it security defense against the digital dark arts week 3 answers

Authentication

1. How is authentication different from authorization?

  • Authentication is verifying access to a resource; authorization is verifying an identity.
  • Authentication is identifying a resource; authorization is verifying access to an identity.
  • They’re the same thing.
  • Authentication is verifying an identity; authorization is verifying access to a resource.

2. What are some characteristics of a strong password? Check all that apply,

  • Includes numbers and special characters
  • Is used across accounts and systems
  • Contains dictionary words
  • Is at least eight characters long

3. In a multi-factor authentication scheme, a password can be thought of as:

  • something you have.
  • something you use.
  • something you know.
  • something you are.

4. What are some drawbacks to using biometrics for authentication? Check all that apply.

  • Biometric authentication is difficult or impossible to change if compromised.
  • Biometrics are easy to share.
  • There are potential privacy concerns.
  • Biometric authentication is much slower than alternatives.

5. In what way are U2F tokens more secure than OTP generators?

  • They can’t be cloned.
  • They’re password-protected.
  • They’re cheaper.
  • They’re resistant to phishing attacks.

6. What elements of a certificate are inspected when a certificate is verified? Check all that apply.

  • Trust of the signatory CA
  • “Not valid before” date
  • Certificate key size
  • “Not valid after” date

7. What is a CRL?

  • Certificate Revocation List
  • Certificate Recording Language
  • Caramel Raspberry Lemon
  • Certified Recursive Listener

8. What are the names of similar entities that a Directory server organizes entities into?

  • Clusters
  • Groups
  • Tress
  • Organizational Units

9. True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.

  • True
  • False

10. True or false: Clients authenticate directly against the RADIUS server.

  • True
  • False

11. What does a Kerberos authentication server issue to a client that successfully authenticates?

  • An encryption key
  • A ticket-granting ticket
  • A master password
  • A digital certificate

12. What advantages does single sign-on offer? Check all that apply.

  • It reduces the total number of credentials,
  • It enforces multifactor authentication.
  • It reduces time spent authenticating.
  • It provides encrypted authentication.

13. What does OpenID provide?

  • Certificate signing
  • Digital signatures
  • Authentication delegation
  • Cryptographic hashing

14. What role does authorization play?

  • It determines whether or not an entity has access to a resource.
  • It verifies passwords.
  • It verifies an entity’s identity.
  • It provides strong encryption.

15. What does OAuth provide?

  • Confidentiality
  • Secure communications
  • Access delegation
  • Integrity

16. How is auditing related to accounting?

  • Accounting is reviewing records, while auditing is recording access and usage.
  • Accounting is recording access and usage, while auditing is reviewing these records.
  • They’re not related.
  • They’re the same thing.

17. What is an example of a screen lock method?

  • OS updates
  • Facial recognition
  • Device encryption
  • Firewalls

18. What is a common mobile device security threat?

  • SQL Injection
  • DDoS
  • Insecure Wi-Fi and “meddler-in-the-middle” attacks
  • Zero-day attacks

19. Fill in the blank: In the world of AAA security, “authz” is short for _____.

  • authoritarian
  • authorization
  • authored
  • authentication

20. In the three A’s of security (AAA), what is the process of proving who you claim to be?

  • Authentication
  • Authored
  • Authorization
  • Accounting

21. Which of the following are valid multi-factor authentication factors? Select all that apply.

  • Something you have
  • Something you know
  • Something you did
  • Something you are

22. Which of the following might serve as a multifactor authentication mechanism when used along with a password? Select all that apply.

  • PIN
  • Passphrase
  • Bank card
  • Fingerprint

23. If an organization want to issue and sign client certificates, what will it need to set up?

  • A CA infrastructure
  • An LDAP infrastructure
  • An ID infrastructure
  • A CRL infrastructure

24. In LDAP language, what do we call the folder an object belongs to?

  • A distinguished name (DN)
  • An organizational unit (OU)
  • TLS
  • A data information tree

25. Fill in the blank: The authentication server is to authentication as the ticket granting service is to _____.

  • integrity
  • identification
  • authorization
  • verification

26. Consider the following scenario: Multiple client switches and routers have been set up at a small military base. The network team decided to implement Terminal Access Controller Access-Control System Plus (TACACS+), along with Kerberos, and an external Lightweight

Directory Access Protocol (LDAP) service. What is the primary reason TACACS+ was chosen for this?

  • NIPRNet
  • Network access
  • *A: Device administration
  • Single Sign-On

27. Consider the following scenario: A network admin deployed a Terminal Access Controller Access Control System Plus (TACACS+) system so other admins can properly manage multiple switches and routers on the Local Area Network (LAN). The system will keep track and log admin access to each device and the changes made. This “logging” satisfies which part of the three A’s of security?

  • Accounting
  • Authorization
  • Administration
  • Authentication

28. Which of the following is a way to define permissions or authorizations for objects?

  • Network access servers (NAS)
  • Extensible authentication protocols
  • Access control lists (ACL)
  • Access control entries

29. Fill in the blank: _____ is the idea of describing an entity uniquely.

  • Eligibility
  • Validity
  • Authorization
  • Identification

30. Which of the following passwords is the strongest for authenticating to a system?

  • P@55w0rd!
  • P@ssword!
  • P@w04d!$$L0N6
  • Password!

31. Which of the following are examples of "something you have" for multifactor authentication? Select all that apply.

  • RSA SecureID token
  • One-Time-Password (OTP)
  • Password
  • PING

32. Fill in the blank: In addition to the client being authenticated by the server, certificate authentication also provides _____.

  • server authentication
  • malware protection
  • authorization
  • integrity

33. Which of these are examples of an access control system? Select all that apply.

  • OpenID
  • RADIUS
  • TACACS+
  • OAuth

34. Which of the following are types of one-time-password tokens? Select all that apply.

  • Password-based
  • Counter-based
  • Identity-based
  • Time-based

35. Fill in the blank: Security Keys are more ideal than OTP generators because they are resistant to _____ attacks.

  • password
  • DDoS
  • brute force
  • phishing

36. How might a user protect the data on their mobile device if it is lost or stolen?

  • Refrain from updating apps
  • Remote wipes
  • Reporting the loss to an IT support specialist
  • Keep a spare device with all your data

37. Access control entries can be created for what types of file system objects? Select all that apply.

  • Files
  • APIs
  • Programs
  • Folders

38. Fill in the blank: Authorization is concerned with determining _____ to resources.

  • eligibility
  • access
  • identity
  • validity

39. Fill in the blank: Security Keys utilize a secure challenge-and-response authentication system, which is based on _____.

  • symmetric encryption
  • steganography
  • public key cryptography
  • shared secrets

40. What is used to request access to services in the Kerberos process?

  • Client-to-Server ticket
  • Ticket Granting Ticket
  • TGS session key
  • Client ID

41. What are the benefits of using a Single Sign-On (SSO) authentication service? Select all that apply.

  • One set of credentials for the user
  • Reduce time spent on re-authenticating to services
  • The need for multiple passwords
  • Reduce overhead of password assistance

42. Fill in the blank: In the world of AAA security, “authn” is short for _____.

  • authentication
  • authorization
  • authored
  • authoritarian

43. Fill in the blank: Kerberos enforces strict _____ requirements. Otherwise, authentication will fail.

  • AES
  • strong password
  • LDAP
  • time

44. Consider the following scenario: A company is utilizing Google Business applications for their marketing department. These applications should be able to temporarily access a user's email account to send links for review. Why should the company use Open Authorization (OAuth) in this situation?

  • Gain access through a wireless access point
  • Compatibility with third party apps
  • Administer multiple network devices
  • Utilize a Key Distribution Center server

45. What does a Terminal Access Controller Access Control System Plus (TACACS+) keep track of? Select all that apply.

  • Commands that were run
  • Bandwidth and resource usage
  • Systems users authenticated to
  • Track user authentication

46. What is a client certificate used for?

  • To authenticate the CA
  • To authenticate the client
  • To authenticate the subordinate CA
  • To authenticate the server

47. Consider the following scenario: A network admin wants to use a Remote Authentication Dial-In User Service (RADIUS) protocol to allow 5 user accounts to connect company laptops to an access point in the office. These are generic users and will not be updated often. Which of these internal sources would be appropriate to store these accounts in?

  • Active Directory
  • LDAP
  • Flat file
  • SQL database

Leave a Reply