CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [37]
a. Tokens
b. Certificate
c. Smart card
d. Kerberos
Answers to Review Questions
1. A. Physical security is primarily concerned with the loss or theft of physical assets. This would include theft, fire, and other acts that physically deny a service or information to the organization.
2. A. Mandatory Access Control (MAC) is oriented toward preestablished access. This access is typically established by network administrators and can’t be changed by users.
3. C. Role-Based Access Control (RBAC) allows specific people to be assigned to specific roles with specific privileges. A backup operator would need administrative privileges to back up a server. This privilege would be limited to the role and wouldn’t be present during the employee’s normal job functions.
4. B. Kerberos uses a Key Distribution Center (KDC) to authenticate a principle. The KDC provides a credential that can be used by all Kerberos-enabled servers and applications.
5. D. Challenge Handshake Authentication Protocol (CHAP) sends a challenge to the originating client. This challenge is sent back to the server, and the encryption results are compared. If the challenge is successful, the client is logged on.
6. A. A multi-factor authentication method uses two or more processes for logon. A two-factor method might use smart cards and biometrics for logon.
7. B. The private address range includes IP addresses between 192.168.0.0 and 192.168.255.255.
8. D. Network Address Translation (NAT) is a method of hiding TCP/IP addresses from other networks. The Internet, intranets, and extranets are the three most common security zones in use.
9. A. Network Address Translation (NAT) allows an organization to present a single address to the Internet. Typically, the router or NAT server accomplishes this. The router or NAT server maps all inbound and outbound requests and maintains a table for returned messages.
10. A. Virtual local area networks (VLANs) break a large network into smaller networks. These networks can coexist on the same wiring and be unaware of each other. A router or other routing-type device would be needed to connect these VLANs.
11. B. Authentication is a service that requests the principal user to provide proof of their identity. A retinal scan is a very secure form of evidence used in high-security companies and government agencies.
12. B. Biometric technologies rely on a physical characteristic of the user to verify identity. Biometric devices typically use either a hand pattern or a retinal scan to accomplish this.
13. A. Tunneling allows a network to make a secure connection to another network through the Internet or other network. Tunnels are usually secure and present themselves as extensions of both networks.
14. A. Asset identification is the process of identifying the types and values of assets in an organization.
15. C. A threat assessment examines the potential for internal and external threats to your systems and information.
16. D. Accountability involves identifying who owns or is responsible for the accuracy of certain information in an organization. The department or individual that is accountable for certain information would also be responsible for verifying accuracy in the event of a data-tampering incident.
17. A. Your first step would be to verify that the user’s antivirus software is the most current version. This includes checking the virus definition files.
18. A. System logs will frequently tell you what was accessed and in what manner. These logs are usually explicit in describing the events that occurred during a security violation.
19. B. A DMZ is an area in a network that allows access to outside users while not exposing your internal users to additional threats.
20. A. Tokens are created when a user or system