A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?
A. Multifactor authentication
B. Single factor authentication
C. Separation of duties
D. Identification
Correct Answer: B
Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server.
Incorrect Answers:
A: Multifactor authentication requires a user to provide two or more authentication factors in order to access a given system.
C: Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators.
D: Identification only proves who the user is, it will not give access.
Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?
A. Hard tokens
B. Fingerprint readers
C. Swipe badge readers
D. Passphrases
Correct Answer: B
A multifactor authentication method uses two or more processes for logon. A twofactor method might use smart cards and biometrics for logon. For obvious reasons, the two or more factors employed should not be from the same category.
Incorrect Answers:
A: Hard tokens would fall in the same category as smart cards.
C: Swipe badge readers are in the same category as smart cards.
D: Passphrases fall in the same category as password usage.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 133
Question 613:
A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?
A. Enforce Kerberos
B. Deploy smart cards
C. Time of day restrictions
D. Access control lists
Correct Answer: C
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours.
Incorrect Answers:
A: Kerberos makes use of encryption keys as tickets with time stamps to prove identity and grant access to resources. It will not prevent staff members from logging on during nonworking days.
B: Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that allows you to physically access secure facilities.
It will not prevent staff members from logging on during nonworking days.
D: Access Control List (ACL) specifies which users are allowed or refused the different types of available access based on the object type. It will not prevent staff members from logging on during nonworking days.
Which of the following security concepts can prevent a user from logging on from home during the weekends?
A. Time of day restrictions
B. Multifactor authentication
C. Implicit deny
D. Common access card
Correct Answer: A
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion.
Incorrect Answers:
B: Multifactor authentication requires a user to supply two or more authentication factors in order to prove their identity. This would not be restricted to weekends only.
C: Implicit deny says that if you aren't explicitly granted access or privileges for a resource, you're denied access by default. If this is true, time of the week will not be a factor.
D: Common Access Cards (CACs) are smart cards used by the U.S. government and military to physically access facilities.
The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?
A. Discretionary access control
B. Role-based access control
C. Time of Day access control
D. Mandatory access control
Correct Answer: C
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.
Incorrect Answers:
A: Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner. Since the sales team had access, and the restriction only kicked in after several hours, DAC cannot be responsible.
B: Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. Since the sales team needs to save and print reports, they would not be restricted if restrictions were role-based.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. Since they had access earlier, they clearly had the necessary classification.
Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?
A. Common access card
B. Role based access control
C. Discretionary access control
D. Mandatory access control
Correct Answer: B
Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. Incorrect Answers:
A: Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip. Common Access Cards (CACs) are the U.S. government and military version of a smart card.
C: Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner. It does not rely on job function.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. It does not rely on job function.
A company hired Joe, an accountant. The IT administrator will need to create a new account for Joe. The company uses groups for ease of management and administration of user accounts. Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?
A. Create a user account and assign the user account to the accounting group.
B. Create an account with role-based access control for accounting.
C. Create a user account with password reset and notify Joe of the account creation.
D. Create two accounts: a user account and an account with full network administration rights.
Correct Answer: B
Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. The IT administrator should,
therefore, create an account with role- based access control for accounting for Joe.
Incorrect Answers:
A: Assigning Joe's user account to the accounting group will not necessarily allow Joe the required access, as different users require different access.
C: Creating a user account with password reset will not allow Joe the required access, as permissions still have to be granted.
D: Doing this will give Joe more rights than is required.
During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?
A. Conditional rules under which certain systems may be accessed
B. Matrix of job titles with required access privileges
C. Clearance levels of all company personnel
D. Normal hours of business operation
Correct Answer: B
Role-based access control is a model where access to resources is determines by job role rather than by user account.
Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer- system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.
To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role.
Incorrect Answers:
A: For role-based access control, you don't need conditional rules under which certain systems may be accessed; you just need a list of roles and their associated privileges.
C: Clearance levels of all company personnel. Privileges are assigned based on job role rather than directly to individuals.
D: The hours of business operation are not required. Business hours are not related to assigning access privileges.
A security technician is working with the network firewall team to implement access controls at the company's demarc as part of the initiation of configuration management processes. One of the network technicians asks the security technician to explain the access control type found in a firewall. With which of the following should the security technician respond?
A. Rule based access control
B. Role based access control
C. Discretionary access control D. Mandatory access control
Correct Answer: A
Rule-based access control is used for network devices, such as firewalls and routers, which filter traffic based on filtering rules.
Incorrect Answers:
B: Basically, Role-based Access Control is based on a user's job description.
C: Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
A. Rule based access control
B. Mandatory access control
C. User assigned privilege
D. Discretionary access control
Correct Answer: D
Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner.
Incorrect Answers:
A: Rule-based access control is used for network devices that filter traffic based on filtering rules.
B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification.
C: User assigned privilege is when permissions are allowed or refused based on a specific individual user.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.