Deck 5: Access Control

A) RBAC is less prone to error
B) RBAC is more expensive
C) RBAC has fewer assignments to make
D) RBAC is cheaper

A) Electronic devices that can record or copy mass amounts of information should be forbidden in secure areas.
B) When no one is in a secure area, it should be locked and verified periodically.
C) Unsupervised work in secure areas should be avoided.
D) No one should be allowed to work in secure areas for more than seven hours to align with security rules.

A) authorized
B) logged
C) monitored
D) visually recorded

A) reusable
B) one-time
C) complex
D) strong

A) 20 to 40
B) approximately 25
C) approximately 35
D) 30 to 60

A) A password reset
B) A password management program
C) A system reset
D) An assertion

A) More than half
B) Approximately a quarter to a third
C) Approximately half
D) 30 to 60

A) 111111
B) 123456
C) qwerty
D) iloveyou

A) 111111
B) 123456
C) qwerty
D) iloveyou

A) access card
B) biometric card
C) token
D) RFID

A) chip
B) token
C) PIN
D) magnetic strip

A) passive; active
B) physical; virtual
C) not secure; secure
D) new technology; old technology

A) access card
B) RFID
C) token
D) template

A) four to six digits
B) four to six characters
C) at least six digits
D) at least 10 digits

A) biometric authentication
B) public key infrastructure
C) public key-private key pairs
D) two-factor authentication

A) USB token
B) RFID
C) one-time password token
D) public key-private key

A) reader scans each person's biometric data
B) reader processes the enrollment scan data
C) reader sends key feature data to the database
D) key feature data is used as a template

A) The entire data set that is processed
B) The first 1056 bytes of data
C) The first 256 characters of data
D) A few key features

A) user access data
B) supplicant scanning
C) acceptance
D) match index

A) Error rate
B) Supplicant scanning
C) Acceptance
D) Match index

A) TGT
B) FTE
C) RFID
D) PKI

A) verification
B) acceptance
C) supplicant scanning
D) match index

A) verification
B) acceptance
C) supplicant scanning
D) match index

A) Fingerprint recognition is fairly unknown to the general population.
B) Fingerprint scanners account for just a small fraction of the total biometrics market.
C) Fingerprint recognition scanners are very expensive.
D) Fingerprint recognition technology is well developed.

A) CRLs; OCSP
B) PKIs; CA
C) CRLs; CA
D) HMACs; CA

A) user access data
B) permissions
C) supplicant scanning
D) acceptance

A) the principle of minimum identity data
B) two-factor authentication
C) multifactor authentication
D) the principle of least permissions

A) Automatic alerts should be established.
B) Log files should be read regularly.
C) External auditing should be conducted periodically.
D) Reading log files is an easy and minimally time-consuming process.

A) Logging
B) Authenticating
C) Verifying
D) Authorizing

A) They reduce costs.
B) They give consistency in authentication no matter where a user or attacker comes into the network.
C) They only allow authentication to networks when employees are at the same physical locations as the servers.
D) They allow company-wide changes to be made instantly.

A) Kerberos
B) RADIUS
C) LDAP
D) MS-CHAP

A) Domain controller servers
B) directory servers
C) authentication servers
D) RADIUS servers

A) objects
B) USB tokens
C) one-time password token
D) public keys

A) organization; organizational unit
B) organization; organized understanding
C) one-time; one-time user
D) organized; organized user

A) MS-Chap
B) LDAP
C) RADIUS
D) Kerberos

A) MS-Chap
B) AD
C) RADIUS
D) Kerberos

A) send assertions to one another
B) query one another's identity management databases
C) authenticate users
D) provide verification

A) Authenticity
B) Authorization
C) Attributes
D) Nodes

A) SAML
B) MS-Chap
C) SSO
D) XML