THE COMPTIA SECURITY+ EXAM SY0-501 TOPICS COVERED IN THIS CHAPTER INCLUDE THE FOLLOWING: Jack is using smart cards for authentication. He is trying to classify the type of authentication for a report to his CIO. What type of authentication is Jack using? Carole is responsible for various network protocols at her company. The network time protocol has been intermittently failing. Which of the following would be most affected? You are selecting an authentication method for your company’s servers. You are looking for a method that periodically reauthenticates clients to prevent session hijacking. Which of the following would be your best choice? Emiliano is working for a small company. His company is concerned about authentication and wants to implement biometrics using facial recognition and fingerprint scanning. How would this authentication be classified? Lisa is setting up accounts for her company. She wants to set up accounts for the Oracle database server. Which of the following would be the best type of account to assign to the database service? You have been asked to select an authentication method that will support single sign-on, integrate with SAML, and work well over the Internet. Which of the following would be your best choice? Which authentication method was used as a native default for older versions of Microsoft Windows? Carl has been asked to set up access control for a server. The requirements state that users at a lower privilege level should not be able to see or access files or data at a higher privilege level. What access control model would best fit these requirements? Clarice is concerned about an attacker getting information regarding network resources in her company. Which protocol should she implement that would be most helpful in mitigating this risk? Ahmed is looking for an authentication protocol for his network. He is very concerned about highly skilled attackers. As part of mitigating that concern, he wants an authentication protocol that never actually transmits a user’s password, in any form. Which authentication protocol would be a good fit for Ahmed’s needs? You work for a social media website. You wish to integrate your users’ accounts with other web resources. To do so, you need to allow authentication to be used across different domains, without exposing your users’ passwords to these other services. Which of the following would be most helpful in accomplishing this goal? Mary is trying to set up remote access to her network for salespeople in her company. Which protocol would be most helpful in accomplishing this goal? Victor is trying to identify the protocol used by Windows for authentication to a server that is not part of the network domain. Which of the following would be most useful for Victor? You have been asked to find an authentication service that is handled by a third party. The service should allow users to access multiple websites, as long as they support the third-party authentication service. What would be your best choice? Abigail is implementing biometrics for her company. She is trying to get the false rejection rate and false acceptance rate to the same level. What is the term used for this? Mia is responsible for website security for a bank. When a user forgets their password, she wants a method to give them a temporary password. Which of the following would be the best solution for this situation? George wants a secure authentication protocol that can integrate with RADIUS and can use digital certificates. Which of the following would be his best choice? Jacob is responsible for database server security in his company. He is very concerned about preventing unauthorized access to the databases. Which of the following would be the most appropriate for him to implement? Mason is responsible for security at a company that has traveling salespeople. The company has been using ABAC for access control to the network. Which of the following is an issue that is specific to ABAC and might cause it to incorrectly reject logins? You work for a U.S. defense contractor. You are setting up access cards that have chips embedded in them to provide access control for users in your company. Which of the following types of cards would be best for you to use? Darrell is concerned that users on his network have too many passwords to remember and might write down their passwords, thus creating a significant security risk. Which of the following would be most helpful in mitigating this issue? Fares is a security administrator for a large company. Occasionally, a user needs to access a specific resource that they don’t have permission to access. Which access control methodology would be most helpful in this situation? You are comparing biometric solutions for your company, and the product you pick must have an appropriate False Acceptance Rate (FAR). Which of the following best describes FAR? Amelia is looking for a network authentication method that can use digital certificates and does not require end users to remember passwords. Which of the following would best fit her requirements? You are responsible for setting up new accounts for your company network. What is the most important thing to keep in mind when setting up new accounts? Stefan just became the new security officer for a university. He is concerned that student workers who work late on campus could try and log in with faculty credentials. Which of the following would be most effective in preventing this? Jennifer is concerned that some people in her company have more privileges than they should. This has occurred due to people moving from one position to another, and having cumulative rights that exceed the requirements of their current jobs. Which of the following would be most effective in mitigating this issue? Chloe has noticed that users on her company’s network frequently have simple passwords made up of common words. Thus, they have weak passwords. How could Chloe best mitigate this issue? Bart is looking for a remote access protocol for his company. It is important that the solution he selects support multiple protocols and use a reliable network communication protocol. Which of the following would be his best choice? You are looking for an authentication method that has one-time passwords and works well with the Initiative for Open Authentication. However, the user should have unlimited time to use the password. Which of the following would be your best choice? Gerard is trying to find a flexible remote access protocol that can use either TCP or UDP. Which of the following should he select? Emiliano is considering voice recognition as part of his access control strategy. What is one weakness with voice recognition? You are explaining facial recognition to a colleague. What is the most significant drawback to implementing facial recognition? Mohanned is responsible for account management at his company. He is very concerned about hacking tools that rely on rainbow tables. Which of the following would be most effective in mitigating this threat? Mary is a security administrator for a mid-sized company. She is trying to securely offboard employees. What should she do with the network account for an employee who is being off-boarded? Your supervisor tells you to implement security based on your users’ physical characteristics. Under which type of security would hand scanning and retina scanning fall? What port does TACACS use? A company-wide policy is being created to define various security levels. Which of the following systems of access control would use documented security levels like Confidential or Secret for information? There is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges than what is required for the tasks the user needs to fulfill. This is the opposite of what principle? Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network? John is performing a port scan of a network as part of a security audit. He notices that the domain controller is using secure LDAP. Which of the following ports would lead him to that conclusion? Which of the following access control methods grants permissions based on the user’s position in the organization? Which of the following can be used as a means for dual-factor authentication? Kerberos uses which of the following to issue tickets? A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described? Samantha is looking for an authentication method that incorporates the X.509 standard and will allow authentication to be digitally signed. Which of the following authentication methods would best meet these requirements? Your company relies heavily on cloud and SaaS service providers such as salesforce.com, Office365, and Google. Which of the following would you have security concerns about? Greg is responsible for database security for his company. He is concerned about authentication and permissions. Which of the following should be his first step? Which of the following is a step in account maintenance? Tyrell works as a security officer for a mid-sized bank. All the employees only work in the office; there are no employees who work remotely or travel for company business. Tyrell is concerned about someone using an employee’s login credentials to access the bank’s network. Which of the following would be most effective in mitigating this threat? Henry is an employee at Acme Company. The company requires him to change his password every three months. He has trouble remembering new passwords, so he keeps switching between just two passwords. Which policy would be most effective in preventing this? Sheila is concerned that some users on her network may be accessing files that they should not—specifically, files that are not required for their job tasks. Which of the following would be most effective in determining if this is happening? In which of the following scenarios would using a shared account pose the least security risk? Which of the following is not a part of password complexity? Jane is setting up login accounts for federated identities. She wants to avoid requiring the users to remember login credentials and allow them to use their logins from the originating network. Which of the following technologies would be most suitable for implementing this? Sam is responsible for password management at a large company. Sometimes users cannot recall their passwords. What would be the best solution for him to address this? You are a security administrator for an insurance company. You have discovered that there are a few active accounts for employees who left the company over a year ago. Which of the following would best address this issue? Maria is responsible for security at a small company. She is concerned about unauthorized devices being connected to the network. She is looking for a device authentication process. Which of the following would be the best choice for her? Laura is a security admin for a mid-sized mortgage company. She wants to ensure that the network is using the most secure login and authentication scheme possible. Which of the following would be her best choice? Charles is a CISO for an insurance company. He recently read about an attack wherein an attacker was able to enumerate all the network resources, and was able to make some resources unavailable. All this was done by exploiting a single protocol. Which protocol should Charles secure to mitigate this attack? Robert is using PAP for authentication in his network. What is the most significant weakness in PAP? You are responsible for account access control and authorization at a large university. There are approximately 30,000 students and 1,200 faculty/staff for whom you must manage accounts. Which of the following would be the best access control/account management approach? Which of the following is most important in managing account permissions? Which of the following would be the best choice for naming the account of John Smith, who is a domain administrator? Megan is very concerned about file system security on her network servers. Which of the following is the most basic form of file system security? Karen is responsible for account security in her company. She has discovered a receptionist whose account has a six-character password that has not been changed in two years, and her password history is not being maintained. What is the most significant problem with this account? When you’re offboarding an employee, which of the following is the first thing you should do? Which of the following is a difference between TACACS and TACACS+? Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which of the following is a major difference between the two protocols? Terrance is looking for a physical access solution that uses asymmetric cryptography (public key cryptography) to authorize the user. What type of solution is this? Which access control model is based on the Trusted Computer System Evaluation Criteria (TCSEC)? Mary is responsible for the security of database servers at a mortgage company. The servers are Windows Server 2016. She is concerned about file system security. Which of the following Microsoft features would be most helpful to her in implementing file system security? Santiago manages database security for a university. He is concerned about ensuring that appropriate security measures are implemented. Which of the following would be most important to database security? Ingrid is reviewing her company’s recertification policy. Which of the following is the best reason to recertify? Emma is concerned about credential management. Users on her network often have over a half-dozen passwords to remember. She is looking for a solution to this problem. Which of the following would be the best way to address this issue? Magnus is concerned about someone using a password cracker on computers in his company. He is concerned that crackers will attempt common passwords in order to log in to a system. Which of the following would be best for mitigating this threat? Lucas is looking for an XML-based open standard for exchanging authentication information. Which of the following would best meet his needs? Which of the following processes transpires when a user provides a correct username and password? Min-seo is looking for a type of access control that enforces authorization rules by the operating system. Users cannot override authentication or access control policies. Which of the following best fits this description? Hinata is considering biometric access control solutions for her company. She is concerned about the crossover error rate (CER). Which of the following most accurately describes the CER? Joshua is looking for an authentication protocol that would be effective at stopping session hijacking. Which of the following would be his best choice? David is trying to select an authentication method for his company. He needs one that will support REST as well as multiple web-based and mobile clients. Which of the following would be his best choice? Phillip is examining options for controlling physical access to the server room at his company. He wants a hands-free solution. Which of the following would be his best choice? Which of the following is the most significant disadvantage of federated identities? Max is implementing type II authentication for his company. Which of the following would be an example of type II authentication? Nicole is implementing a server authentication method that depends on a TPM in the server. Which of the following best describes this approach?