Chapter 02 – Understanding Identity and Access Management

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 2

1 / 111

What capabilities does the ’Full control’ NTFS permission provide to users?

2 / 111

What is the role of the Key Distribution Center (KDC) in the Kerberos network authentication mechanism?

3 / 111

Which of the following is NOT a key characteristic of voice recognition as a method of biometric authentication?

4 / 111

Which role in SAML is an entity providing services to principals?

5 / 111

In the role-BAC scheme, how do administrators commonly grant access?

6 / 111

What is an example of a dynamic rule in rule-based access control?

7 / 111

Which of the following descriptions correctly defines the term ’Accounting’ in the context of AAA?

8 / 111

What are the characteristics of a service account in the context of credential policies?

9 / 111

In SAML, what is the function of the Principal?

10 / 111

What does the ’Something You Can Do’ authentication factor refer to in terms of Microsoft Windows 10?

11 / 111

What type of account commonly requires long, complex passwords that should not expire?

12 / 111

What does an iris scanner use for recognition and how does it capture this information?

13 / 111

What is the first step in a biometric authentication system?

14 / 111

What does ’False acceptance’ in a biometric system refer to?

15 / 111

Which element is NOT typically included in an ABAC policy statement?

16 / 111

Which of the following is NOT a characteristic used by facial recognition systems in biometrics?

17 / 111

What is a characteristic of gait analysis as a method of biometric authentication?

18 / 111

What does a high False Rejection Rate (FRR) in a biometric system indicate?

19 / 111

What is one of the requirements for Kerberos to work properly?

20 / 111

Which of the following best describes the ’Object’ in an Attribute-Based Access Control (ABAC) scheme?

21 / 111

What does ’True acceptance’ mean in the context of a biometric system?

22 / 111

What does ’Account lockout threshold’ refer to in the context of account lockout policies on Microsoft systems?

23 / 111

Which type of account is most often associated with regular users or the personnel working in organizations?

24 / 111

Which of the following is NOT one of the access control schemes mentioned in the text?

25 / 111

What permissions does an administrator have in Microsoft Project Server?

26 / 111

What does the ’Modify’ permission in NTFS allow a user to do?

27 / 111

Which of the following best describes a strong password according to the text?

28 / 111

Why might an organization prefer to disable a user account rather than deleting it?

29 / 111

What is the primary benefit of OpenID Connection (OIDC) for an application?

30 / 111

What is a primary function of a password vault?

31 / 111

What are the additional requirements for a service account set by credential policies?

32 / 111

Which type of account pertains to external entities that have access to a network?

33 / 111

What are the uses of Password Keys?

34 / 111

What do credential policies require for administrator and root accounts?

35 / 111

What does ’Account lockout duration’ refer to in the context of Microsoft system security policies?

36 / 111

Which of the following best describes the ’Read & execute’ NTFS permission in Linux?

37 / 111

What does the ’Write’ permission allow in NTFS?

38 / 111

Why is it necessary to change default passwords on systems and devices before usage?

39 / 111

What is the primary purpose of authentication in an IT security context?

40 / 111

What does the ’Subject’ typically refer to in an ABAC policy?

41 / 111

What is commonly done with the Guest account in most organizations, according to the text?

42 / 111

Which group of technologies is most commonly used in the ’Somewhere You Are’ authentication attribute?

43 / 111

What are some objections to using retina scanners for biometric authentication?

44 / 111

What is typically considered as ’Subjects’ in an access control scheme?

45 / 111

What type of biometric authentication method is commonly used by laptop computers, smartphones and USB flash drives?

46 / 111

What does the Mandatory Access Control (MAC) scheme use to determine access?

47 / 111

Within the context of authentication attributes, what is an example of ’Something You Exhibit’?

48 / 111

What is the main function of role-Based Access Control?

49 / 111

What does the NIST SP-800-63B state about two-step authentication via SMS?

50 / 111

What might be a possible reason for organizations to prefer disabling user accounts over deleting them?

51 / 111

What does a password expiration setting identifies?

52 / 111

What is the term for when a biometric system incorrectly rejects a recognized user?

53 / 111

What is the role of a Service Provider in Security Assertion Markup Language (SAML)?

54 / 111

What does ’True rejection’ refer to in the context of biometric systems?

55 / 111

What is the recommended procedure for managing user accounts when an employee is on an extended leave of absence according to the material?

56 / 111

Which is an example of a signal used in Microsoft’s Conditional Access policies within Active Directory environments?

57 / 111

What does the ’Read & execute’ permission allow a user to do in a Microsoft NTFS filesystem?

58 / 111

How do vein matching systems in biometric authentication work?

59 / 111

What is the least secure form of authentication factor?

60 / 111

What is the primary benefit of Single sign-on (SSO) in a network?

61 / 111

Why should personnel not use shared or generic accounts according to account management policies?

62 / 111

What are the three different meanings of MAC within the context of CompTIA Security+

63 / 111

Who is responsible for defining the access for subjects and objects in a system?

64 / 111

What are the four elements typically included in an Attribute-Based Access Control (ABAC) policy statement?

65 / 111

In the context of an organization’s disablement policy, why is disabling preferred over deleting the account for a terminated employee?

66 / 111

What is the function of a time-based login?

67 / 111

What is a fundamental feature of Microsoft’s Conditional Access within Azure Active Directory environments?

68 / 111

What information can be determined from authentication log entries?

69 / 111

In the role-BAC scheme in Microsoft Project Server, what level of access do Project Managers have?

70 / 111

What does the ’Modify’ permission enable users to do in NTFS?

71 / 111

What does the ’Something You Have’ authentication factor refer to in CompTIA Security+ SY0-701?

72 / 111

What is the role of ’Executives’ in Microsoft Project Server?

73 / 111

What is the benefit of requiring administrators to use two accounts?

74 / 111

What is the purpose of labels in the MAC scheme?

75 / 111

What is the purpose of the constantly changing number displayed on a token key?

76 / 111

Which authentication factor does the ’something you know’ category typically refer to?

77 / 111

What is a key difference between HMAC-based One-Time Password (HOTP) and Time-based One-Time Password (TOTP)?

78 / 111

What is the principle called which suggests giving the users only the account permissions they need to perform their job?

79 / 111

What does the term ’someone you know’ imply in the context of cybersecurity and trust models?

80 / 111

What is a DACL in the context of Microsoft Systems?

81 / 111

What is one of the common signals that Conditional Access policies use in a Microsoft Azure Active Directory environment?

82 / 111

What does the DAC scheme emphasis regarding object ownership within the Microsoft NTFS system?

83 / 111

Why is it often required by account management policies for each user to have at least one account?

84 / 111

What is the role of objects in an access control scheme?

85 / 111

What is the concept of just-in-time administration in the context of Privileged Access Management?

86 / 111

What is the difference between Static KBA and Dynamic KBA?

87 / 111

Which of the following statements about shared and generic account/credentials is true?

88 / 111

What are important aspects of password security that organizations should provide training on, according to the text?

89 / 111

What is the purpose of an account audit?

90 / 111

Why are shared accounts discouraged in account management policies?

91 / 111

What is the role of the Key Distribution Center (KDC) in Kerberos authentication?

92 / 111

What is the primary purpose of SSO?

93 / 111

What is the primary purpose of Authentication attributes in system security?

94 / 111

What is the role of an Identity provider (IdP) in the context of Security Assertion Markup Language (SAML)?

95 / 111

Why is it often detrimental to security if users constantly reuse the same password?

96 / 111

What does the concept of ’’Roles Based on Jobs and Functions’ imply in the context of an organization with multiple departments?

97 / 111

Why are shared or generic accounts often prohibited in account management policies?

98 / 111

What are some of the requirements for Kerberos to work properly?

99 / 111

What is a common goal of authentication services that prevents unencrypted credentials from being sent across a network?

100 / 111

What is the role of an owner in the discretionary access control (DAC) scheme?

101 / 111

Which of the following statements about embedded certificates in smart cards is true?

102 / 111

What is the function of the VIP Access app created by Symantec, as utilized within authentication applications?

103 / 111

What is the level of access typically granted to ’Team Members’ in a role-Based Access Control (BAC) scheme on a Microsoft Project Server?

104 / 111

Why does Kerberos version 5 require all systems to be synchronized and within five minutes of each other?

105 / 111

In an Attribute-Based Access Control (ABAC) system, what does the Action element represent?

106 / 111

Why should administrators avoid using shared or generic accounts?

107 / 111

What are the main functions of the embedded certificates in a smart card?

108 / 111

What is a common signal used within Conditional Access policies in Microsoft’s Azure Active Directory environments?

109 / 111

What does the ’something you are’ authentication factor use for authentication?

110 / 111

What are some of the security features provided by smart cards?

111 / 111

What is the primary function of a federated identity management system in single sign on (SSO) systems?

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Anki deck of CompTIA A+ Practice Questions images

Free CompTIA Security+ Practice Test – Chapter 01: Mastering Security Basics

Mastering Security Basics for CompTIA Security+ is essential for anyone pursuing the certification. This chapter offers free practice questions to help you strengthen your foundational security knowledge. Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 01: Mastering Security Basics. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

  • Skill Enhancement: Covers essential security basics and concepts crucial for the CompTIA Exam and vulnerability management, including Identity and Access Management for CompTIA Security+.
  • Career Advancement: Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.
  • Vulnerability Management: Master the art of managing security vulnerabilities, a key skill in the field of cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

 

Explore our other free practice tests:
Share the Post:

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]
IT Course

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

Ready to get started your journey?
Cyber Course

The Affordable, Hands-On Cyber Security that gets Results!

Ready to get started your journey?

JOIN OUR

NEWSLETTER

Sign up for our free newsletters.

by joining 8000+ others in my weekly newsletter 

where you’ll get a dose of my thoughts on self-improvement, career,

and life!