Security + Access Control
Access Control
Questions and Answers
- 1.
Which access control model allows the owner of a resource to establish privileges to the information they own and has nonmandatory labels?
- A.
DAC
- B.
MAC
- C.
RBAC
- D.
BAC
Correct Answer
A. DACExplanation
The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own and has nonmandatory labels. The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges to files on the system. The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. BAC is not a valid access control model.Rate this question:
-
- 2.
Which of the following authentication protocols is the simplest?
- A.
CHAP
- B.
Security token
- C.
PAP
- D.
Kerberos
Correct Answer
C. PAPExplanation
Password Authentication Protocol (PAP) offers no true security and is one of the simplest forms of authentication: both the username and the password are sent as clear text and checked for a match. Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity and employs an encrypted challenge. Security tokens are forms of certificates that contain rights and access privileges of a token bearer as part of their token. Kerberos authenticates a principal (user, system, program, and so on) and provides it with a ticket.Rate this question:
-
- 3.
Which access control model is a static model that uses a predefined set of access privileges to files on the system?
- A.
DAC
- B.
MAC
- C.
RBAC
- D.
BRACK
Correct Answer
B. MACExplanation
The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges to files on the system. The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own and has nonmandatory labels. The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. BRACK is not a valid access control model.Rate this question:
-
- 4.
Which of the following authentication protocols authenticates a principal (user, system, program, and so on) and provides it with a ticket?
- A.
CHAP
- B.
Security token
- C.
PAP
- D.
Kerberos
Correct Answer
D. KerberosExplanation
Kerberos authenticates a principal (user, system, program, and so on) and provides it with a ticket. Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity and employs an encrypted challenge. Security tokens are forms of certificates that contain rights and access privileges of a token bearer as part of their token. Password Authentication Protocol (PAP) offers no true security and is one of the simplest forms of authentication: both the username and the password are sent as clear text and checked for a match.Rate this question:
-
- 5.
Which of the following authentication protocols challenges a system to verify identity and employs an encrypted challenge?
- A.
CHAP
- B.
Security token
- C.
PAP
- D.
Kerberos
Correct Answer
A. CHAPExplanation
Challenge Handshake Authentication Protocol (CHAP) challenges a system to verify identity and employs an encrypted challenge. Security tokens are forms of certificates that contain rights and access privileges of a token bearer as part of their token. Password Authentication Protocol (PAP) offers no true security and is one of the simplest forms of authentication: both the username and the password are sent as clear text and checked for a match. Kerberos authenticates a principal (user, system, program, and so on) and provides it with a ticket.Rate this question:
-
- 6.
Which of the following access attacks amounts to someone looking through your files in hopes of finding something interesting?
- A.
Snooping
- B.
Passive interception
- C.
Eavesdropping
- D.
Active interception
Correct Answer
A. SnoopingExplanation
All the choices listed are various types of access attacks. In a snooping attack, someone looks through your files in hopes of finding something interesting. In an eavesdropping attack, the attacker listens in on or overhears parts of a conversation. In a passive interception attack, someone routinely monitors network traffic. In an active interception attack, a computer is placed between the sender and receiver to capture information while it's sent.Rate this question:
-
- 7.
Which of the following is not a valid access control model?
- A.
DAC
- B.
MAC
- C.
RBAC
- D.
BAC
Correct Answer
D. BACExplanation
BAC is not a valid access control model. The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own and has nonmandatory labels. The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges to files on the system. The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization.Rate this question:
-
- 8.
Which access control model allows a user to act in a certain predetermined manner based on the role the user holds in the organization?
- A.
DAC
- B.
MAC
- C.
RBAC
- D.
SAC
Correct Answer
C. RBACExplanation
The Role-Based Access Control (RBAC) model allows a user to act in a certain predetermined manner based on the role the user holds in the organization. The Mandatory Access Control (MAC) model is a static model that uses a predefined set of access privileges to files on the system. The Discretionary Access Control (DAC) model allows the owner of a resource to establish privileges to the information they own and has nonmandatory labels. SAC is not a valid access control model.Rate this question:
-
- 9.
Which of the following is an implementation of X.500 that operates on port 389?
- A.
X.502
- B.
LDAP
- C.
XNS
- D.
XML
Correct Answer
B. LDAPExplanation
Lightweight Directory Access Protocol (LDAP) is a pared-down X.500 implementation that operates on port 389. The other choices are not valid for this question.Rate this question:
-
- 10.
Which of the following exists for every object in Active Directory and must be unique?
- A.
RDN
- B.
CN
- C.
UPN
- D.
DN
Correct Answer
D. DNExplanation
The domain name (DN) exists for every object in Active Directory and must be unique; it is the full path of the object, including any containers. The relative distinguished name (RDN) is the portion of the name that is unique within the container. The user principal name (UPN) consists of the user account and the user's domain name and is often referred to as the friendly name. The canonical name (CN) is the distinguished name given in a top-down notation.Rate this question:
-
- 11.
Which of the following is not a Microsoft protocol?
- A.
NFS
- B.
NetBIOS
- C.
NetBEUI
- D.
WINS
Correct Answer
A. NFSExplanation
Network File System (NFS) is the default file-sharing protocol for Unix-based systems. Network Basic Input Output System (NetBIOS) is the native networking protocol of Windows-based PCs. NetBIOS Extended User Interface (NetBEUI) is used to transport NetBIOS across the LAN. Windows Internet Naming Service (WINS) translates NetBIOS names to TCP/IP addresses.Rate this question:
-
- 12.
Which of the following is the portion of the name that is unique within the container?
- A.
RDN
- B.
CN
- C.
UPN
- D.
DN
Correct Answer
A. RDNExplanation
The relative distinguished name (RDN) is the portion of the name that is unique within the container. The canonical name (CN) is the distinguished name given in a top-down notation. The user principal name (UPN) consists of the user account and the user's domain name and is often referred to as the friendly name. The domain name (DN) exists for every object in Active Directory and must be unique; it is the full path of the object, including any containers.Rate this question:
-
- 13.
Which of the following is often referred to as the friendly name?
- A.
RDN
- B.
CN
- C.
UPN
- D.
DN
Correct Answer
C. UPNExplanation
The user principal name (UPN) consists of the user account and the user's domain name and is often referred to as the friendly name. The relative distinguished name (RDN) is the portion of the name that is unique within the container. The canonical name (CN) is the distinguished name given in a top-down notation. The domain name (DN) exists for every object in Active Directory and must be unique; it is the full path of the object, including any containers.Rate this question:
-
- 14.
Which of the following LDAP/Active Directory names is a distinguished name given in a top-down notation?
- A.
RDN
- B.
CN
- C.
UPN
- D.
NDP
Correct Answer
B. CNExplanation
The canonical name (CN) is the distinguished name given in a top-down notation. The relative distinguished name (RDN) is the portion of the name that is unique within the container. The user principal name (UPN) consists of the user account and the user's domain name and is often referred to as the friendly name. The other option is not a valid choice for a type of LDAP/Active Directory name.Rate this question:
-
- 15.
Which of the following is the Novell directory management service that replaced NDS?
- A.
DNS
- B.
EDirectory
- C.
ZENworks
- D.
Registry
Correct Answer
B. EDirectoryExplanation
NDS was replaced by eDirectory. The Novell bindery was replaced by NetWare/Novell Directory Service (NDS).Rate this question:
-
- 16.
Which of the following is the native networking protocol of Windows-based PCs?
- A.
IPX/SPX
- B.
NetBIOS
- C.
NetBEUI
- D.
NFS
Correct Answer
B. NetBIOSExplanation
Network Basic Input Output System (NetBIOS) is the native networking protocol of Windows-based PCs. Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a networking protocol proprietary to Novell that was used with NetWare 4.x and earlier versions. NetBIOS Extended User Interface (NetBEUI) is used to transport NetBIOS across the LAN. Network File System (NFS) is the default file-sharing protocol for Unix-based systems.Rate this question:
-
- 17.
Which protocol is used to manage and monitor devices in a network?
- A.
SNMP
- B.
ICMP
- C.
IGMP
- D.
TFTP
Correct Answer
A. SNMPExplanation
Simple Network Management Protocol (SNMP) is used to manage and monitor devices in a network. Internet Control Message Protocol (ICMP) is used to report errors and reply to requests from programs such as ping and traceroute. Internet Group Management Protocol (IGMP) is used to manage group or multicasting sessions. Trivial File Transfer Protocol (TFTP) is an anonymous version of FTP.Rate this question:
-
- 18.
Which of the following network protocols was proprietary and used in Novell NetWare prior to version 5?
- A.
IPX/SPX
- B.
NetBIOS
- C.
NetBEUI
- D.
NFS
Correct Answer
A. IPX/SPXExplanation
Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a networking protocol proprietary to Novell that was used with NetWare 4.x and earlier versions. Network Basic Input Output System (NetBIOS) was the native networking protocol of Windows-based PCs prior to TCP/IP. NetBIOS Extended User Interface (NetBEUI) is used to transport NetBIOS across the LAN. Network File System (NFS) is the default file-sharing protocol for Unix-based systems.Rate this question:
-
- 19.
Which of the following is the Novell directory management service that replaced the bindery?
- A.
NDS
- B.
EDirectory
- C.
ZENworks
- D.
Registry
Correct Answer
A. NDSExplanation
The Novell bindery was replaced by NetWare/Novell Directory Service (NDS). NDS was replaced by eDirectory.Rate this question:
-
- 20.
Which of the following is used to transport NetBIOS across the LAN?
- A.
IPX/SPX
- B.
WINS
- C.
NetBEUI
- D.
NFS
Correct Answer
C. NetBEUIExplanation
NetBIOS Extended User Interface (NetBEUI) is used to transport NetBIOS across the LAN. Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a networking protocol proprietary to Novell that was used with NetWare 4.x and earlier versions. Network Basic Input Output System (NetBIOS) is the native networking protocol of Windows-based PCs, and WINS (Windows Internet Name Service) is used to translate NetBIOS names to network addresses. Network File System (NFS) is the default file-sharing protocol for Unix-based systems.Rate this question:
-
- 21.
Which of the following sends a message from a single system to the entire network?
- A.
Broadcast
- B.
Multicast
- C.
Unicast
- D.
Sudocast
Correct Answer
A. BroadcastExplanation
A broadcast sends a message from a single system to the entire network. A multicast sends a message to multiple addresses. A unicast is multicast formatted but oriented at a single system. There is no such valid messaging option as sudocast.Rate this question:
-
- 22.
What is the acronym used for the Remote Access Service (RAS) in the current Microsoft Windows operating systems?
- A.
SAR
- B.
RAS2
- C.
RRAS
- D.
RASTER
Correct Answer
C. RRASExplanation
In the current Microsoft Windows operating systems, RAS is known as Routing and Remote Access Service (RRAS). The other choices are not valid.Rate this question:
-
- 23.
Which port does NNTP use?
- A.
49
- B.
110
- C.
119
- D.
138
Correct Answer
C. 119Explanation
NNTP uses port 119. TACACS uses port 49. POP3 uses port 110. NetBIOS uses port 138 (as well as 137 and 139).Rate this question:
-
- 24.
RAS connections can be made using modems and what else?
- A.
POX
- B.
CO
- C.
POTS
- D.
SOX
Correct Answer
C. POTSExplanation
RAS connections can be made using modems and Plain Old Telephone Service (POTS).Rate this question:
-
- 25.
What abbreviation is used in most PBX diagrams to signify the phone company?
- A.
CO
- B.
POTS
- C.
PC
- D.
PBX-Main
Correct Answer
A. COExplanation
The telephone company is always abbreviated as the central office (CO). Connections to the CO are often done through T1 and T3 lines.Rate this question:
-
- 26.
Virtual private networks (VPNs) employ tunneling at which layer of the OSI model?
- A.
1
- B.
2
- C.
4
- D.
5
Correct Answer
B. 2Explanation
VPNs employ tunneling at layer 2 of the OSI model.Rate this question:
-
- 27.
Which port does TACACS use?
- A.
49
- B.
110
- C.
119
- D.
138
Correct Answer
A. 49Explanation
TACACS uses port 49. POP3 uses port 110. NNTP uses port 119. NetBIOS uses port 138 (as well as 137 and 139).Rate this question:
-
- 28.
You have been instructed by your boss to block all LDAP traffic, with and without SSL. Which port(s) should you block? (Choose all that apply.)
- A.
143
- B.
389
- C.
443
- D.
636
Correct Answer(s)
B. 389
D. 636Explanation
LDAP uses port 389. LDAP with SSL uses port 626. IMAP uses port 143. HTTPS uses port 443.Rate this question:
-
- 29.
You want to harden your IIS web server (named blackwater) by placing stricter permissions on all anonymous users. Which user account should you place stricter permissions on?
- A.
IUSR_blackwater
- B.
Anon_blackwater
- C.
IIS_blackwater
- D.
IIS_anon
Correct Answer
A. IUSR_blackwaterExplanation
With IIS, the anonymous account is IUSR_computername, which becomes IUSR_blackwater in this case. The other options are incorrect.Rate this question:
-
- 30.
You want to configure your firewall to block all NetBIOS traffic. Which port(s) should you block? (Choose all that apply.)
- A.
137
- B.
138
- C.
139
- D.
140
Correct Answer(s)
A. 137
B. 138
C. 139Explanation
The NetBIOS session service uses ports 137, 138, and 139. Port 140 is not used by NetBIOS.Rate this question:
-
- 31.
What type of access control device can include a scale to weigh the person before allowing them entry?
- A.
Mantrap
- B.
Biometric reader
- C.
TACACS
- D.
RADIUS
Correct Answer
A. MantrapExplanation
A mantrap can incorporate scales to weigh the individual and make certain no one is sneaking in with them.Rate this question:
-
- 32.
RADIUS should be used to improve security by adding a single authentication service for which type of users?
- A.
Local users
- B.
Remote users
- C.
Administrative users
- D.
Intranet users
Correct Answer
B. Remote usersExplanation
Remote Authentication Dial-In User Service (RADIUS) is used to authenticate users who connect remotely.Rate this question:
-
- 33.
You want to prevent users from being able to change configuration settings in their Windows-based operating system. Which of the following will allow you to disable the ability of users from accessing these settings?
- A.
ACLs
- B.
Domain policies
- C.
Logical tokens
- D.
Group policies
Correct Answer
D. Group policiesExplanation
Group policies can be used to prevent users from making configuration settings to their operating system for Windows-based operating systems.Rate this question:
-
- 34.
You have chosen to specifically name certain users who cannot access server resources while all other users can access those resources. What is this type of access control known as?
- A.
CHAP
- B.
Anon_block
- C.
Implicit deny
- D.
Implicit accept
Correct Answer
C. Implicit denyExplanation
With implicit deny, you deny access to named users. All other users-those not appearing in the deny list-are granted access to the resources.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 20, 2023Quiz Edited by
ProProfs Editorial Team -
Jan 01, 2011Quiz Created by
Joelcg
Back to top