1/83
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does her organization play when they authenticate their users and assert those users are valid to others?
Identity provider
3 multiple choice options
Which technology is the least effective means of preventing shared accounts?
Password complexity requirements
3 multiple choice options
What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?
The cloud service will provide account and identity management services
3 multiple choice options
Amitoj wants to prevent users from resetting passwords until they can reuse the same one. What setting is used?
Age
3 multiple choice options
Which type of multifactor authentication is considered the least secure?
SMS
3 multiple choice options
Geeta has been issued a USB security key. What type of MFA implementation is this?
Hard token
3 multiple choice options
Michelle enables Windows picture password. Which type of attribute is it?
Something you know
3 multiple choice options
What purpose do Linux permissions rw-r--r-- serve?
To allow the owner to read and write the file, and for the owner's group and others to be able to read it
3 multiple choice options
Theresa wants to set permissions based on job role. Which scheme fits best?
RBAC
3 multiple choice options
Which biometric technology is most broadly deployed?
Fingerprint scanner
3 multiple choice options
Which password setting has the largest impact if current passwords are 8 characters long?
Password length
3 multiple choice options
A PIN is an example of what factor?
Something you know
3 multiple choice options
Marie wants root passwords available during outages using PAM. Which tool helps?
Password vaulting
3 multiple choice options
Jill allows Fred access to her Windows file share. What access control type is this?
Discretionary access control
3 multiple choice options
Lisa logs in to a site using her Google account which provides a token without sharing her password. What technology is this?
OAuth
3 multiple choice options
Kyle is asked for government-issued ID when creating an account. What process is this?
Identity proofing
3 multiple choice options
What concept best describes only providing necessary permissions?
Least privilege
3 multiple choice options
Nina has left the organization. What should be done with her account?
Deprovision the account
3 multiple choice options
A person's name, age, location, or job title are examples of what?
Attributes
3 multiple choice options
What access control scheme best describes the Linux filesystem?
Discretionary access control (DAC)
3 multiple choice options
What is the term for the set of claims made about a subject, such as a person, application, or device?
An identity.
In identity management, what is the difference between an attribute and a trait?
Attributes are changeable (e.g; job title), whereas traits are inherent to the subject (e.g; height, place of birth).
What is the process of proving that an identity belongs to the user who is claiming it
Authentication.
After a user is authenticated, what process verifies what resources and systems they have access to?
Authorization.
What three functions make up the AAA framework in identity and access management?
Authentication, Authorization, and Accounting.
What does the 'Accounting' part of the AAA framework track?
It tracks resource utilization like time, bandwidth, or CPU usage.
The authentication framework commonly used for wireless networks, with implementations like EAP-TLS and LEAP, is known as _____.
Extensible Authentication Protocol (EAP).
Which authentication protocol uses an encrypted challenge and a three-way handshake to send credentials, improving on older protocols like PAP?
Challenge Handshake Authentication Protocol (CHAP).
What is the IEEE standard for network access control (NAC) that is used to authenticate devices wishing to connect to a network
802.1X.
In an 802.1X architecture, a device wanting to connect is called a _____, and it sends requests to an authenticator like a switch or access point.
supplicant
What common AAA system for network devices uses a shared secret and MD5 hash to obfuscate passwords, which is not considered very strong?
Remote Authentication Dial-In User Service (RADIUS).
What Cisco-designed AAA protocol uses TCP, provides full-packet encryption, and allows for granular command controls?
Terminal Access Controller Access Control System Plus (TACACS+).
Which protocol, designed for untrusted networks, authenticates service requests between trusted hosts using a ticket-granting system?
Kerberos.
In Kerberos, what is the initial ticket a client requests from the authentication server to prove its identity?
A ticket-granting ticket (TGT).
What system allows a user to log in with a single identity and then use multiple systems or services without reauthenticating
Single sign-on (SSO).
Which protocol, often used in SSO infrastructures, provides hierarchically organized information about an organization in a directory service?
Lightweight Directory Access Protocol (LDAP).
What XML-based open standard is used for exchanging authentication and authorization information between identity providers and service providers
Security Assertion Markup Language (SAML).
What open standard for authorization allows users to grant third-party applications access to their information without sharing credentials
OAuth.
In a federated identity model, what is the role of the organization that manages the digital identities and handles authentication?
Identity provider (IdP).
In federation, a _____ trusts an identity provider to handle authentication and grants access to services based on that trust.
relying party (RP) or service provider (SP)
What is the term for the formal verification by an IdP that a user is who they claim to be
Attestation.
According to NIST SP 800-63B, what is the recommended practice regarding password complexity requirements?
NIST recommends reducing complexity requirements and instead emphasizing password length.
What password policy setting is used to prevent users from immediately changing their new password back to a previous one
Password age (minimum).
What type of authentication relies on factors like security tokens or biometrics instead of passwords
Passwordless authentication.
FIDO2 is an open authentication standard that relies on _____ for authentication, with a public key sent to services and a private key remaining on the device.
key pairs
What security practice requires a user to provide two or more distinct types of credentials to log in
Multifactor authentication (MFA).
What are the four authentication factors defined in the CompTIA Security+ exam outline?
Something you know, something you have, something you are, and somewhere you are.
A password or PIN is an example of which authentication factor
Something you know.
A smartcard or a USB security key is an example of which authentication factor
Something you have.
A fingerprint or retina scan is an example of which authentication factor
Something you are.
Using a user's GPS coordinates for authentication is an example of which factor
Somewhere you are.
A(n) _____, which is usable only once, is an important defense against password theft and brute-force attacks.
one-time password (OTP)
Which type of OTP uses an algorithm with the current time as part of its code-generation process
Time-based one-time password (TOTP).
Which type of OTP uses a cryptographic hash (HMAC), a seed value, and a counter as a moving factor to generate a code?
HMAC-based one-time password (HOTP).
In biometrics, what is a Type I error, also known as the false rejection rate (FRR)?
When a legitimate biometric measure is presented and the system incorrectly rejects it.
In biometrics, what is a Type II error, also known as the false acceptance rate (FAR)?
When an incorrect biometric factor is presented and the system incorrectly accepts it.
What biometric metric compares the false rejection rate (FRR) against the false acceptance rate (FAR) of a system
The receiver operating characteristic (ROC).
What is the term for a user account associated with an application or service that should not be used for interactive logins
A service account.
What is the process of creating a user account and assigning it resources and permissions
Provisioning.
What is the process of terminating a user account and removing its permissions and related data
Deprovisioning.
The process of ensuring a person is who they claim to be when their account is first created, often by checking a government-issued ID, is called _____.
identity proofing
What security principle is at the core of permission management and dictates that users should only have the minimum rights necessary to perform their job
The principle of least privilege.
What is the term for the gradual accumulation of overly broad permissions by a user over time as their roles and tasks change
Permission creep.
What is the focus of Privileged Access Management (PAM) tools?
To manage, control, and audit administrative and other privileged accounts.
What PAM feature grants permissions to a user only for the duration they are needed and revokes them afterward
Just-in-time (JIT) permissions.
What PAM feature allows users to access privileged accounts without knowing the password, often by 'checking out' the credential for a logged, auditable event?
Password vaulting.
What are temporary accounts with limited lifespans, used for specific purposes where a user needs short-term access, called?
Ephemeral accounts.
Which access control scheme relies on the operating system to enforce a centrally managed security policy, where users cannot change permissions?
Mandatory access control (MAC).
Which access control scheme allows the owner of an object, like a file, to delegate rights and permissions to other users as they see fit?
Discretionary access control (DAC).
Which access control scheme assigns privileges to roles (e.g
'cashier', 'admin') and then assigns users to those roles?;Role-based access control (RBAC).
Which access control scheme uses a set of rules, such as an access control list (ACL) on a firewall, to determine if access is allowed?
Rule-based access control.
Which access control scheme makes decisions based on policies that evaluate attributes of the user, resource, and environment?
Attribute-based access control (ABAC).
What is the term for limiting user logons or system access to specific hours of the day
Time-of-day restrictions.
In Linux file permissions (e.g
`drwxrwxrwx`), what do the first three letters after the initial character represent?;Permissions for the user (owner) of the file.
In Linux file permissions, what does the numeric representation '7' signify?
Read, Write, and Execute permissions (4+2+1).
What would be the numeric representation for the Linux file permission `rw-r--r--`
644.
In Windows file permissions, what does the 'Modify' permission allow a user to do?
It allows viewing as well as changing files or folders.
A _____ is a physical device that may generate a code, plug in via USB, or connect via Bluetooth to present authentication information.
token
Which type of physical card uses an embedded chip and can often generate cryptographic key pairs directly on the card
A smartcard.
In the context of the Security+ exam, LDAP, OAuth, and SAML are all technologies related to what identity management concept?
Single sign-on (SSO).
Which type of account, often prohibited by security policies, is used by multiple individuals, making it difficult to track specific user actions?
A shared or generic account.
A USB security key is considered what type of authentication token implementation
A hard token.
An authenticator application on a smartphone is considered what type of authentication token implementation
A soft token.
Among SMS, HOTP, TOTP, and Biometrics, which multifactor authentication method is generally considered the least secure due to risks like SIM cloning?
SMS (text message).