(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests. Mike Chapple

Чтение книги онлайн.

      68 Questions like “What is your pet's name?” are examples of what type of identity proofing?Knowledge-based authenticationDynamic knowledge-based authenticationOut-of-band identity proofingA Type 3 authentication factor

      69 Madhuri creates a table that includes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempts to access an object, the systems check the table to ensure that the subject has the appropriate rights to the objects. What type of access control system is Madhuri using?A capability tableAn access control listAn access control matrixA subject/object rights management system

      70 During a review of support tickets, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?Two-factor authenticationBiometric authenticationSelf-service password resetPassphrases

      71 Brian's large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unencrypted information transferred during authentication. How should Brian implement encryption for RADIUS?Use the built-in encryption in RADIUS.Implement RADIUS over its native UDP using TLS for protection.Implement RADIUS over TCP using TLS for protection.Use an AES256 pre-shared cipher between devices.

      72 Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?KerberosOAuthOpenIDLDAP

      73 Ben's organization has had an issue with unauthorized access to applications and workstations during the lunch hour when employees aren't at their desk. What are the best types of session management solutions for Ben to recommend to help prevent this type of access?Use session IDs for all access and verify system IP addresses of all workstations.Set session timeouts for applications and use password-protected screensavers with inactivity timeouts on workstations. Use session IDs for all applications, and use password-protected screensavers with inactivity timeouts on workstations.Set session timeouts for applications and verify system IP addresses of all workstations.

      74 What type of authentication scenario is shown in the following diagram?Hybrid federationOn-premise federationCloud federationKerberos federation

      75 Chris wants to control access to his facility while still identifying individuals. He also wants to ensure that the individuals are the people who are being admitted without significant ongoing costs. Which solutions from the following options would meet all of these requirements? (Select all that apply.)Security guards and photo identification badgesRFID badges and readers with PIN padsMagstripe badges and readers with PIN padsSecurity guards and magstripe readers

      76 A device like Yubikey or Titan Security Key is what type of Type 2 authentication factor?A tokenA biometric identifierA smart cardA PIV

      77 What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API?SAMLShibbolethOpenID ConnectHiggins

      78 Jim wants to implement an access control scheme that will ensure that users cannot delegate access. He also wants to enforce access control at the operating system level. What access control mechanism best fits these requirements?Role-based access controlDiscretionary access controlMandatory access controlAttribute-based access control

      79 The security administrators at the company that Susan works for have configured the workstation she uses to allow her to log in only during her work hours. What type of access control best describes this limitation?Constrained interfaceContext-dependent controlContent-dependent controlLeast privilege

      80 Ben uses a software-based token that changes its code every minute. What type of token is he using?AsynchronousSmart cardSynchronousStatic

      81 Firewalls are an example of what type of access control mechanism?Mandatory access controlAttribute-based access controlDiscretionary access controlRule-based access control

      82 Michelle works for a financial services company and wants to register customers for her web application. What type of authentication mechanism could she use for the initial login if she wants to quickly and automatically verify that the person is who they claim to be without having a previous relationship with them?Request their Social Security number.Use knowledge-based authentication. Perform manual identity verification.Use a biometric factor.

      83 Megan's company wants to use Google accounts to allow users to quickly adopt their web application. What common cloud federation technologies will Megan need to implement? (Select all that apply.)KerberosOpenIDOAuthRADIUS

      84 Session ID length and session ID entropy are both important to prevent what type of attack?Denial of serviceCookie theftSession guessingMan-in-the-middle attacks

      85 The access control system for Naomi's organization checks if her computer is fully patched, if it has a successful clean anti-malware scan, and if the firewall is turned on among other security validations before it allows her to connect to the network. If there are potential issues, she is not permitted to connect and must contact support. What type of access control scheme best describes this type of process?MACRule-based access controlRole-based access controlRisk-based access control

      86 Isabelle wants to prevent privilege escalation attacks via her organization's service accounts. Which of the following security practices is best suited to this?Remove unnecessary rights.Disable interactive login for service accounts.Limit when accounts can log in.Use meaningless or randomized names for service accounts.

      87 What danger is created by allowing the OpenID relying party to control the connection to the OpenID provider?It may cause incorrect selection of the proper OpenID provider.It creates the possibility of a phishing attack by sending data to a fake OpenID provider. The relying party may be able to steal the client's username and password.The relying party may not send a signed assertion.

      88 Jim is implementing a cloud identity solution for his organization. What type of technology is he putting in place?Identity as a serviceEmployee ID as a serviceCloud-based RADIUSOAuth

      89 Kristen wants to control access to an application in her organization based on a combination of staff member's job titles, the permissions each group of titles need for the application, and the time of day and location. What type of control scheme should she select?ABACDACMACRole BAC

      90 When Alex sets the permissions shown in the following image as one of many users on a Linux server, what type of access control model is he leveraging?Role-based access controlRule-based access controlMandatory access control (MAC)Discretionary access control (DAC)

      91 Joanna leads her organization's identity management team and wants to ensure that roles are properly updated when staff members change to new positions. What issue should she focus on for those staff members to avoid future issues with role definition?RegistrationPrivilege creepDeprovisioningAccountability

      92 What type of authorization mechanism is shown in the following chart?RBACABACMACDAC

      93 Susan is troubleshooting Kerberos authentication problems with symptoms including TGTs that are not accepted as valid and an inability to receive new tickets. If the system she is troubleshooting is properly configured for Kerberos authentication, her username and password are correct, and her network connection is functioning, what is the most likely issue?The Kerberos server is offline.There is a protocol mismatch.The client's TGTs have been marked as compromised and de-authorized.The Kerberos server and the local client's time clocks are not synchronized.

      94 Brian wants to explain the benefits of an on-premise federation approach for identity to his organization's СКАЧАТЬ