Chapter 7 & 8 Security +

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Ernestleeburns

Ernestleeburns

Community Contributor

Quizzes Created: 6 | Total Attempts: 606

Questions: 53 | Attempts: 133 | Updated: May 1, 2024

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

Which of the following logical access control methods would a security administrator need to modify in order to control network traffic passing through a router to a different network?
- A.
  
  Configuring VLAN 1
- B.
  
  ACL
- C.
  
  Logical tokens
- D.
  
  Role-based access control changes
Correct Answer
B. ACL

Explanation
ACL stands for Access Control List, which is a method used to control network traffic. By modifying the ACL, a security administrator can specify which types of traffic are allowed or denied to pass through a router to a different network. This allows the administrator to have granular control over the network traffic and ensure that only authorized traffic is allowed to pass through the router.

Rate this question:
2.

After installing database software the administrator must manually change the default administrative password, remove a default database, and adjust permissions on specific files. These actions are BEST described as:
- A.
  
  Vulnerability assessment
- B.
  
  Mandatory access control
- C.
  
  Application hardening
- D.
  
  Least priviledge
Correct Answer
B. Mandatory access control

Explanation
The actions of changing the default administrative password, removing a default database, and adjusting permissions on specific files are considered as mandatory access control. This term refers to the practice of enforcing strict access control policies and procedures to ensure that only authorized individuals have access to sensitive resources. By implementing these measures, the administrator is ensuring that the database software is secure and protected from unauthorized access.

Rate this question:
3.

Which of the following methods is a best practice for granting access to resources?
- A.
  
  Add ACLs to computers, add computers to groups
- B.
  
  Add ACLs to user; add users to groups
- C.
  
  Add users to ACLs; add computers to groups
- D.
  
  Add groups to ACLs; add users and computers to groups
Correct Answer
D. Add groups to ACLs; add users and computers to groups

Explanation
The best practice for granting access to resources is to add groups to ACLs and then add users and computers to those groups. By doing so, access can be easily managed and controlled at the group level, rather than individually assigning permissions to each user or computer. This approach allows for efficient administration and simplifies the process of granting or revoking access to resources.

Rate this question:
4.

Which of the following may cause a user, connected to NAC-enabled network, to not be prompted for credentials
- A.
  
  The user's PC is missing the authentication agent
- B.
  
  The user's PC is not fully patched
- C.
  
  The user's PC is not at the latest service pack
- D.
  
  The user's PC has out-of-date antivirus software
Correct Answer
A. The user's PC is missing the authentication agent

Explanation
If the user's PC is missing the authentication agent, it means that the necessary software or component that facilitates the authentication process is not installed or functioning properly on the user's PC. This could cause the user to not be prompted for credentials because the authentication agent is responsible for initiating the authentication process and requesting the user to provide their credentials. Without the authentication agent, the network may not recognize the user's PC as a valid and trusted device, leading to the lack of prompt for credentials.

Rate this question:
5.

Which of the following is an example of two-factor authentication?
- A.
  
  PIN and password
- B.
  
  Smartcard and token
- C.
  
  Smartcard and PIN
- D.
  
  Fingerprint and retina scan
Correct Answer
C. Smartcard and PIN

Explanation
Smartcard and PIN is an example of two-factor authentication because it requires the use of two different factors to verify the user's identity. The smartcard serves as the first factor, which is something the user possesses, and the PIN serves as the second factor, which is something the user knows. By combining these two factors, it adds an extra layer of security to the authentication process, making it more difficult for unauthorized individuals to gain access.

Rate this question:
6.

Which of the following uses a three-way handshake for authentication and is commonly used in PPP connections?
- A.
  
  MD5
- B.
  
  CHAP
- C.
  
  Kerberos
- D.
  
  SLIP
Correct Answer
B. CHAP

Explanation
CHAP (Challenge Handshake Authentication Protocol) uses a three-way handshake for authentication and is commonly used in PPP (Point-to-Point Protocol) connections. During the handshake process, the server sends a challenge to the client, which responds with a hashed value of the challenge using a shared secret. The server then compares the received response with its own calculation to verify the client's identity. This authentication method provides a higher level of security compared to other options listed, such as MD5 (Message Digest Algorithm 5), Kerberos, and SLIP (Serial Line Internet Protocol).

Rate this question:
7.

To ensure users are logging into their systems using a least priviledge method, which of the following should be done?
- A.
  
  Create a user account without administrator priviledges
- B.
  
  Employ a BIOS password that differs from the domain password
- C.
  
  Enforce a group policy with the least amount of account restrictions
- D.
  
  Allow users to determine their needs and access to resources
Correct Answer
A. Create a user account without administrator priviledges

Explanation
To ensure users are logging into their systems using a least privilege method, creating a user account without administrator privileges is the correct approach. This means that the user will have limited access and permissions, reducing the risk of unauthorized actions or system changes. By not granting administrator privileges, users will only have access to the resources and functionalities necessary for their tasks, promoting security and minimizing the potential for accidental or intentional misuse of system resources.

Rate this question:
8.

A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:
- A.
  
  Seperation of duties
- B.
  
  Job-based access control
- C.
  
  Least priviledge
- D.
  
  Remote access policy
Correct Answer
C. Least priviledge

Explanation
The principle of least privilege states that a user should only be given the minimum level of access necessary to perform their job duties. In this scenario, the user wants to edit a file but does not have the necessary permissions. This is an example of applying the principle of least privilege because the user's access rights are restricted to read-only, which is the minimum level of access required for their job role.

Rate this question:
9.

Which of the following is a BEST practice for organizing users when impementing a least priviledge model?
- A.
  
  By function
- B.
  
  By department
- C.
  
  By geographic location
- D.
  
  By management level
Correct Answer
A. By function

Explanation
Organizing users by function is considered a best practice when implementing a least privilege model. This approach groups users based on their specific job roles or responsibilities, allowing for more granular control over access permissions. By organizing users in this way, administrators can easily assign and revoke privileges based on the functions or tasks that users need to perform, reducing the risk of granting unnecessary access rights. This helps to minimize the potential for privilege abuse or unauthorized access, enhancing overall security and compliance in the organization.

Rate this question:
10.

The process of validating a user's claimed identity is called:
- A.
  
  Identification
- B.
  
  Authorization
- C.
  
  Validation
- D.
  
  Repudiation
Correct Answer
A. Identification

Explanation
Identification is the process of validating a user's claimed identity. It involves verifying the user's credentials, such as username and password, to ensure that they are who they claim to be. This process is essential for ensuring the security and integrity of a system or application, as it helps prevent unauthorized access and protects sensitive information.

Rate this question:
11.

Which of the following is a detective security control?
- A.
  
  CCTV
- B.
  
  Firewall
- C.
  
  Design reviews
- D.
  
  Bollards
Correct Answer
A. CCTV

Explanation
CCTV (Closed Circuit Television) is a detective security control as it is used to monitor and record activities in a specific area. It allows for the identification and investigation of security incidents after they have occurred. CCTV can provide valuable evidence in the event of theft, vandalism, or other criminal activities. It acts as a deterrent and helps in maintaining a secure environment by constantly monitoring and recording activities.

Rate this question:
12.

Which of the following is a reason to implement Kerberos over local system authentication?
- A.
  
  Authentication to multiple devices
- B.
  
  Centralized file integrity protection
- C.
  
  Non-repudiation
- D.
  
  Greater password complexity
Correct Answer
B. Centralized file integrity protection

Explanation
Implementing Kerberos over local system authentication provides centralized file integrity protection. Kerberos is a network authentication protocol that uses a centralized authentication server to verify the identities of users and devices. By implementing Kerberos, organizations can ensure that all file access and modifications are tracked and protected centrally, preventing unauthorized changes or tampering. This centralized approach enhances the security and integrity of the files across multiple devices and provides a more robust protection mechanism compared to local system authentication.

Rate this question:
13.

Which of the following faciliates computing for heavily utilized systems and networks?
- A.
  
  Remote access
- B.
  
  Provider cloud
- C.
  
  VPN concentrator
- D.
  
  Telephony
Correct Answer
C. VPN concentrator

Explanation
A VPN concentrator is a device that allows multiple VPN connections to be established and managed simultaneously. It is specifically designed to handle large volumes of traffic and provide secure communication between multiple networks or systems. Therefore, a VPN concentrator is the most suitable option for facilitating computing for heavily utilized systems and networks.

Rate this question:
14.

Which of the following is a reason to use TACACS+ over RADIUS?
- A.
  
  Combines authentication and authorization
- B.
  
  Encryption of all data between client and server
- C.
  
  TACACS+ uses the UDP protocol
- D.
  
  TACACS+ has less attribute-value pairs
Correct Answer
B. Encryption of all data between client and server

Explanation
TACACS+ is preferred over RADIUS because it provides encryption for all data transmitted between the client and server. This ensures that the data is secure and cannot be intercepted or tampered with by unauthorized users.

Rate this question:
15.

Which of the following describes an attack technique by which an intruder gains physical access by following an authorized user into a fcility before the door is closed?
- A.
  
  Shoulder surfing
- B.
  
  Tailgating
- C.
  
  Escalation
- D.
  
  Impersonation
Correct Answer
B. Tailgating

Explanation
Tailgating is an attack technique where an intruder gains physical access to a facility by following an authorized user through a door before it is closed. This technique relies on the intruder blending in with legitimate users and taking advantage of their access privileges. The intruder may use various tactics, such as acting confident or carrying items that make them appear like an employee or visitor. Once inside, the intruder can carry out malicious activities without raising suspicion.

Rate this question:
16.

Which of the following access control methods provides the BEST protection against attackers logging on as authorized user?
- A.
  
  Require a PIV card
- B.
  
  Utilize time of day restrictions
- C.
  
  Implement deny
- D.
  
  Utilize seperation of duties
Correct Answer
D. Utilize seperation of duties

Explanation
Utilizing separation of duties provides the best protection against attackers logging on as authorized users. This method ensures that multiple individuals are involved in critical tasks and responsibilities, reducing the risk of unauthorized access. By dividing roles and assigning different responsibilities to different individuals, it becomes more difficult for attackers to gain full access and control. This method also helps in detecting and preventing insider threats, as it requires collusion between multiple individuals to carry out unauthorized actions.

Rate this question:
17.

Centrally authenticating multiple systems and applications against a federated user database is an example of:
- A.
  
  Smart card
- B.
  
  Common access card
- C.
  
  Single sign-on
- D.
  
  Access control list
Correct Answer
C. Single sign-on

Explanation
Centrally authenticating multiple systems and applications against a federated user database refers to the concept of single sign-on. Single sign-on allows users to log in once and gain access to multiple systems without the need for separate authentication. This enhances user convenience and improves security by reducing the need for multiple passwords and credentials.

Rate this question:
18.

Which of the following uses tickets to identify users to the network?
- A.
  
  RADIUS
- B.
  
  LDAP
- C.
  
  TACACS+
- D.
  
  Kerberos
Correct Answer
D. Kerberos

Explanation
Kerberos is the correct answer because it uses tickets to authenticate and identify users to the network. Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret key cryptography. When a user requests access to a network resource, Kerberos issues a ticket to the user, which is then presented to the network server for authentication. This ticket-based authentication system ensures secure and trusted communication between users and network services.

Rate this question:
19.

Which of the following is an example of implementing security using the least priviledge principle?
- A.
  
  Confidentiality
- B.
  
  Availability
- C.
  
  Integrity
- D.
  
  Non-repudiation
Correct Answer
B. Availability

Explanation
Implementing security using the least privilege principle means that individuals or processes are only given the minimum level of access necessary to perform their tasks. Availability, in this context, does not align with the least privilege principle as it focuses on ensuring that resources are accessible and usable when needed, rather than restricting access to only what is necessary. Therefore, availability is not an example of implementing security using the least privilege principle.

Rate this question:

0
1
20.

Which of the following is an authentication method that uses symmetric key encryption and a key distribution center?
- A.
  
  MS-CHAP
- B.
  
  Kerberos
- C.
  
  802.1x
- D.
  
  EAP
Correct Answer
B. Kerberos

Explanation
Kerberos is an authentication method that uses symmetric key encryption and a key distribution center. It is widely used in computer networks to provide secure authentication for users and services. Kerberos uses a trusted third-party server called the Key Distribution Center (KDC) to distribute and manage encryption keys. This allows users and services to securely authenticate and communicate with each other.

Rate this question:
21.

Which of the following is a preventative physical security measure?
- A.
  
  Video surveillance
- B.
  
  External lighting
- C.
  
  Physical access log
- D.
  
  Access control system
Correct Answer
D. Access control system

Explanation
An access control system is a preventative physical security measure because it allows organizations to control and restrict access to certain areas or resources. By using mechanisms such as key cards, biometric authentication, or passwords, the access control system ensures that only authorized individuals can enter specific areas. This helps to prevent unauthorized access, theft, or damage to valuable assets, providing an additional layer of security to the physical environment.

Rate this question:
22.

Mandatory Acess Control (MAC) allows:
- A.
  
  Access rights indicated by the role of the individual
- B.
  
  Access associated with the classification of data
- C.
  
  A system administrator to centralized policy
- D.
  
  Rights to be assigned by the data owner
Correct Answer
B. Access associated with the classification of data

Explanation
Mandatory Access Control (MAC) is a security mechanism that determines access rights based on the classification of data. It ensures that access to data is granted or denied based on the sensitivity or classification level of the data. This means that only individuals with the appropriate clearance level can access certain classified data. MAC is different from role-based access control (RBAC), which assigns access rights based on the role of the individual. In MAC, access rights are determined by the classification of the data itself, not the role of the user.

Rate this question:
23.

The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this?
- A.
  
  Set a local password policy on each workstation and server
- B.
  
  Set a domain password policy
- C.
  
  Set a group policy to enforce password changes
- D.
  
  Post a memo detailing the requirement of the new password complexity requirements
Correct Answer
B. Set a domain password policy

Explanation
Setting a domain password policy would be the best way to require all users to use complex passwords. A domain password policy allows the administrator to enforce password complexity requirements across the entire network, ensuring that all users are required to create strong passwords. This centralized approach is more efficient and effective than setting a local password policy on each workstation and server, as it allows for consistent password management and reduces the risk of weak passwords being used. Setting a group policy to enforce password changes can be part of the domain password policy, but it alone does not address the requirement for complex passwords. Posting a memo detailing the requirement of the new password complexity requirements is not as effective as implementing a domain password policy, as it relies on users to voluntarily comply with the new requirements.

Rate this question:
24.

Which of the following would be used to eliminate the need for an administrator to manually configure passwords on each network device in a larg LAN?
- A.
  
  RADIUS
- B.
  
  OVAL
- C.
  
  RAS
- D.
  
  IPSec VPN
Correct Answer
A. RADIUS

Explanation
RADIUS (Remote Authentication Dial-In User Service) would be used to eliminate the need for an administrator to manually configure passwords on each network device in a large LAN. RADIUS is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. It allows for a single set of credentials to be used for authentication across multiple network devices, reducing the need for manual configuration of passwords on each device.

Rate this question:
25.

The security administrato needs to determine whether common words and phrases are being used as passwords on the company server. Which of the following attacks would MOST easily accomplish this task?
- A.
  
  NTLM hashing
- B.
  
  Dictionary
- C.
  
  Brute Force
- D.
  
  Encyclopedia
Correct Answer
B. Dictionary

Explanation
A dictionary attack would be the most effective method to determine whether common words and phrases are being used as passwords on the company server. In a dictionary attack, a hacker uses a pre-generated list of commonly used passwords or words from a dictionary to try and gain unauthorized access. This method is relatively quick and efficient as it eliminates the need to try every possible combination of characters, like in a brute force attack. Therefore, a dictionary attack would be the best choice for the security administrator to identify weak passwords on the server.

Rate this question:
26.

The company president wants to replace usernames and passwords with USB security tokens for company system. Which of the following authentication models would be in use?
- A.
  
  Two factor
- B.
  
  Form factor
- C.
  
  Physical factor
- D.
  
  Single factor
Correct Answer
D. Single factor

Explanation
The given correct answer is "Single factor." In this authentication model, only one factor (in this case, the USB security token) is used to verify the identity of the user. The use of USB security tokens replaces the traditional username and password combination, providing a more secure method of authentication.

Rate this question:
27.

Which of the following presents the GREATEST security risk to confidentiality of proprietary corporate data when attackers have physical access to the data center?
- A.
  
  Solid state drives
- B.
  
  Cell phone cameras
- C.
  
  USB drives
- D.
  
  NAS
Correct Answer
C. USB drives

Explanation
USB drives present the greatest security risk to the confidentiality of proprietary corporate data when attackers have physical access to the data center. USB drives can easily be used to copy or transfer sensitive data, allowing attackers to steal or compromise confidential information. Unlike solid state drives or NAS, USB drives are portable and can be easily concealed or smuggled out of the data center, making them a significant threat to the security of proprietary corporate data. Cell phone cameras, while potentially a risk, are less likely to be able to copy large amounts of data compared to USB drives.

Rate this question:
28.

An administrator is providing management with a mobile device that allows email access. The mobile device will be password protecte in case of loss. Which of the following additional security measures should the administrator ensure is in place?
- A.
  
  The mobile device should erase itself after a set number of invalid attempts
- B.
  
  The password should be alphanumeric only, due to keypad limitations
- C.
  
  The password should be common so that the mobile device can be re-assigned
- D.
  
  The mobile device should use and be equipped with removal storage for sensitive data retrieval
Correct Answer
A. The mobile device should erase itself after a set number of invalid attempts

Explanation
The administrator should ensure that the mobile device erases itself after a set number of invalid attempts to enhance security. This measure will protect sensitive data in case the device is lost or stolen and someone tries to gain unauthorized access. By erasing itself, the device prevents any potential data breaches and ensures that the information remains secure.

Rate this question:
29.

An administrator is concerned that users are not utilizing strong passwords. Which of the following can be done to enforce user compliance?
- A.
  
  Implement a strict domain level group policy
- B.
  
  Supply the users with suggested password guidelines
- C.
  
  Offer user training regarding proper policy
- D.
  
  Supply the users with a third-party application to hash their passwords
Correct Answer
A. Implement a strict domain level group policy

Explanation
Implementing a strict domain level group policy is an effective way to enforce user compliance with strong password usage. With a group policy, the administrator can set specific password requirements such as minimum length, complexity, and expiration period. These requirements will be enforced across the entire domain, ensuring that all users are using strong passwords. By implementing this policy, the administrator can mitigate the risk of weak passwords and enhance the overall security of the system.

Rate this question:
30.

Which of the following is an example of a smart card?
- A.
  
  PIV
- B.
  
  MAC
- C.
  
  One-time password
- D.
  
  Tokens
Correct Answer
B. MAC
31.

Which of the following is seen as non-secure based on its ability to only store seven upper case characters of data making it susceptible to brute force attacks?
- A.
  
  PAP
- B.
  
  NTLMv2
- C.
  
  LANMAN
- D.
  
  CHAP
Correct Answer
C. LANMAN

Explanation
LANMAN is seen as non-secure because it can only store seven upper case characters of data. This limitation makes it susceptible to brute force attacks, where an attacker systematically tries all possible combinations of characters until the correct password is found. With only seven characters to try, it becomes easier for an attacker to guess the password and gain unauthorized access.

Rate this question:
32.

Which of the following is a way to control system access by department function?
- A.
  
  Role-Based Access Control
- B.
  
  Rule- Based Access Control
- C.
  
  Mandatory Access Control
- D.
  
  Discretionary Access Control
Correct Answer
A. Role-Based Access Control

Explanation
Role-Based Access Control (RBAC) is a way to control system access by department function. RBAC assigns roles to users based on their job responsibilities and grants permissions accordingly. This ensures that users only have access to the resources and information necessary for their specific role or function within the organization. RBAC simplifies access management by grouping users into roles and defining their access privileges based on those roles, making it easier to manage and enforce access control policies.

Rate this question:
33.

In which of the following locations can password complexity be enforced via group policy?
- A.
  
  Domain controller
- B.
  
  Local SAM databases
- C.
  
  ACLs
- D.
  
  NAC servers
Correct Answer
A. Domain controller

Explanation
Password complexity can be enforced via group policy on a domain controller. Group policies are used to manage and configure settings for multiple computers within a network domain. By configuring the password complexity settings in the group policy on the domain controller, administrators can ensure that users are required to create strong and complex passwords that meet specific criteria, such as minimum length, use of uppercase and lowercase letters, numbers, and special characters. This helps enhance the security of the network and prevents users from using weak or easily guessable passwords.

Rate this question:
34.

Which of the following access control methods requires significant background investigations?
- A.
  
  Discretionary Access Control
- B.
  
  Rule-Based Access Control
- C.
  
  Role-Based Access Control
- D.
  
  Mandatory Access Control
Correct Answer
C. Role-Based Access Control

Explanation
Role-Based Access Control (RBAC) requires significant background investigations because it assigns permissions based on an individual's role within an organization. This means that individuals are granted access to certain resources based on their job responsibilities and requirements. To ensure that the right individuals are assigned the appropriate roles and access privileges, thorough background investigations are necessary to verify their qualifications, trustworthiness, and suitability for the assigned roles. This helps to mitigate potential security risks and ensure that sensitive information is protected from unauthorized access.

Rate this question:
35.

Which of the following access control methods prevents a user from accessing network resources after the end of the user's typical shift?
- A.
  
  Group policy
- B.
  
  Time of day restrictions
- C.
  
  Password policy
- D.
  
  Acceptable use policy
Correct Answer
B. Time of day restrictions

Explanation
Time of day restrictions is the correct answer because this access control method allows administrators to define specific time periods during which users are allowed or denied access to network resources. By setting restrictions based on the user's typical shift, access can be automatically revoked after the end of the shift, preventing unauthorized access outside of the designated work hours. This helps to enhance security and ensure that network resources are only accessible during authorized times.

Rate this question:
36.

Which of the following is a required component for deploying Kerberos?
- A.
  
  Extensible authentication protocol
- B.
  
  Ticket granting server
- C.
  
  Remote access server
- D.
  
  Certificate authority
Correct Answer
B. Ticket granting server

Explanation
A ticket granting server is a required component for deploying Kerberos because it is responsible for issuing tickets to clients after they have been authenticated by the authentication server. These tickets are then used by clients to request access to various resources within the Kerberos realm. Without a ticket granting server, clients would not be able to obtain the necessary tickets to access resources and the Kerberos authentication process would not function properly.

Rate this question:
37.

Which of the following would protect an employee network traffic on a non-company owned network?
- A.
  
  802.1x
- B.
  
  VPN
- C.
  
  RADIUS
- D.
  
  Antivirus
Correct Answer
B. VPN

Explanation
A VPN (Virtual Private Network) would protect an employee's network traffic on a non-company owned network. A VPN creates a secure and encrypted connection between the employee's device and the company's network, ensuring that their data cannot be intercepted or accessed by unauthorized individuals. This is particularly important when using public Wi-Fi networks or other untrusted networks outside of the company's control.

Rate this question:
38.

Assigning access on a need-to-know basis is a best practice in which of the following controls?
- A.
  
  Account management
- B.
  
  Risk assessment
- C.
  
  Vulnerability assessment
- D.
  
  Patch management
Correct Answer
A. Account management

Explanation
Assigning access on a need-to-know basis is a best practice in account management. This practice ensures that individuals are only granted access to information and resources that are necessary for them to perform their job duties. By limiting access to only what is needed, the risk of unauthorized access or misuse of sensitive information is reduced. This control helps to maintain the confidentiality, integrity, and availability of data and resources within an organization.

Rate this question:
39.

Which of the following groups should be able to view the results of the risk assessment for an organization?
- A.
  
  HR employees
- B.
  
  All employees
- C.
  
  Executive management and Information security employees
- D.
  
  Vendors
Correct Answer
C. Executive management and Information security employees

Explanation
Executive management and Information security employees should be able to view the results of the risk assessment for an organization because they are responsible for making strategic decisions and ensuring the security of the organization's information. The risk assessment results provide valuable insights into potential vulnerabilities and threats, which are crucial for these groups to effectively manage risks and make informed decisions. HR employees and vendors may not require access to this information unless it is relevant to their specific roles and responsibilities. All employees may not necessarily need access to the risk assessment results as it may not be relevant to their day-to-day work.

Rate this question:
40.

Which of the following is the primary location where global policies are implemented in an organization?
- A.
  
  Domain
- B.
  
  Physical memory
- C.
  
  User documentation
- D.
  
  Security group
Correct Answer
A. Domain

Explanation
In an organization, the primary location where global policies are implemented is the domain. A domain is a logical group of network resources, such as computers, users, and devices, that are managed by a centralized authority. It allows for centralized management and control of security policies, user accounts, and other network resources. By implementing global policies at the domain level, organizations can ensure consistent and standardized security measures and settings across their entire network.

Rate this question:
41.

Which of the following BEST secures ingrees and egrees points in a data center?
- A.
  
  ID badges
- B.
  
  Proximity cards
- C.
  
  Escorts
- D.
  
  Log book
Correct Answer
B. Proximity cards

Explanation
Proximity cards are the best option for securing ingress and egress points in a data center. These cards use radio frequency identification (RFID) technology to grant access to authorized individuals. They are more secure than ID badges, as they cannot be easily duplicated or forged. Escorts may provide temporary security, but they are not a long-term solution. Log books are also not as secure, as they can be tampered with or lost. Proximity cards offer a reliable and efficient way to control access to the data center.

Rate this question:
42.

A secure company protal, accessible publicly but only to company employees, frequently fails to renew certificates, resulting in expired certificate warnings for users. These failures:
- A.
  
  Permit man-in-middle attacks to steal users credentials
- B.
  
  Are irratating to the user but the traffic remains encrypted; breed complacency among users for all certification warnings
- C.
  
  Expose traffic sent between the server and the user's computer
- D.
  
  Increase resources used by the company's web-servers
Correct Answer
B. Are irratating to the user but the traffic remains encrypted; breed complacency among users for all certification warnings

Explanation
The correct answer is that the failures to renew certificates are irritating to the user but the traffic remains encrypted, and they breed complacency among users for all certification warnings. This means that while the expired certificate warnings may annoy users, the actual traffic between the server and the user's computer is still encrypted and secure. However, the frequent occurrence of these warnings may cause users to become complacent and ignore other certification warnings, which can be a security risk.

Rate this question:
43.

Which of the following best practices should be applied to print resources to enforce existing information assurance controls?
- A.
  
  Remove unnecessary users from groups with permissions to the resources
- B.
  
  Restrict group membership to users who do not print often
- C.
  
  Set the printer to standby mode after hours
- D.
  
  Ensure that all user groups have permission to all printers
Correct Answer
A. Remove unnecessary users from groups with permissions to the resources

Explanation
To enforce existing information assurance controls, it is important to remove unnecessary users from groups with permissions to the resources. By doing so, access to the print resources is limited only to those who actually need it, reducing the risk of unauthorized access or misuse. This practice helps to enhance the overall security and integrity of the print resources, ensuring that only authorized individuals have the necessary permissions and reducing the potential for data breaches or unauthorized printing.

Rate this question:
44.

Limiting access to a file resource to only the creator by default, is an example of applyng which of the following security concepts?
- A.
  
  Behavior-based security
- B.
  
  Logical tokens
- C.
  
  Least priviledge
- D.
  
  Role-based access control
Correct Answer
C. Least priviledge

Explanation
Limiting access to a file resource to only the creator by default is an example of applying the security concept of least privilege. This concept ensures that users are granted only the minimum level of access necessary to perform their tasks, reducing the risk of unauthorized access or misuse of resources. By default, only the creator of the file has access, preventing unnecessary access by other users and reducing the potential for security breaches.

Rate this question:
45.

Which of the following represents two factor authentication?
- A.
  
  A password and a PKI certificate
- B.
  
  A retina and fingerprint scan
- C.
  
  A security badge and a physical token
- D.
  
  A passphrase and PIN
Correct Answer
A. A password and a PKI certificate

Explanation
Two factor authentication is a security measure that requires two different forms of identification before granting access. In this case, the correct answer is "A password and a PKI certificate." A password is something the user knows, while a PKI certificate is something the user possesses. By combining these two factors, it adds an extra layer of security to verify the user's identity.

Rate this question:
46.

The administrator needs to set permissions for the new print server for a company comprised of 320 people in 18 departments. Each department has its own set of printers. Which of the following options is the BEST way to do this?
- A.
  
  Place all the people into distribution groups. Assign printer access by access group
- B.
  
  Place all the people into department groups. Assign printer access by matching individuals to printer groups
- C.
  
  Place all the people into departmental groups. Assign access to all printers for each group
- D.
  
  Place all the people into departmental groups. Assign printer access by matching group to department
Correct Answer
D. Place all the people into departmental groups. Assign printer access by matching group to department

Explanation
The best way to set permissions for the new print server is to place all the people into departmental groups and assign printer access by matching the group to the department. This ensures that each department has access to their own set of printers, which is the most efficient and organized way to manage printer access for a company with multiple departments.

Rate this question:
47.

WPA2-Enterprise can use which of the following to authenticate a user?
- A.
  
  RRAS
- B.
  
  TKIP
- C.
  
  RADIUS
- D.
  
  RSA
Correct Answer
C. RADIUS

Explanation
WPA2-Enterprise can use RADIUS to authenticate a user. RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting management for users connecting to a network. It allows the network access server to communicate with a RADIUS server to verify the user's credentials and grant or deny access accordingly.

Rate this question:
48.

Which of the following authentication models often requires different systems to function together and is complicated to implement in non-homgeneousn environment?
- A.
  
  Three factor authentication
- B.
  
  Single sign-on
- C.
  
  On factor authentication
- D.
  
  Two factor authentication
Correct Answer
B. Single sign-on

Explanation
Single sign-on is an authentication model that often requires different systems to function together and is complicated to implement in non-homogeneous environments. This is because single sign-on allows users to access multiple systems and applications with just one set of credentials, which requires integration and coordination between these systems. In non-homogeneous environments, where different systems may have different authentication mechanisms and protocols, implementing single sign-on can be challenging and complex.

Rate this question:
49.

Which of the following can be implemented to ensure an employee cannot use the system outside of normal business hours?
- A.
  
  Time of day restrictions
- B.
  
  Implicit deny
- C.
  
  Account expiration
- D.
  
  Two factor authentication
Correct Answer
A. Time of day restrictions

Explanation
Time of day restrictions can be implemented to ensure that an employee cannot use the system outside of normal business hours. This means that the system will only allow access during specific time periods designated as normal business hours, and any attempts to access the system outside of these hours will be denied. This helps to enforce security policies and prevent unauthorized access to the system during non-working hours.

Rate this question:
50.

A remote network administrator calls the helpdesk reporting that they are able to connect via VPN but are unable to make any changes to the internal web server. Which of the following is MOST likely the cause?
- A.
  
  The VPN concentrator needs to be configured
- B.
  
  The administrator needs to be added to the web servers administration group
- C.
  
  The administrator does not have the correct access rights to dial in remotely
- D.
  
  IPSec needs to be reinstalled on the administrator's workstation
Correct Answer
B. The administrator needs to be added to the web servers administration group

Explanation
The most likely cause for the remote network administrator being unable to make any changes to the internal web server is that they have not been added to the web server's administration group. This group typically has the necessary permissions and access rights to make changes to the web server. By adding the administrator to this group, they should be able to make the necessary changes via VPN.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
May 01, 2024

Quiz Edited by
ProProfs Editorial Team
Apr 06, 2011

Quiz Created by
Ernestleeburns

Chapter 7 & 8 Security +

Which of the following logical access control methods would a security administrator need to modify in order to control network traffic passing through a router to a different network?

After installing database software the administrator must manually change the default administrative password, remove a default database, and adjust permissions on specific files. These actions are BEST described as:

Which of the following methods is a best practice for granting access to resources?

Which of the following may cause a user, connected to NAC-enabled network, to not be prompted for credentials

Which of the following is an example of two-factor authentication?

Which of the following uses a three-way handshake for authentication and is commonly used in PPP connections?

To ensure users are logging into their systems using a least priviledge method, which of the following should be done?

A user wants to edit a file that they currently have read-only rights to; however, they are unable to provide a business justification, so the request is denied. This is the principle of:

Which of the following is a BEST practice for organizing users when impementing a least priviledge model?

The process of validating a user's claimed identity is called:

Which of the following is a detective security control?

Which of the following is a reason to implement Kerberos over local system authentication?

Which of the following faciliates computing for heavily utilized systems and networks?

Which of the following is a reason to use TACACS+ over RADIUS?

Which of the following describes an attack technique by which an intruder gains physical access by following an authorized user into a fcility before the door is closed?

Which of the following access control methods provides the BEST protection against attackers logging on as authorized user?

Centrally authenticating multiple systems and applications against a federated user database is an example of:

Which of the following uses tickets to identify users to the network?

Which of the following is an example of implementing security using the least priviledge principle?

Which of the following is an authentication method that uses symmetric key encryption and a key distribution center?

Which of the following is a preventative physical security measure?

Mandatory Acess Control (MAC) allows:

The administrator needs to require all users to use complex passwords. Which of the following would be the BEST way to do this?

Which of the following would be used to eliminate the need for an administrator to manually configure passwords on each network device in a larg LAN?

The security administrato needs to determine whether common words and phrases are being used as passwords on the company server. Which of the following attacks would MOST easily accomplish this task?

The company president wants to replace usernames and passwords with USB security tokens for company system. Which of the following authentication models would be in use?

Which of the following presents the GREATEST security risk to confidentiality of proprietary corporate data when attackers have physical access to the data center?

An administrator is providing management with a mobile device that allows email access. The mobile device will be password protecte in case of loss. Which of the following additional security measures should the administrator ensure is in place?

An administrator is concerned that users are not utilizing strong passwords. Which of the following can be done to enforce user compliance?

Which of the following is an example of a smart card?

Which of the following is seen as non-secure based on its ability to only store seven upper case characters of data making it susceptible to brute force attacks?

Which of the following is a way to control system access by department function?

In which of the following locations can password complexity be enforced via group policy?

Which of the following access control methods requires significant background investigations?

Which of the following access control methods prevents a user from accessing network resources after the end of the user's typical shift?

Which of the following is a required component for deploying Kerberos?

Which of the following would protect an employee network traffic on a non-company owned network?

Assigning access on a need-to-know basis is a best practice in which of the following controls?

Which of the following groups should be able to view the results of the risk assessment for an organization?

Which of the following is the primary location where global policies are implemented in an organization?

Which of the following BEST secures ingrees and egrees points in a data center?

A secure company protal, accessible publicly but only to company employees, frequently fails to renew certificates, resulting in expired certificate warnings for users. These failures:

Which of the following best practices should be applied to print resources to enforce existing information assurance controls?

Limiting access to a file resource to only the creator by default, is an example of applyng which of the following security concepts?

Which of the following represents two factor authentication?

The administrator needs to set permissions for the new print server for a company comprised of 320 people in 18 departments. Each department has its own set of printers. Which of the following options is the BEST way to do this?

WPA2-Enterprise can use which of the following to authenticate a user?

Which of the following authentication models often requires different systems to function together and is complicated to implement in non-homgeneousn environment?

Which of the following can be implemented to ensure an employee cannot use the system outside of normal business hours?

A remote network administrator calls the helpdesk reporting that they are able to connect via VPN but are unable to make any changes to the internal web server. Which of the following is MOST likely the cause?