Quix8 - D5 - 50Q

Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are given the choice between using their Google account using OAuth 2.0 or creating a new account on the platform using their own email address and a password of their choice. When the e-commerce application creates an account for a Google user, where should that user’s password be stored?

Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are given the choice between using their Google account using OAuth 2.0 or creating a new account on the platform using their own email address and a password of their choice. Which system or systems is/are responsible for user authentication for Google users?

What type of attack is the creation and exchange of state tokens intended to prevent?

Questions like “What is your pet’s name?” are examples of what type of identity proofing?

Lauren builds a table that includes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempts to access an object, the systems check the table to ensure that the subject has the appropriate rights to the objects. What type of access control system is Lauren using?

During a review of support incidents, Ben’s organization discovered that password changes accounted for more than a quarter of its help desk’s cases. Which of the following options would be most likely to decrease that number significantly?

Brian’s large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unencrypted information transferred during authentication. How should Brian implement encryption for RADIUS?

Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?

Ben’s organization has had an issue with unauthorized access to applications and workstations during the lunch hour when employees aren’t at their desk. What are the best types of session management solutions for Ben to recommend to help prevent this type of access?

The financial services company that Susan works for provides a web portal for its users. When users need to verify their identity, the company uses information from third-party sources to ask questions based on their past credit reports, such as “Which of the following streets did you live on in 2007?” What process is Susan’s organization using?

What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API?

Jim has Secret clearance and is accessing files that use a mandatory access control scheme to apply the Top Secret, Secret, Confidential, and Unclassified label scheme. What classification levels of data can he access, provided that he has a valid need-to-know?

The security administrators at the company that Susan works for have configured the workstation she uses to allow her to log in only during her work hours. What type of access control best describes this limitation?

Which of the following is not an access control layer?

Ben uses a software-based token that changes its code every minute. What type of token is he using?

What type of token-based authentication system uses a challenge/response process in which the challenge has to be entered on the token?

Ben’s organization is adopting biometric authentication for its high-security building’s access control system. Ben’s company is considering configuring its systems to work at the level shown by point A on the diagram. To what level is it setting the sensitivity?

Ben’s organization is adopting biometric authentication for its high-security building’s access control system. At point B, what problem is likely to occur?

Ben’s organization is adopting biometric authentication for its high-security building’s access control system. What should Ben do if the FAR and FRR shown in this diagram does not provide an acceptable performance level for his organization’s needs?

What LDAP authentication mode can provide secure authentication?

Which of the following Type 3 authenticators is appropriate to use by itself rather than in combination with other biometric factors?

What danger is created by allowing the OpenID relying party to control the connection to the OpenID provider?

Jim is implementing a cloud identity solution for his organization. What type of technology is he putting in place?

RAID-5 is an example of what type of control?

When Alex sets the permissions shown in the following image as one of many users on a Linux server, what type of access control model is he leveraging?

What open protocol was designed to replace RADIUS—including support for additional commands and protocols, replacing UDP traffic with TCP, and providing for extensible commands—but does not preserve backward compatibility with RADIUS?

LDAP distinguished names (DNs) are made up of comma-separated components called relative distinguished names (RDNs) that have an attribute name and a value. DNs become less specific as they progress from left to right. Which of the following LDAP DNs best fits this rule?

Susan is troubleshooting Kerberos authentication problems with symptoms including TGTs that are not accepted as valid and an inability to receive new tickets. If the system she is troubleshooting is properly configured for Kerberos authentication, her username and password are correct, and her network connection is functioning, what is the most likely issue?

Kerberos, KryptoKnight, and SESAME are all examples of what type of system?

Which of the following access control categories would not include a door lock?

What authentication protocol does Windows use by default for Active Directory systems?

Alex configures his LDAP server to provide services on 636 and 3269. What type of LDAP services has he configured based on LDAP’s default ports?

Which of the following is best described as an access control model that focuses on subjects and identifies the objects that each subject can access?

Jim’s organization-wide implementation of IDaaS offers broad support for cloud-based applications. Jim’s company does not have inhouse identity management staff and does not use centralized identity services. Instead, they rely upon Active Directory for AAA services. Which of the following options should Jim recommend to best handle the company’s onsite identity needs?

Which of the following is not a weakness in Kerberos?

Voice pattern recognition is what type of authentication factor?

If Susan’s organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct authentication factor types has she used?

Which of the following items are not commonly associated with restricted interfaces?

During a log review, Saria discovers a series of logs that show login failures, as shown here: Jan 31 11:39:12 ip-10-0-0-2 sshd[29092]: Invalid user admin from remotehost passwd=orange Jan 31 11:39:20 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=Orang3 Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=Orange93 Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid user admin from remotehost passwd=Orangutan1 Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=Orangemonkey What type of attack has Saria discovered?

What major issue often results from decentralized access control?

Callback to a landline phone number is an example of what type of factor?

Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create?

Which of the following AAA protocols is the most commonly used?

Which of the following is not a single sign-on implementation?

As shown in the following image, a user on a Windows system is not able to use the “Send Message” functionality. What access control model best describes this type of limitation?

What type of access controls allow the owner of a file to grant other users access to it using an access control list?

Alex’s job requires him to see protected health information (PHI) to ensure proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control?

Use your knowledge of the Kerberos logon process and the following diagram. At point A in the diagram, the client sends the username and password to the KDC. How is the username and password protected?

Use your knowledge of the Kerberos logon process and the following diagram. At point B in the diagram, what two important elements does the KDC send to the client after verifying that the username is valid?

Use your knowledge of the Kerberos logon process and the following diagram. What tasks must the client perform before it can use the TGT?