Pen used to do a practice exam.

Domain 4 Quiz

Domain 4 Quiz

  1. Jenny can unlock her work mobile phone by drawing a pattern on the screen with her finger. This mode of authentication verifies:
    1. Something you know
    2. Something you have
    3. Something you are
    4. Something you do
    5. Somewhere you are
  2. To enter the server room Joe must pass through a mantrap, entering a PIN on a keypad at the outer door, entering the mantrap and closing the door behind him, swiping his badge on the reader, then typing a password into a keyboard by the inner door. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  3. To enter the server room Joe must be recognized by the guard, enter a PIN on the keypad, and place his hand on a scanner. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  4. To enter the server room Joe must be recognized by the guard, show the guard his badge, and enter a PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  5. Joe has been given a Post-It note with a PIN written on it. To enter the server room he must be recognized by the guard, tell the guard the passphrase of the day, and enter the PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  6. Yoyodyne Corporation plans to use Active Directory for single sign-on throughout the enterprise. Which network protocols must be added to the ALLOW list in all internal router ACLs? Select two.
    1. LDAP
    2. LDAPS
    3. Kerberos
    4. X.500
  7. Dmitri's company wants to establish SSO. The initial analysis concluded that they need a system that handles both authentication and authorization with tokens. Dmitri has concluded that the protocol used by Facebook and LinkedIn is the most promising. He is favoring:
    1. SAML
    2. OAUTH
    3. OpenID
    4. WS-Federation
    5. Shibboleth
  8. Kristina works at a financial services firm that suffered a major breach. They have implemented a centralized AAA system regulating access to the Intranet. After proving their identity with a smart card and a complex passphrase, users are connected to the appropriate VLAN. Internal services are only provided to user sessions holding valid service tickets. Intranet activity records are continuously analyzed to detect inappropriate or malicious activity. Identify this latter activity.
    1. Identification
    2. Authentication
    3. Authorization
    4. Auditing
  9. Pedro's manager has been given a recommendation that they implement a single-sign on solution in which user sessions will have cryptographic software tokens providing their identity, their authorization to use services, and the cryptographic keys used to secure their communication. What should Pedro recommend?
    1. Kerberos
    2. RADIUS
    3. SAML
    4. VPN
  10. Mikhail, a system administrator, has been asked by Kelli, a database administrator, to create an account for the new database project. The account should require authenticated access, have auditing enable, but incapable of interaction, with credentials that rarely if ever change. What type of account should Mikhail create?
    1. Ordinary user
    2. Privileged user
    3. Administrator
    4. Guest
    5. Service
    6. Management
  11. Which password policy setting would require a user to include both digits and special characters in their password?
    1. Prohibiting dictionary words
    2. Length
    3. Complexity
    4. Maximum age
    5. Minimum age
    6. Expiration
    7. Length
  12. Akira authenticates with a device that displays a different value every minute. What is this an example of?
    1. Multi-factor
    2. OTP
    3. HOTP
    4. TOTP
  13. Kerberos provides which three of the following? Select three.
    1. Network intrusion detection
    2. ESSO
    3. Cryptographic key control
    4. Log analysis and alerting
    5. An API supporting third-party applications
    6. A "single pane of glass" dashboard
  14. Functional SSO must incorporate which of the following?
    1. Active Directory
    2. RADIUS
    3. Federated identity management
    4. Kerberos
  15. Which of these is an XML-based open-source standard that involves an IdP or Identity Provider, an SP or Service Provider, and a Principal, and is the basis for several other authentication systems?
    1. SAML
    2. OAUTH
    3. OpenID
    4. Shibboleth
    5. WS-Federation
  16. A military contractor is very worried about physical intrusion. They need to keep unauthorized individuals out of sensitive areas. Inappropriately allowing an unauthorized individuals into an area is classified as which of the following:
    1. False Acceptance
    2. False Rejection
    3. False Positive
    4. False Negative
    5. Fail Open
    6. Fail Closed
  17. Which of these is an open-source standards-based solution for single sign-on web authentication, based largely on SAML?
    1. OAUTH
    2. OpenID
    3. EAP-TLS
    4. Shibboleth
    5. WS-Federation
  18. Mutual authentication involves which two? Select two.
    1. Client authenticating the server
    2. Client authorizing the server
    3. Server authenticating the client
    4. Server authorizing the client
  19. You are equipping a forensics team. Which of these would be most useful?
    1. A set of precision screwdrivers
    2. A playbook
    3. Luminol
    4. Latex gloves and masks
  20. You observe this data.
    11:43:57.293662 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 1, length 64
    11:43:57.294143 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 1, length 64
    11:43:58.294308 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 2, length 64
    11:43:58.294730 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 2, length 64
    11:43:59.322328 IP 192.168.1.1 > 192.168.1.7: ICMP echo request, id 5331, seq 3, length 64
    11:43:59.322645 IP 192.168.1.7 > 192.168.1.1: ICMP echo reply, id 5331, seq 3, length 6 
    Which tool or defensive measure was involved? Select two.
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  21. You observe this data.
    www.google.com (172.217.6.4) 56(84) bytes of data.
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=1 ttl=116 time=26.9 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=2 ttl=116 time=28.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=3 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=4 ttl=116 time=27.2 ms
    64 bytes from ord38s01-in-f4.1e100.net (172.217.6.4): icmp_seq=5 ttl=116 time=28.5 ms
    
    --- www.google.com statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4005ms
    rtt min/avg/max/mdev = 26.976/27.673/28.568/0.621 ms 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  22. You observe this data.
    enp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
            inet6 2601:249:4300:cb:a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x0<global>
            inet6 fe80::a62:66ff:fe2c:ab1c  prefixlen 64  scopeid 0x20<link>
            ether 08:62:66:2c:ab:1c  txqueuelen 1000  (Ethernet)
            RX packets 16332198  bytes 4799272313 (4.7 GB)
            RX errors 0  dropped 3  overruns 0  frame 0
            TX packets 27220877  bytes 32805346549 (32.8 GB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  23. You observe this data.
    Host is up (0.00031s latency).
    rDNS record for 192.168.1.40: hplj4250n.kc9rg.org
    Not shown: 993 closed ports
    PORT      STATE SERVICE    VERSION
    80/tcp    open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    280/tcp   open  http       Virata-EmWeb 6.2.1 (HP LaserJet http config)
    443/tcp   open  ssl/https?
    515/tcp   open  printer
    7627/tcp  open  http       HP-ChaiSOE 1.0 (HP LaserJet http config)
    9100/tcp  open  jetdirect?
    14000/tcp open  tcpwrapped
    MAC Address: 00:12:79:DF:81:B1 (Hewlett Packard)
    Device type: printer
    Running: HP embedded
    OS details: HP LaserJet 4250 (JetDirect) printer
    Network Distance: 1 hop
    Service Info: Host: 192.168.1.40; Device: printer 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  24. You observe this data.
    192.168.1.4 at dc:a6:32:36:a9:4e [ether] on enp9s0
    192.168.1.218 at b8:27:eb:1f:f6:87 [ether] on enp9s0
    192.168.1.20 at b8:27:eb:03:6b:37 [ether] on enp9s0
    192.168.1.205 at b8:27:eb:f9:ea:4d [ether] on enp9s0
    192.168.1.7 at b8:27:eb:95:25:5b [ether] on enp9s0
    192.168.1.40 at 00:12:79:df:81:b1 [ether] on enp9s0
    192.168.1.254 at 38:94:ed:fa:48:88 [ether] on enp9s0
    192.168.1.42 at 00:1c:50:ac:72:1e [ether] on enp9s0
    192.168.1.3 at dc:a6:32:36:a9:4e [ether] on enp9s0 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  25. You observe this data.
    Proto Recv-Q Send-Q Local Address          Foreign Address        (state)
    tcp        0      0 www.http               ec2-54-251-14-39.http  SYN_RCVD
    tcp        0      0 www.http               97-127-152-158.c.http  SYN_RCVD
    tcp        0     72 www.ssh                c-67-162-124-176.57046 ESTABLISHED
    tcp        0      0 www.ssh                c-67-162-124-176.56956 TIME_WAIT
    tcp        0      0 www.57694              metadata.google..http  ESTABLISHED
    tcp        0      0 localhost.9000         localhost.45172        TIME_WAIT
    tcp        0      0 www.https              cpe-184-153-88-7.45718 ESTABLISHED
    tcp        0      0 www.https              ec2-54-90-33-176.40684 ESTABLISHED
    tcp        0      0 www.https              petalbot-114-119.32762 TIME_WAIT
    tcp        0      0 www.https              static.kpn.net.49168   ESTABLISHED
    tcp        0      0 www.https              static.kpn.net.49169   ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1480  ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1478  ESTABLISHED
    tcp        0      0 www.https              185-97-201-166.n.1476  ESTABLISHED
    tcp        0      0 www.https              crawl-66-249-79-.52368 TIME_WAIT
    tcp        0      0 www.https              crawl-66-249-79-.35610 TIME_WAIT
    tcp        0      0 www.http               crawl-66-249-68-.58406 TIME_WAIT
    tcp        0      0 www.https              84.93.94.244.56895     ESTABLISHED
    tcp        0      0 www.https              ip-99-203-20-246.19011 ESTABLISHED
    tcp        0      0 www.https              pool-96-252-105-.51616 TIME_WAIT
    tcp        0     63 www.https              CPE589630c056fc-.59897 FIN_WAIT_1
    tcp        0      0 www.http               200.46.45.114.50849    CLOSED
    tcp        0      0 www.http               201.130.137.117..44167 CLOSED
    tcp        0      0 *.https                *.*                    LISTEN
    tcp        0      0 *.http                 *.*                    LISTEN
    tcp        0      0 localhost.9000         *.*                    LISTEN
    tcp        0      0 *.ssh                  *.*                    LISTEN
    tcp6       0      0 *.ssh                  *.*                    LISTEN
    tcp        0      0 localhost.smtp         *.*                    LISTEN 
    Which tool or defensive measure was involved?
    1. Wireshark
    2. ping
    3. nmap
    4. tcpdump
    5. netstat
    6. arp
    7. ifconfig
  26. You observe this command output.
    ;; connection timed out; no servers could be reached 
    What is wrong?
    1. DNS cache poisoning has happened
    2. Your workstation cannot contact the nameserver
    3. The domain does not exist
    4. There is no host with the requested name
  27. Which of these can you put in a boot script to prevent MitM?
    1. nmap -sS -sV -T5 192.168.12.72
    2. arp -s 00:13:3B:12:6f:aa 192.168.12.72
    3. tcpdump -i eth0 host 192.168.12.72 or ether host 00:13:3b:12:6f:aa
    4. netstat -an
    5. ping 192.168.12.72

To the answers

Passing = 82% of 27 = 22.1

Goal = 91% of 27 = 24.6

To the Cybersecurity Page