Skip to content

Page260

Summary of Exam Objectives

If one thinks of the castle analogy for security, access control would be the moat and castle walls. Identity and access management ensures that the border protection mechanisms, from both a logical and physical viewpoint, are secured. The purpose of access control is to allow authorized users access to appropriate data and deny access to unauthorized users—this is also known as limiting subjects’ access to objects. Even though this task is a complex and involved one, it is possible to implement a strong access control program without overburdening the users who rely on access to the system.

Protecting the CIA triad is another key aspect to implementing access controls. Maintaining confidentiality, integrity, and availability is of utmost importance. Maintaining security over the CIA of a system means enacting specific procedures for data access. These procedures will change depending on the functionality the users require and the sensitivity of the data stored on the system.

Self-Test

Note:
Please see the Self-Test Appendix for explanations of all correct and incorrect answers.

  1. What type of password-cracking attack will always be successful?
    A. Brute Force
    B. Dictionary
    C. Hybrid
    D. Rainbow Table

  2. What is the difference between password cracking and password guessing?
    A. They are the same
    B. Password guessing attempts to log into the system; password cracking attempts to determine a password used to create a hash
    C. Password guessing uses salts; password cracking does not
    D. Password cracking risks account lockout; password guessing does not

  3. Two users on the same system have the same password, but different hashes are stored in the /etc/shadow file. What is the most likely reason the hashes are different?
    A. The usernames are different, so the hashes will be different
    B. Use of multiple hashing algorithms
    C. Use of rainbow tables
    D. Use of salts

  4. What authentication method exposes the password in cleartext?
    A. CHAP
    B. Kerberos
    C. PAP
    D. OIDC

  5. What are the main differences between retina scans and iris scans?
    A. Retina scans are not invasive and iris scans are
    B. Iris scans invade a person’s privacy and retina scans do not
    C. Iris scans change depending on the person’s health; retina scans are stable
    D. Retina scans change depending on the person’s health; iris scans are stable

  6. What is the most important decision an organization needs to make when implementing RBAC?
    A. Each user’s security clearance needs to be finalized
    B. The roles users have on the system need to be clearly defined
    C. Users’ data needs to be clearly labeled
    D. Users must be segregated from one another on the IT system to prevent spillage of sensitive data

  7. What access control method could scrutinize additional factors such as time of attempted access before granting access?
    A. Discretionary access control
    B. Attribute-based access control
    C. Role-based access control
    D. Rule-based access control

  8. What service is known as cloud identity, and allows organizations to leverage cloud services for identity management?
    A. IaaS
    B. IDaaS
    C. PaaS
    D. SaaS

  9. A type II biometric is also known as what?
    A. Crossover Error Rate (CER)
    B. Equal Error Rate (EER)
    C. False Accept Rate (FAR)
    D. False Reject Rate (FRR)

  10. Within Kerberos, which part is the single point of failure?
    A. The Ticket Granting Ticket
    B. The Realm
    C. The Key Distribution Center
    D. The Client-Server session key