Jack is using smart cards for authentication. He is trying to classify the type of authentication for a report to his CIO. What type of authentication is Jack using?

1. Type I
2. Type II
3. Type III
4. Strong

Carole is responsible for various network protocols at her company. The network time protocol has been intermittently failing. Which of the following would be most affected?

1. Kerberos
2. RADIUS
3. CHAP
4. LDAP

You are selecting an authentication method for your company’s servers. You are looking for a method that periodically reauthenticates clients to prevent session hijacking. Which of the following would be your best choice?

1. PAP
2. SPAP
3. CHAP
4. OAUTH

Emiliano is working for a small company. His company is concerned about authentication and wants to implement biometrics using facial recognition and fingerprint scanning. How would this authentication be classified?

1. Type I
2. Type II
3. Type III
4. Strong

Lisa is setting up accounts for her company. She wants to set up accounts for the Oracle database server. Which of the following would be the best type of account to assign to the database service?

1. User
2. Guest
3. Admin
4. Service

You have been asked to select an authentication method that will support single sign-on, integrate with SAML, and work well over the Internet. Which of the following would be your best choice?

1. Shibboleth
2. OAUTH
3. SPAP
4. CHAP

Which authentication method was used as a native default for older versions of Microsoft Windows?

1. PAP
2. CHAP
3. OAUTH
4. NTLM

Carl has been asked to set up access control for a server. The requirements state that users at a lower privilege level should not be able to see or access files or data at a higher privilege level. What access control model would best fit these requirements?

1. MAC
2. DAC
3. RBAC
4. SAML

Clarice is concerned about an attacker getting information regarding network resources in her company. Which protocol should she implement that would be most helpful in mitigating this risk?

1. LDAP
2. TLS
3. SNMP
4. LDAPS

Ahmed is looking for an authentication protocol for his network. He is very concerned about highly skilled attackers. As part of mitigating that concern, he wants an authentication protocol that never actually transmits a user’s password, in any form. Which authentication protocol would be a good fit for Ahmed’s needs?

1. CHAP
2. Kerberos
3. RBAC
4. Type II

You work for a social media website. You wish to integrate your users’ accounts with other web resources. To do so, you need to allow authentication to be used across different domains, without exposing your users’ passwords to these other services. Which of the following would be most helpful in accomplishing this goal?

1. Kerberos
2. SAML
3. OAUTH
4. OpenID

Mary is trying to set up remote access to her network for salespeople in her company. Which protocol would be most helpful in accomplishing this goal?

1. RADIUS
2. Kerberos
3. CHAP
4. OpenID

Victor is trying to identify the protocol used by Windows for authentication to a server that is not part of the network domain. Which of the following would be most useful for Victor?

1. Kerberos
2. NTLM
3. OpenID
4. CHAP

You have been asked to find an authentication service that is handled by a third party. The service should allow users to access multiple websites, as long as they support the third-party authentication service. What would be your best choice?

1. OpenID
2. Kerberos
3. NTLM
4. Shibboleth

Abigail is implementing biometrics for her company. She is trying to get the false rejection rate and false acceptance rate to the same level. What is the term used for this?

1. Crossover error rate
2. Leveling
3. Balanced error rate
4. Remediation

Mia is responsible for website security for a bank. When a user forgets their password, she wants a method to give them a temporary password. Which of the following would be the best solution for this situation?

1. Facial recognition
2. Digital certificate authentication
3. RBAC
4. TOTP

George wants a secure authentication protocol that can integrate with RADIUS and can use digital certificates. Which of the following would be his best choice?

1. CHAP
2. 802.11i
3. 802.1x
4. OAUTH

Jacob is responsible for database server security in his company. He is very concerned about preventing unauthorized access to the databases. Which of the following would be the most appropriate for him to implement?

1. ABAC
2. TOTP
3. HIDS
4. DAMP

Mason is responsible for security at a company that has traveling salespeople. The company has been using ABAC for access control to the network. Which of the following is an issue that is specific to ABAC and might cause it to incorrectly reject logins?

1. Geographic location
2. Wrong password
3. Remote access is not allowed by ABAC.
4. Firewalls usually block ABAC.

You work for a U.S. defense contractor. You are setting up access cards that have chips embedded in them to provide access control for users in your company. Which of the following types of cards would be best for you to use?

1. CAC
2. PIV
3. NFC
4. Smart card

Darrell is concerned that users on his network have too many passwords to remember and might write down their passwords, thus creating a significant security risk. Which of the following would be most helpful in mitigating this issue?

1. OAUTH
2. SSO
3. OpenID
4. Kerberos

Fares is a security administrator for a large company. Occasionally, a user needs to access a specific resource that they don’t have permission to access. Which access control methodology would be most helpful in this situation?

1. Mandatory Access Control
2. Discretionary Access Control
3. Role-based Access Control
4. Rule-based Access Control

You are comparing biometric solutions for your company, and the product you pick must have an appropriate False Acceptance Rate (FAR). Which of the following best describes FAR?

1. How often an unauthorized user is granted access by mistake
2. How readily users accept the new technology, based on ease of use
3. How often an authorized user is not granted access
4. How frequently the system is offline

Amelia is looking for a network authentication method that can use digital certificates and does not require end users to remember passwords. Which of the following would best fit her requirements?

1. OAUTH
2. Tokens
3. OpenID
4. RBAC

You are responsible for setting up new accounts for your company network. What is the most important thing to keep in mind when setting up new accounts?

1. Password length
2. Password complexity
3. Account age
4. Least privileges

Stefan just became the new security officer for a university. He is concerned that student workers who work late on campus could try and log in with faculty credentials. Which of the following would be most effective in preventing this?

1. Time of day restrictions
2. Usage auditing
3. Password length
4. Credential management

Jennifer is concerned that some people in her company have more privileges than they should. This has occurred due to people moving from one position to another, and having cumulative rights that exceed the requirements of their current jobs. Which of the following would be most effective in mitigating this issue?

1. Permission auditing
2. Job rotation
3. Preventing job rotation
4. Separation of duties

Chloe has noticed that users on her company’s network frequently have simple passwords made up of common words. Thus, they have weak passwords. How could Chloe best mitigate this issue?

1. Increase minimum password length.
2. Have users change passwords more frequently.
3. Require password complexity.
4. Implement Single Sign-On (SSO).

Bart is looking for a remote access protocol for his company. It is important that the solution he selects support multiple protocols and use a reliable network communication protocol. Which of the following would be his best choice?

1. RADIUS
2. TACACS+
3. NTLM
4. CHAP

You are looking for an authentication method that has one-time passwords and works well with the Initiative for Open Authentication. However, the user should have unlimited time to use the password. Which of the following would be your best choice?

1. CHAP
2. TOTP
3. HOTP
4. ABAC

Gerard is trying to find a flexible remote access protocol that can use either TCP or UDP. Which of the following should he select?

1. RADIUS
2. DIAMETER
3. TACACS+
4. TACACS

Emiliano is considering voice recognition as part of his access control strategy. What is one weakness with voice recognition?

1. People’s voices change.
2. Systems require training.
3. High false negative rate
4. High false positive rate

You are explaining facial recognition to a colleague. What is the most significant drawback to implementing facial recognition?

1. These systems can be expensive.
2. These systems can be fooled with facial hair, glasses, etc.
3. These systems have a high false positive rate.
4. The systems require a long time to observe a face.

Mohanned is responsible for account management at his company. He is very concerned about hacking tools that rely on rainbow tables. Which of the following would be most effective in mitigating this threat?

1. Password complexity
2. Password age
3. Password expiration
4. Password length

Mary is a security administrator for a mid-sized company. She is trying to securely offboard employees. What should she do with the network account for an employee who is being off-boarded?

1. Disable the account.
2. Delete the account.
3. Change the account password.
4. Leave the account as is.

Your supervisor tells you to implement security based on your users’ physical characteristics. Under which type of security would hand scanning and retina scanning fall?

1. CHAP
2. Multifactor
3. Biometrics
4. Token

What port does TACACS use?

1. TCP 143
2. TCP and UDP 49
3. TCP 443
4. UDP 53

A company-wide policy is being created to define various security levels. Which of the following systems of access control would use documented security levels like Confidential or Secret for information?

1. RBAC
2. MAC
3. DAC
4. BBC

There is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and privileges than what is required for the tasks the user needs to fulfill. This is the opposite of what principle?

1. Separation of duties
2. Least privileges
3. Transitive trust
4. Account management

Users in your network are able to assign permissions to their own shared resources. Which of the following access control models is used in your network?

1. DAC
2. RBAC
3. MAC
4. ABAC

John is performing a port scan of a network as part of a security audit. He notices that the domain controller is using secure LDAP. Which of the following ports would lead him to that conclusion?

1. 53
2. 389
3. 443
4. 636

Which of the following access control methods grants permissions based on the user’s position in the organization?

1. MAC
2. RBAC
3. DAC
4. ABAC

Which of the following can be used as a means for dual-factor authentication?

1. Password and PIN number
2. RADIUS and L2TP
3. LDAP and WPA
4. Iris scan and password

Kerberos uses which of the following to issue tickets?

1. Authentication service
2. Certificate authority
3. Ticket-granting service
4. Key distribution center

A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described?

1. Token
2. Two-factor
3. Kerberos
4. Biometrics

Samantha is looking for an authentication method that incorporates the X.509 standard and will allow authentication to be digitally signed. Which of the following authentication methods would best meet these requirements?

1. Certificate-based authentication
2. OAUTH
3. Kerberos
4. Smart cards

Your company relies heavily on cloud and SaaS service providers such as salesforce.com, Office365, and Google. Which of the following would you have security concerns about?

1. LDAP
2. TACACS+
3. SAML
4. Transitive trust

Greg is responsible for database security for his company. He is concerned about authentication and permissions. Which of the following should be his first step?

1. Implement minimum password length.
2. Implement password lockout.
3. Conduct a permissions audit.
4. Ensure least privileges.

Which of the following is a step in account maintenance?

1. Implement two-factor authentication.
2. Check for time of day restrictions.
3. Review onboarding processes.
4. Check to see that all accounts are for active employees.

Tyrell works as a security officer for a mid-sized bank. All the employees only work in the office; there are no employees who work remotely or travel for company business. Tyrell is concerned about someone using an employee’s login credentials to access the bank’s network. Which of the following would be most effective in mitigating this threat?

1. Kerberos authentication
2. TOTP
3. Location-based policies
4. Group-based access control

Henry is an employee at Acme Company. The company requires him to change his password every three months. He has trouble remembering new passwords, so he keeps switching between just two passwords. Which policy would be most effective in preventing this?

1. Password complexity
2. Password history
3. Password length
4. Password age

Sheila is concerned that some users on her network may be accessing files that they should not—specifically, files that are not required for their job tasks. Which of the following would be most effective in determining if this is happening?

1. Usage auditing and review
2. Permissions auditing and review
3. Account maintenance
4. Policy review

In which of the following scenarios would using a shared account pose the least security risk?

1. For a group of tech support personnel
2. For guest Wi-Fi access
3. For students logging in at a university
4. For accounts with few privileges

Which of the following is not a part of password complexity?

1. Using both uppercase and lowercase letters
2. Minimum password length
3. Using numbers
4. Using symbols (such as $, #, etc.)

Jane is setting up login accounts for federated identities. She wants to avoid requiring the users to remember login credentials and allow them to use their logins from the originating network. Which of the following technologies would be most suitable for implementing this?

1. Credential management
2. OAUTH
3. Kerberos
4. Shibboleth

Sam is responsible for password management at a large company. Sometimes users cannot recall their passwords. What would be the best solution for him to address this?

1. Changing password history length
2. Implementing password recovery
3. Eliminating password complexity
4. Lengthening password age

You are a security administrator for an insurance company. You have discovered that there are a few active accounts for employees who left the company over a year ago. Which of the following would best address this issue?

1. Password complexity
2. Offboarding procedures
3. Onboarding procedures
4. Password expiration

Maria is responsible for security at a small company. She is concerned about unauthorized devices being connected to the network. She is looking for a device authentication process. Which of the following would be the best choice for her?

1. CHAP
2. Kerberos
3. 802.11i
4. 802.1x

Laura is a security admin for a mid-sized mortgage company. She wants to ensure that the network is using the most secure login and authentication scheme possible. Which of the following would be her best choice?

1. Iris scanning
2. Fingerprint scanning
3. Multifactor authentication
4. Smart cards

Charles is a CISO for an insurance company. He recently read about an attack wherein an attacker was able to enumerate all the network resources, and was able to make some resources unavailable. All this was done by exploiting a single protocol. Which protocol should Charles secure to mitigate this attack?

1. SNMP
2. LDAP
3. HTTP
4. DHCP

Robert is using PAP for authentication in his network. What is the most significant weakness in PAP?

1. Unsigned authentication
2. Single factor
3. Credentials sent in cleartext
4. PAP does not support TACACS+.

You are responsible for account access control and authorization at a large university. There are approximately 30,000 students and 1,200 faculty/staff for whom you must manage accounts. Which of the following would be the best access control/account management approach?

1. Group-based
2. Location-based
3. MAC
4. DAC

Which of the following is most important in managing account permissions?

1. Account recertification
2. Usage auditing
3. Standard naming conventions
4. Account recovery

Which of the following would be the best choice for naming the account of John Smith, who is a domain administrator?

1. dm_jsmith
2. jsmithAdmin
3. AdministratorSmith
4. jsmith

Megan is very concerned about file system security on her network servers. Which of the following is the most basic form of file system security?

1. Encryption
2. Access control
3. Auditing
4. RAID

Karen is responsible for account security in her company. She has discovered a receptionist whose account has a six-character password that has not been changed in two years, and her password history is not being maintained. What is the most significant problem with this account?

1. Nothing, this is adequate for a low-security position.
2. The password length is the most significant problem.
3. The lack of password history is the most significant problem.
4. The age of the password is the most significant problem.

When you’re offboarding an employee, which of the following is the first thing you should do?

1. Audit their computer.
2. Conduct an out-processing questionnaire.
3. Disable accounts.
4. Delete accounts.

Which of the following is a difference between TACACS and TACACS+?

1. TACACS uses TCP, TACACS+ uses UDP
2. TACACS uses UDP, TACACS+ uses TCP
3. TACACS uses TCP or UDP, TACACS+ uses UDP
4. TACACS uses UDP, TACACS+ uses UDP or TCP

Greg is considering using CHAP or MS-CHAPv2 for authenticating remote users. Which of the following is a major difference between the two protocols?

1. CHAP uses a hash for the challenge, MS-CHAPv2 uses AES.
2. CHAP provides mutual authentication, MS-CHAPv2 does not.
3. CHAP uses AES for the challenge, MS-CHAPv2 uses a hash.
4. MS-CHAPv2 provides mutual authentication, CHAP does not.

Terrance is looking for a physical access solution that uses asymmetric cryptography (public key cryptography) to authorize the user. What type of solution is this?

1. Asynchronous password token
2. Challenge response token
3. TOTP token
4. Static password token

Which access control model is based on the Trusted Computer System Evaluation Criteria (TCSEC)?

1. ABAC
2. MAC
3. RBAC
4. DAC

Mary is responsible for the security of database servers at a mortgage company. The servers are Windows Server 2016. She is concerned about file system security. Which of the following Microsoft features would be most helpful to her in implementing file system security?

1. Password policies
2. EFS
3. Account lockout
4. UAC

Santiago manages database security for a university. He is concerned about ensuring that appropriate security measures are implemented. Which of the following would be most important to database security?

1. Password policies
2. Antivirus
3. EFS
4. Access control policies

Ingrid is reviewing her company’s recertification policy. Which of the following is the best reason to recertify?

1. To audit usage
2. To enhance onboarding
3. To audit permissions
4. To manage credentials

Emma is concerned about credential management. Users on her network often have over a half-dozen passwords to remember. She is looking for a solution to this problem. Which of the following would be the best way to address this issue?

1. Implement a manager.
2. Use shorter passwords.
3. Implement OAUTH.
4. Implement Kerberos.

Magnus is concerned about someone using a password cracker on computers in his company. He is concerned that crackers will attempt common passwords in order to log in to a system. Which of the following would be best for mitigating this threat?

1. Password age restrictions
2. Password minimum length requirements
3. Account lockout policies
4. Account usage auditing

Lucas is looking for an XML-based open standard for exchanging authentication information. Which of the following would best meet his needs?

1. SAML
2. OAUTH
3. RADIUS
4. NTLM

Which of the following processes transpires when a user provides a correct username and password?

1. Identification
2. Authentication
3. Authorization
4. Accounting

Min-seo is looking for a type of access control that enforces authorization rules by the operating system. Users cannot override authentication or access control policies. Which of the following best fits this description?

1. DAC
2. MAC
3. RBAC
4. ABAC

Hinata is considering biometric access control solutions for her company. She is concerned about the crossover error rate (CER). Which of the following most accurately describes the CER?

1. The rate of false acceptance
2. The rate of false rejection
3. The point at which false rejections outpace false acceptances
4. The point at which false rejections and false acceptances are equal

Joshua is looking for an authentication protocol that would be effective at stopping session hijacking. Which of the following would be his best choice?

1. CHAP
2. PAP
3. SPAP
4. RADIUS

David is trying to select an authentication method for his company. He needs one that will support REST as well as multiple web-based and mobile clients. Which of the following would be his best choice?

1. Shibboleth
2. RADIUS
3. OpenID Connect
4. OAuth

Phillip is examining options for controlling physical access to the server room at his company. He wants a hands-free solution. Which of the following would be his best choice?

1. Smart cards
2. Proximity cards
3. Tokens
4. Fingerprint scanner

Which of the following is the most significant disadvantage of federated identities?

1. They cannot be used with Kerberos.
2. They don’t implement least privileges.
3. Poor password management
4. Transitive trust

Max is implementing type II authentication for his company. Which of the following would be an example of type II authentication?

1. Strong passwords
2. Retinal scan
3. Smart cards
4. Timed one-time passwords

Nicole is implementing a server authentication method that depends on a TPM in the server. Which of the following best describes this approach?

1. Hardware-based access control
2. Software-based access control
3. Digital certificate–based access control
4. Chip-based access control