Mike Chapple

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests


Скачать книгу

using OAuth.Use an on-premises third-party identity service.Integrate on-site systems using SAML.Design an internal solution to handle the organization's unique needs.

      3 Which of the following is not a weakness in Kerberos?The KDC is a single point of failure.Compromise of the KDC would allow attackers to impersonate any user.Authentication information is not encrypted.It is susceptible to password guessing.

      4 Voice pattern recognition is what type of authentication factor?Something you knowSomething you haveSomething you areSomewhere you are

      5 If Susan's organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct authentication factor types has she used?OneTwoThreeFour

      6 Charles wants to deploy a credential management system (CMS). He wants to keep the keys as secure as possible. Which of the following is the best design option for his CMS implementation?Use AES-256 instead of 3DES.Use long keys. Use an HSM.Change passphrases regularly.

      7 Brian is a researcher at a major university. As part of his research, he logs into a computing cluster hosted at another institution using his own university's credentials. Once logged in, he is able to access the cluster and use resources based on his role in a research project, as well as using resources and services in his home organization. What has Brian's home university implemented to make this happen?Domain stackingFederated identity managementDomain nestingHybrid login

      8 Place the following steps in the order in which they occur during the Kerberos authentication process.Client/server ticket generatedTGT generatedClient/TGS key generatedUser accesses serviceUser provides authentication credentials5, 3, 2, 1, 45, 4, 2, 1, 33, 5, 2, 1, 45, 3, 1, 2, 4

      9 What major issue often results from decentralized access control?Access outages may occur.Control is not consistent.Control is too granular.Training costs are high.

      10 Callback to a landline phone number is an example of what type of factor?Something you knowSomewhere you areSomething you haveSomething you are

      11 Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create?A shortcut trustA forest trustAn external trustA realm trust

      12 Which of the following AAA protocols is the most commonly used?TACACSTACACS+XTACACSSuper TACACS

      13 Which of the following is not a single sign-on implementation?KerberosADFSCASRADIUS

      14 As shown in the following image, a user on a Windows system is not able to use the Send Message functionality. What access control model best describes this type of limitation?Least privilegeNeed to know Constrained interfaceSeparation of duties

      15 What type of access controls allow the owner of a file to grant other users access to it using an access control list?Role-basedNondiscretionaryRule-basedDiscretionary

      16 Alex's job requires him to see protected health information (PHI) to ensure proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control?Separation of dutiesConstrained interfacesContext-dependent controlNeed to knowFor questions 17–19, please use your knowledge of the Kerberos logon process and refer to the following diagram:

      17 At point A in the diagram, the client sends the username and password to the KDC. How is the username and password protected?3DES encryptionTLS encryption SSL encryptionAES encryption

      18 At point B in the diagram, what two important elements does the KDC send to the client after verifying that the username is valid?An encrypted TGT and a public keyAn access ticket and a public keyAn encrypted, time-stamped TGT and a symmetric key encrypted with a hash of the user's passwordAn encrypted, time-stamped TGT and an access token

      19 What tasks must the client perform before it can use the TGT?It must generate a hash of the TGT and decrypt the symmetric key.It must accept the TGT and decrypt the symmetric key.It must decrypt the TGT and the symmetric key.It must send a valid response using the symmetric key to the KDC and must install the TGT.

      20 Jacob is planning his organization's biometric authentication system and is considering retina scans. What concern may be raised about retina scans by others in his organization?Retina scans can reveal information about medical conditions.Retina scans are painful because they require a puff of air in the user's eye.Retina scanners are the most expensive type of biometric device.Retina scanners have a high false positive rate and will cause support issues.

      21 Mandatory access control is based on what type of model?DiscretionaryGroup-basedLattice-basedRule-based

      22 Greg wants to control access to iPads used throughout his organization as point-of-sale terminals. Which of the following methods should he use to allow logical access control for the devices in a shared environment?Use a shared PIN for all point-of-sale terminals to make them easier to use.Use OAuth to allow cloud logins for each user.Issue a unique PIN to each user for the iPad they are issued.Use Active Directory and user accounts for logins to the iPads using the AD userID and password.

      23 What is the best way to provide accountability for the use of identities?LoggingAuthorizationDigital signaturesType 1 authentication

      24 Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights?Re-provisioningAccount reviewPrivilege creepAccount revocation

      25 Biba is what type of access control model?MACDACRole BACABAC

      26 Which of the following is a client/server protocol designed to allow network access servers to authenticate remote users by sending access request messages to a central server?KerberosEAPRADIUSOAuth

      27 Henry is working with a web application development team on their authentication and authorization process for his company's new application. The team wants to make session IDs as secure as possible. Which of the following is not a best practice that Henry should recommend?The session ID token should be predictable.The session ID should have at least 64 bits of entropy.The session length should be at least 128 bits.The session ID should be meaningless.

      28 Angela uses a sniffer to monitor traffic from a RADIUS server configured with default settings. What protocol should she monitor, and what traffic will she be able to read?UDP, none. All RADIUS traffic is encrypted.TCP, all traffic but the passwords, which are encrypted. UDP, all traffic but the passwords, which are encrypted.TCP, none. All RADIUS traffic is encrypted.

      29 What type of access control best describes NAC's posture assessment capability?A mandatory access controlA risk-based access controlA discretionary access controlA role-based access control

      30 When an application or system allows a logged-in user to perform specific actions, it is an example of what?RolesGroup managementLoginsAuthorization

      31 Alex has been employed by his company for more than a decade and has held a number of positions in the company. During an audit, it is discovered that he has access to shared folders and applications because of his former roles. What issue has Alex's company encountered?Excessive provisioningUnauthorized accessPrivilege creepAccount review

      32 Geoff wants to prevent privilege escalation attacks in his organization. Which of the following practices is most likely to prevent horizontal privilege escalation?Multifactor authenticationLimiting permissions for groups and accountsDisabling unused ports and servicesSanitizing user inputs to applications

      33 Jim's Microsoft Exchange environment includes servers that are located in local data centers at multiple business offices around the world as well as an Office 365 deployment for employees who are not located at one of those offices. Identities are created and used in both environments and will work in both. What type of federated system is Jim running?A primary cloud systemA primary on-premise systemA hybrid systemA multitenant system

      34 What type of access control scheme is shown in the following table?Highly SensitiveRedBlueGreenConfidentialPurpleOrangeYellowInternal UseBlackGrayWhitePublicClearClearClearRBACDACMACTBAC

      35 Michelle's company is creating a new division by splitting the marketing and communications departments into