59 What type of access control is typically used by firewalls?Discretionary access controlsRule-based access controlsTask-based access controlMandatory access controls
60 When you input a user ID and password, you are performing what important identity and access management activity?AuthorizationValidationAuthenticationLogin
61 Kathleen works for a data center hosting facility that provides physical data center space for individuals and organizations. Until recently, each client was given a magnetic-strip-based keycard to access the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, a number of servers have been stolen, but the logs for the passcards show only valid IDs. What is Kathleen's best option to make sure that the users of the passcards are who they are supposed to be?Add a reader that requires a PIN for passcard users.Add a camera system to the facility to observe who is accessing servers.Add a biometric factor.Replace the magnetic stripe keycards with smartcards.
62 Theresa wants to allow her staff to securely store and manage passwords for systems including service accounts and other rarely used administrative credentials. What type of tool should she implement to enable this?Single sign-onA federated identity systemA password managerA multifactor authentication system
63 Olivia wants to limit the commands that a user can run via sudo to limit the potential for privilege escalation attacks. What Linux file should she modify to allow this?The bash .bin configuration fileThe sudoers fileThe bash .allowed configuration fileThe sudont file
64 Which objects and subjects have a label in a MAC model?Objects and subjects that are classified as Confidential, Secret, or Top Secret have a label.All objects have a label, and all subjects have a compartment.All objects and subjects have a label.All subjects have a label and all objects have a compartment.For questions 65–67, please refer to the following scenario and diagram:Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are given the choice between using their Google account using OAuth 2.0 or creating a new account on the platform using their own email address and a password of their choice.
65 When the e-commerce application creates an account for a Google user, where should that user's password be stored?The password is stored in the e-commerce application's database.The password is stored in memory on the e-commerce application's server.The password is stored in Google's account management system.The password is never stored; instead, a salted hash is stored in Google's account management system.
66 Which of the following is responsible for user authentication for Google users?The e-commerce application.Both the e-commerce application and Google servers.Google servers.The diagram does not provide enough information to determine this.
67 What type of attack is the creation and exchange of state tokens intended to prevent?XSSCSRFSQL injectionXACML
68 Questions like “What is your pet's name?” are examples of what type of identity proofing?Knowledge-based authenticationDynamic knowledge-based authenticationOut-of-band identity proofingA Type 3 authentication factor
69 Madhuri creates a table that includes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempts to access an object, the systems check the table to ensure that the subject has the appropriate rights to the objects. What type of access control system is Madhuri using?A capability tableAn access control listAn access control matrixA subject/object rights management system
70 During a review of support tickets, Ben's organization discovered that password changes accounted for more than a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly?Two-factor authenticationBiometric authenticationSelf-service password resetPassphrases
71 Brian's large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unencrypted information transferred during authentication. How should Brian implement encryption for RADIUS?Use the built-in encryption in RADIUS.Implement RADIUS over its native UDP using TLS for protection.Implement RADIUS over TCP using TLS for protection.Use an AES256 pre-shared cipher between devices.
72 Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that?KerberosOAuthOpenIDLDAP
73 Ben's organization has had an issue with unauthorized access to applications and workstations during the lunch hour when employees aren't at their desk. What are the best types of session management solutions for Ben to recommend to help prevent this type of access?Use session IDs for all access and verify system IP addresses of all workstations.Set session timeouts for applications and use password-protected screensavers with inactivity timeouts on workstations. Use session IDs for all applications, and use password-protected screensavers with inactivity timeouts on workstations.Set session timeouts for applications and verify system IP addresses of all workstations.
74 What type of authentication scenario is shown in the following diagram?Hybrid federationOn-premise federationCloud federationKerberos federation
75 Chris wants to control access to his facility while still identifying individuals. He also wants to ensure that the individuals are the people who are being admitted without significant ongoing costs. Which solutions from the following options would meet all of these requirements? (Select all that apply.)Security guards and photo identification badgesRFID badges and readers with PIN padsMagstripe badges and readers with PIN padsSecurity guards and magstripe readers
76 A device like Yubikey or Titan Security Key is what type of Type 2 authentication factor?A tokenA biometric identifierA smart cardA PIV
77 What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API?SAMLShibbolethOpenID ConnectHiggins
78 Jim wants to implement an access control scheme that will ensure that users cannot delegate access. He also wants to enforce access control at the operating system level. What access control mechanism best fits these requirements?Role-based access controlDiscretionary access controlMandatory access controlAttribute-based access control
79 The security administrators at the company that Susan works for have configured the workstation she uses to allow her to log in only during her work hours. What type of access control best describes this limitation?Constrained interfaceContext-dependent controlContent-dependent controlLeast privilege
80 Ben uses a software-based token that changes its code every minute. What type of token is he using?AsynchronousSmart cardSynchronousStatic
81 Firewalls are an example of what type of access control mechanism?Mandatory access controlAttribute-based access controlDiscretionary access controlRule-based access control
82 Michelle works for a financial services company and wants to register customers for her web application. What type of authentication mechanism could she use for the initial login if she wants to quickly and automatically verify that the person is who they claim to be without having a previous relationship with them?Request their Social Security number.Use knowledge-based authentication. Perform manual identity verification.Use a biometric factor.
83 Megan's company wants to use Google accounts to allow users to quickly adopt their web application. What common cloud federation technologies will Megan need to implement? (Select all that apply.)KerberosOpenIDOAuthRADIUS
84 Session ID length and session ID entropy are both important to prevent what type of attack?Denial of serviceCookie theftSession guessingMan-in-the-middle attacks
85 The access control system for Naomi's organization checks if her computer is fully patched, if it has a successful clean anti-malware scan, and if the firewall is turned on among other security validations before it allows