Practice Questions

You are the network administrator responsible for selecting the access control method that will be used for a new kiosk system to be used in a local museum. The museum's donors want to have full access to information on all items, but visitors should only have access to those items in current displays. Which forms of access control would be most appropriate to this requirement? [Choose the two best answers.]

• A. Discretionary Access Control (DAC)

• B. Mandatory Access Control (MAC)

• C. Role-Based Access Control (RBAC)

• D. Rule-Based Access Control (RBAC)

Answers B and C are correct. A MAC solution involving labels such as DONOR and DISPLAY would suffice for the user access assignment. A Role-Based Access Control solution involving the roles of User and Donor would also be appropriate. Answer A is incorrect because the complexity of assigning by- user access rights over each item's files would involve a large amount of administrative overhead. Answer D is incorrect because the complexity of the requirement is not great enough to involve detailed conditional testing.

The relative strength of a password is a measure of how difficult it is to guess or cryptographically break. Of the following, which is the strongest password?

• A. Username: Jane Fields, Password: t1ns3lt0wn

• B. Username: Robert Shaw, Password: bobshaw

• C. Username: John Doe, Password: PaSsWoRd

• D. Username: Tina Weeks, Password: 7days

Answer A is correct. It is the strongest password because it contains the best variety of numbers and letters . Answer B is incorrect and the weakest password because it contains no numbers and no mix of uppercase and lowercase letters. Answer C is the second weakest password and is incorrect because it only contains letters. Answer D is the third-weakest password and is incorrect because it only contains one number and all lowercase letters.

A Public Key Infrastructure relies on what type of authentication?

• A. The exchange of tickets by the client and service

• B. Public and private keys

• C. Something you have along with something you know

• D. A device that stores information on a user

Answer B is correct. A Public Key Infrastructure uses public and private keys. Answer A is incorrect because shared tickets are utilized by the Kerberos authentication process. Answer C is incorrect because something you have along with something you know is an example of multifactor authentication. Answer D is incorrect because it describes a token.

When reviewing user access to a service or resource, what is the order of operation?

• A. Access must be granted first and then authentication occurs.

• B. Authentication occurs first and then access is determined.

• C. Authentication and access control occur separately at the same time.

• D. A user's access rights are determined by the method of authentication used.

Answer B is correct. Before access rights can be determined, a user must first be authenticated. Answers A and C are incorrect because authentication must precede access rights determination to avoid granting an unauthorized account access rights. Answer D is incorrect because the processes of authentication and access rights determination are not explicitly dependent on one another.

Which type of authentication involves comparison of two values calculated using the Message Digest (MD5) hashing algorithm?

• A. Biometric authentication

• B. Challenge Handshake Authentication Protocol (CHAP)

• C. Kerberos authentication

• D. Mutual authentication

• E. Public Key Infrastructure (PKI)

Answer B is correct. The Challenge Handshake Authentication Protocol uses two compared values created using the MD5 hashing algorithm. Answer A is incorrect because biometric authentication relies on biological patterns rather than calculated values. Answers C and D are incorrect because Kerberos and mutual authentication schemes involve timestamped ticket-based key exchange or time-based random code exchange rather than an MD5 calculated value. Answer E is incorrect because a PKI solution involves the use of digital certificates rather than a calculated hashed value.

Many different keys may be used to perform user authentication. Which of the following are biometric authentication types? [Choose all correct answers.]

• A. One-use passcode

• B. Voice recognition

• C. Fingerprint

• D. Smartcard

• E. Facial recognition

• F. Iris identification

Answers B, C, E, and F are correct. These are all biometric authentication types. Answers A and D are incorrect because they are token authentication types.

Which of the following is an example of the use of an asymmetric encryption method?

• A. Biometric authentication

• B. Challenge Handshake Authentication Protocol (CHAP)

• C. Kerberos authentication

• D. Username and password

• E. Public Key Infrastructure (PKI)

Answer E is correct. A PKI solution involves an asymmetric encryption scheme in which a public key is used to encrypt data and a separate private key is used to decrypt the data. Answer A is incorrect because biometric identification relies on biological patterns and not encrypted values. Answers B and C are incorrect because both CHAP and Kerberos authentication involve the use of symmetric encryption schemes, where the same key values are used to calculate or encrypt and decrypt data by both client and service. Answer D is incorrect because the username and password are simply available values and don't involve encryption.

You are the network administrator responsible for selecting the access control method that will be used for a new parking garage. Members of the Board of Directors must always be granted access, whereas other staff members should only be granted access to the parking garage when spaces are available. Visitors should be allowed access only during normal business hours. What form of access control would be best for this scenario?

• A. Discretionary Access Control (DAC)

• B. Mandatory Access Control (MAC)

• C. Role-Based Access Control (RBAC)

• D. Rule-Based Access Control (RBAC)

Answer D is correct. A Rule-Based Access Control solution would allow detailed conditional testing of the user's account type as well as the time of day and day of the week in order to allow or deny access. Answers A and B are incorrect because both solutions do not allow for conditional testing. Answer C is also incorrect because Role-Based Access Control involves testing against role-assigned access rights rather than by other qualities, such as a test for normal working hours.

Which of the following might be used in multifactor authentication? [Choose all correct answers.]

• A. Biometric authentication

• B. Challenge Handshake Authentication Protocol (CHAP)

• C. Kerberos authentication

• D. Username and password

• E. Public Key Infrastructure (PKI)

Answers A, B, C, D, and E are correct. Any combination of authentication methods may be used in a multifactor solution.

You are presented with an authentication scheme in which Computer A calculates a code it sends to Computer B, Computer B returns a calculated code based on the one from Computer A as well as one of its own, and then Computer A returns a calculated code to Computer B based on its transmitted code. What type of authentication is this?

• A. Biometric authentication

• B. Challenge Handshake Authentication Protocol (CHAP)

• C. Kerberos authentication

• D. Mutual authentication

• E. Public Key Infrastructure (PKI)

Answer D is correct. In mutual authentication, both computers exchange calculated values and verify a returned code based on these. Answer A is incorrect because biometric authentication involves comparisons against stored biological values. Answer B is incorrect because CHAP is service-demanded and does not provide verification back to the client that the service is also authentic . Answer C is incorrect because Kerberos provides end-to-end security using symmetric key cryptography. Answer E is incorrect because PKI authentication involves the exchange and comparison of keys or certificates issued by a third agent (the Certificate Authority) rather than by direct negotiation between the two systems.