Pen used to do a practice exam.

Domain 4 Quiz

Domain 4 Quiz

  1. Jenny can unlock her work mobile phone by drawing a pattern on the screen with her finger. This mode of authentication verifies:
    1. Something you know
    2. Something you have
    3. Something you are
    4. Something you do
    5. Somewhere you are
  2. To enter the server room Joe must pass through a mantrap, entering a PIN on a keypad at the outer door, entering the mantrap and closing the door behind him, swiping his badge on the reader, then typing a password into a keyboard by the inner door. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  3. To enter the server room Joe must be recognized by the guard, enter a PIN on the keypad, and place his hand on a scanner. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  4. To enter the server room Joe must be recognized by the guard, show the guard his badge, and enter a PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  5. Joe has been given a Post-It note with a PIN written on it. To enter the server room he must be recognized by the guard, tell the guard the passphrase of the day, and enter the PIN on the keypad. How many factors is this?
    1. 1
    2. 2
    3. 3
    4. 4
  6. Yoyodyne Corporation plans to use Active Directory for single sign-on throughout the enterprise. Which network protocols must be added to the ALLOW list in all internal router ACLs? Select two.
    1. LDAP
    2. LDAPS
    3. Kerberos
    4. X.500
  7. Dmitri's company wants to establish SSO. The initial analysis concluded that they need a system that handles both authentication and authorization with tokens. Dmitri has concluded that the protocol used by Facebook and LinkedIn is the most promising. He is favoring:
    1. SAML
    2. OAUTH
    3. OpenID
    4. WS-Federation
    5. Shibboleth
  8. Kristina works at a financial services firm that suffered a major breach. They have implemented a centralized AAA system regulating access to the Intranet. After proving their identity with a smart card and a complex passphrase, users are connected to the appropriate VLAN. Internal services are only provided to user sessions holding valid service tickets. Intranet activity records are continuously analyzed to detect inappropriate or malicious activity. Identify this latter activity.
    1. Identification
    2. Authentication
    3. Authorization
    4. Auditing
  9. Pedro's manager has been given a recommendation that they implement a single-sign on solution in which user sessions will have cryptographic software tokens providing their identity, their authorization to use services, and the cryptographic keys used to secure their communication. What should Pedro recommend?
    1. Kerberos
    2. RADIUS
    3. SAML
    4. VPN
  10. Mikhail, a system administrator, has been asked by Kelli, a database administrator, to create an account for the new database project. The account should require authenticated access, have auditing enable, but incapable of interaction, with credentials that rarely if ever change. What type of account should Mikhail create?
    1. Ordinary user
    2. Privileged user
    3. Administrator
    4. Guest
    5. Service
    6. Management
  11. Which password policy setting would require a user to include both digits and special characters in their password?
    1. Prohibiting dictionary words
    2. Length
    3. Complexity
    4. Maximum age
    5. Minimum age
    6. Expiration
    7. Length
  12. Akira authenticates with a device that displays a different value every minute. What is this an example of?
    1. Multi-factor
    2. OTP
    3. HOTP
    4. TOTP
  13. Kerberos provides which three of the following? Select three.
    1. Network intrusion detection
    2. ESSO
    3. Cryptographic key control
    4. Log analysis and alerting
    5. An API supporting third-party applications
    6. A "single pane of glass" dashboard
  14. Functional SSO must incorporate which of the following?
    1. Active Directory
    2. RADIUS
    3. Federated identity management
    4. Kerberos
  15. Which of these is an XML-based open-source standard that involves an IdP or Identity Provider, an SP or Service Provider, and a Principal, and is the basis for several other authentication systems?
    1. SAML
    2. OAUTH
    3. OpenID
    4. Shibboleth
    5. WS-Federation
  16. A military contractor is very worried about physical intrusion. They need to keep unauthorized individuals out of sensitive areas. Inappropriately allowing an unauthorized individuals into an area is classified as which of the following:
    1. False Acceptance
    2. False Rejection
    3. False Positive
    4. False Negative
    5. Fail Open
    6. Fail Closed
  17. Which of these is an open-source standards-based solution for single sign-on web authentication, based largely on SAML?
    1. OAUTH
    2. OpenID
    3. EAP-TLS
    4. Shibboleth
    5. WS-Federation
  18. Mutual authentication involves which two? Select two.
    1. Client authenticating the server
    2. Client authorizing the server
    3. Server authenticating the client
    4. Server authorizing the client

To the answers

To the Cybersecurity Page