Question 1

Kira needs to implement multifactor authentication for one of the new cloud applications. She needs to include something that you have and something that you know. Which of the following would meet those requirements? (Choose two.)

Accepted Answer

Smart card reader (something you have) and Password (something you know) meet the requirements for multifactor authentication by combining a physical token and a knowledge factor.

Question 2

Caroline is trying to access one of her company's custom cloud-based web applications. She sees a bright red screen advising that there is a security problem with the site and that she should not trust the contents of it. Which of the following most likely occurred that an administrator should probably check first?

Accepted Answer

The bright red screen warning about a security problem is typically shown by web browsers when there's an issue with the site's SSL/TLS certificate, such as expiration. This is the first thing an administrator should check.

Question 3

Sean has implemented an automatic account locking policy that will lock a user account after 5 invalid attempts. Which of the following types of attacks will this help thwart?

Accepted Answer

This policy is specifically designed to prevent brute force attacks, where an attacker tries multiple passwords in the hope of guessing the correct one. By locking the account after a few failed attempts, it significantly reduces the effectiveness of such attacks.

Question 4

Kevin is implementing SSO functionality for his organization. Which of the following authentication standards could he use to implement it?

Accepted Answer

SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, specifically, between an identity provider and a service provider. This makes it suitable for implementing Single Sign-On (SSO) functionality, allowing users to log in once and access multiple systems without re-authenticating.

Question 5

Otis wants to give a mobile app short-term access to a resource without having to store long-term user credentials (such as access keys) in the app. Which of the following describes the method he can use to do that?

Accepted Answer

Roles can be used to grant temporary access to resources without needing to store long-term credentials. By assuming a role, the app can obtain temporary security credentials to access resources.

Question 6

Martin is running an analysis on the logs from one of the web servers that resides on the company's private cloud. He finds that some users are accessing a site they shouldn't be able to, as the firewall should have rules to prevent them from accessing the server. Which of the following might be how they were able to access the site?

Accepted Answer

The answer of Martin is running an analysis on the...

Question 7

Alex is the network administrator for a Windows Server network. Which of the following is most likely in use to manage the users and other resources on that network?

Accepted Answer

Active Directory (AD) is the service used on Windows Server networks to manage users, computers, and other resources within a network environment. It allows for centralized management and facilitates authentication and authorization.

Question 8

Darius manages a directory of users for one of the domains within his organization. Which of the following describes the protocol in use for querying the directory?

Accepted Answer

LDAP (Lightweight Directory Access Protocol) is the protocol used for querying and modifying items in a directory service, like a directory of users within an organization's domain.

Question 9

Blake has been examining the logs on one of the servers that he is responsible for that is hosted on a cloud service provider. He finds an instance where one of the employees has managed to give himself unauthorized administrative access on the server. Which of the following has occurred?

Accepted Answer

Privilege escalation occurs when someone gains unauthorized access or permissions beyond their intended level, in this case, administrative access on the server.

Question 10

Bianca manages the e-mail server for Fictional Corp. All of the employees' e-mails are encrypted using the user's keys. One of the user's certificates expires, so a new certificate is installed. However, now they can no longer access their archived e-mails. Which of the following does Bianca need to do to give this user access to their archived e-mails?

Accepted Answer

The user cannot access their archived emails because they were encrypted with the old certificate's keys. Importing the keys from the old certificate allows for decryption of these emails, and re-encrypting them with the new certificate's keys restores access under the new security credentials.

Question 11

Sharon is having trouble logging into the new cloud-based web application that her small company uses. It asks whether she wants to use a local account or an OpenID account. Which of the following is used by OpenID in order to implement authentication?

Accepted Answer

OpenID uses OAuth for authentication, allowing users to log in with their existing accounts from other services without creating a new password.

Question 12

Milo has set up smart cards for users in the company's main office. He wants to tie them into the authentication systems so that users can log into their workstations with them as well as access certain resources. Which of the following does he need to assign to each user in order to make this integration work?

Accepted Answer

Digital certificates are used in conjunction with smart cards to authenticate users to systems and resources. They contain the user's identity and can be used to securely log into workstations and access resources when integrated with authentication systems.

Question 13

Cody suspects that his company has been the subject of an attack after reports from multiple users that they are missing files. He examines the logs and sees where it appears that the user logged in successfully for each of the users in question and that the strong encryption protocol was enforced and used each time. Which of the following may have occurred?

Accepted Answer

Given that the logs show successful logins and the use of strong encryption, it's unlikely that the attack was technical (like packet sniffing, dictionary attack, or brute force) because these methods would not typically result in successful logins without detection. Social engineering, however, involves manipulating individuals into breaking normal security procedures, such as by giving away their login credentials, which would allow for successful logins as seen in the logs.

Question 14

Tia has run a report on one of the Linux servers she manages and sees that one of the users has not changed their password in over two years. Which of the following parameters should she configure on the server?

Accepted Answer

To ensure that users change their passwords regularly, Tia should configure the password expiration policy. This setting forces users to update their passwords after a specified period, addressing the issue of a user not changing their password for over two years.

Question 15

Fred is trying to access the company's cloud-based CRM system while traveling abroad in Europe. He receives a message that access to this application is not allowed from the country he is currently in and lists the IP address detected by his connection. Which of the following factors of authentication is the CRM system using?

Accepted Answer

The CRM system is using "Somewhere you are" as a factor of authentication, which is determined by the user's geographical location or IP address.

Question 16

Rose is implementing digital certificates for all of the users in her organization. Which of the following certificate types should she use?

Accepted Answer

The answer of Rose is implementing digital certificates for all...

Question 17

Piper is auditing the accounts on the cloud platform her company uses. She sees a master user that retains complete access and action permissions no matter what permissions are also given to the other users. Which of the following is the username for that account?

Accepted Answer

The root account in cloud platforms (such as AWS) is the master user account that has complete access to all resources in the account. It retains full permissions regardless of the permissions given to other users.

Quiz 7: Identity and Access Management