proximity card?
A. ) magnetically striped card B. ) passive device C. ) field-powered device D. ) transponder |
magnetically striped card
|
|
|
Attacks on smartcards generally fall into what categories?
A. Physical attacks. B. Trojan Horse attacks. C. Logical attacks. D. All of the choices, plus Social Engineering attacks |
All of the choices, plus Social Engineering attacks
|
|
|
Which of the following attacks could be the most successful when the security technology is properly implemented and configured?
A. Logical attacks B. Physical attacks C. Social Engineering attacks D. Trojan Horse attacks |
Social Engineering attacks
|
|
|
What type of attacks occurs when normal physical conditions are altered in order to gain access to sensitive information on the smartcard?
A. Physical attacks B. Logical attacks C. Trojan Horse attacks D. Social Engineering attacks |
Physical attacks
|
|
|
Which one of the following is an example of electronic piggybacking?
A. Attaching to a communications line and substituting data. B. Abruptly terminating a dial-up or direct-connect session. C. Following an authorized user into the computer room. D. Recording and playing back computer transactions. |
Following an authorized user into the computer room
|
|
|
A system using Discretionary Access Control (DAC) is vulnerable to which one of the following attacks?
A. Trojan horse B. Phreaking C. Spoofing D. SYN flood |
Spoofing
|
|
|
Which of the following is an example of an active attack?
A. ) Traffic analysis B. ) Masquerading C. ) Eavesdropping D. ) Shoulder surfing |
Masquerading
Shoulder surfing |
|
|
Which access control model enables the owner of the resource to specify what subjects can access specific resources?
A. ) Discretionary Access Control B. ) Mandatory Access Control C. ) Sensitive Access Control D. ) Role-based Access Control |
Discretionary Access Control
|
|
|
The type of discretionary access control that is based on an individual's identity is called:
A. ) Identity-based access control B. ) Rule-based access control C. ) Non-Discretionary access control D. ) Lattice-based access control |
Identity-based access control
|
|
|
Which of the following access control types gives "UPDATE" privileges on Structured Query Language (SQL) database objects to specific users or groups?
A. Supplemental B. Discretionary C. Mandatory D. System |
Mandatory
|
|
|
With Discretionary access controls, who determines who has access and what privilege they have?
A. End users. B. None of the choices. C. Resource owners. D. Only the administrators. |
Resource owners
|
|
|
What defines an imposed access control level?
A. MAC B. DAC C. SAC D. CAC |
MAC
|
|
|
Under MAC, who can change the category of a resource?
A. All users. B. Administrators only. C. All managers. D. None of the choices. |
Administrators only.
|
|
|
Under MAC, who may grant a right of access that is explicitly forbidden in the access control policy?
A. None of the choices. B. All users. C. Administrators only. D. All managers. |
None of the choices.
|
|
|
You may describe MAC as:
A. Opportunistic B. Prohibitive C. None of the choices. D. Permissive |
Prohibitive
|
|
|
Under MAC, which of the following is true?
A. All that is expressly permitted is forbidden. B. All that is not expressly permitted is forbidden. C. All that is not expressly permitted is not forbidden. D. None of the choices. |
All that is not expressly permitted is forbidden
|
|
|
Under MAC, a clearance is a:
A. Sensitivity B. Subject C. Privilege D. Object |
Privilege
|
|
|
Under MAC, a file is a(n):
A. Privilege B. Subject C. Sensitivity D. Object |
Object
|
|
|
Under MAC, classification reflects:
A. Sensitivity B. Subject C. Privilege D. Object |
Sensitivity
|
|
|
MAC is used for:
A. Defining imposed access control level. B. Defining user preferences. C. None of the choices. D. Defining discretionary access control level. |
Defining imposed access control level.
|
|
|
With MAC, who may make decisions that bear on policy?
A. None of the choices. B. All users. C. Only the administrator. D. All users except guests. |
Only the administrator.
|
|
|
With MAC, who may NOT make decisions that derive from policy?
A. All users except the administrator. B. The administrator. C. The power users. D. The guests. |
All users except the administrator.
|
|
|
Under the MAC control system, what is required?
A. Performance monitoring B. Labeling C. Sensing D. None of the choices |
Labeling
|
|
|
Access controls that are not based on the policy are characterized as:
A. Secret controls B. Mandatory controls C. Discretionary controls D. Corrective controls |
Discretionary controls
|
|
|
DAC are characterized by many organizations as:
A. Need-to-know controls B. Preventive controls C. Mandatory adjustable controls D. None of the choices |
Need-to-know controls
|
|
|
Which of the following correctly describe DAC?
A. It is the most secure method. B. It is of the B2 class. C. It can extend beyond limiting which subjects can gain what type of access to which objects. D. It is of the B1 class. |
It can extend beyond limiting which subjects can gain what type of access to which objects.
|
|
|
Under DAC, a subjects rights must be ________ when it leaves an organization altogether.
A. recycled B. terminated C. suspended D. resumed |
terminated
|
|
|
In a discretionary mode, which of the following entities is authorized to grant information access to other people?
A. ) manager B. ) group leader C. ) security manager D. ) user |
user
|
|
|
With RBAC, each user can be assigned:
A. One or more roles. B. Only one role. C. A token role. D. A security token. |
One or more roles.
|
|
|
With RBAC, roles are:
A. Based on labels. B. All equal C. Hierarchical D. Based on flows. |
Hierarchical
|
|
|
With __________, access decisions are based on the roles that individual users have as part of an organization.
A. Server based access control. B. Rule based access control. C. Role based access control. D. Token based access control. |
Role based access control.
|
