Chapter 02 - Understanding Identity and Access Management

Ref: CompTIA Security Plus Get Certified Get Ahead SY0-701 Study Guide

CompTIA Security+ (SY0-701) – Chapter 2

1 / 111

Why might an organization prefer to disable a user account rather than deleting it?

A. To prevent the account from being used by the user again

B. To retain any encryption and security keys associated with the account

C. To permanently delete all files associated with the account

D. Consumes less resources to disable an account than to delete it

2 / 111

What is the role of objects in an access control scheme?

A. They receive authorization to access other entities

B. They grant authorization to subjects

C. They are typically users or groups that access other entities

D. They monitor actions of subjects

3 / 111

What is the first step in a biometric authentication system?

A. Users input a pin code

B. Users provide their login details

C. Users register with the authentication system

D. Users immediately prove their identity through biometrics

4 / 111

What does the ’Read & execute’ permission allow a user to do in a Microsoft NTFS filesystem?

A. Allows users to view and change file contents including deleting or adding files to a folder.

B. Provides users full control to do anything with a file and its permissions.

C. Allows a user to open and view the contents of a file.

D. Provides a user permission to run executable files, including scripts.

5 / 111

What is a DACL in the context of Microsoft Systems?

A. It is a type of security protocol.

B. It is a list of Access Control Entries (ACEs) tied to a Security Identifier (SID).

C. It is a predefined access privilege.

D. It is a term for a Microsoft System User.

6 / 111

How do vein matching systems in biometric authentication work?

A. They identify individuals based on the size, shape, and position of their veins.

B. They use near-infrared light to view the veins of an individual.

C. They scan the retina of one or both eyes to recognize individuals.

D. They identify individuals based on speech recognition methods.

7 / 111

What is a common goal of authentication services that prevents unencrypted credentials from being sent across a network?

A. To prevent unauthorized access

B. To prevent network congestion

C. To prevent credentials from being sent in cleartext

D. To prevent system overload

8 / 111

What is an example of a dynamic rule in rule-based access control?

A. Admin sets a rule to only allow HTTP traffic for web browsers

B. Intrusion prevention system detects an attack and modifies the rules to block traffic from attackers

C. Administrator creates rule to allow certain traffic into the network

D. Admin sets a rule that stays the same unless changed by an administrator

9 / 111

What does ’False acceptance’ in a biometric system refer to?

A. When a biometric system correctly identifies a registered user

B. When a biometric system incorrectly rejects a registered user

C. When a biometric system incorrectly identifies an unknown user as a registered user

D. When a biometric system correctly rejects an unknown user

10 / 111

What is the primary benefit of OpenID Connection (OIDC) for an application?

A. It increases the risk of exposing user credentials.

B. It requires the user to memorize another set of credentials.

C. It eliminates the need to manage user’s credentials and minimizes the risk of exposing them.

D. It cannot access any data in the user’s account.

11 / 111

What is a key difference between HMAC-based One-Time Password (HOTP) and Time-based One-Time Password (TOTP)?

A. HOTP uses a hash function, while TOTP uses a cryptographic key.

B. HOTP remains valid indefinitely until used, while TOTP expires after a set amount of time.

C. TOTP is more expensive than HOTP due to its proprietary algorithm.

D. HOTP uses a timestamp, while TOTP uses an incrementing counter.

12 / 111

What does the ’something you are’ authentication factor use for authentication?

A. Passwords

B. Biometrics

C. Security questions

D. Key fobs

13 / 111

Which of the following descriptions correctly defines the term ’Accounting’ in the context of AAA?

A. The process of claiming an identity, such as with a username or email address

B. Ensuring that users are granted access to all resources within a system

C. Tracking user activity and recording the activity in logs

D. The process of proving the claimed identity with a password

14 / 111

What is the benefit of requiring administrators to use two accounts?

A. It gives administrators a back-up account in case they forget their password

B. It reduces the exposure of the administrative account to an attack

C. It provides two different methods to access the system

D. It increases the security level of regular user accounts

15 / 111

What does ’True acceptance’ mean in the context of a biometric system?

A. The biometric system incorrectly identifies an unknown user as a registered user

B. The biometric system incorrectly rejects a registered user

C. The biometric system correctly identifies an unknown user

D. The biometric system correctly identifies a registered user

16 / 111

What is the primary purpose of authentication in an IT security context?

A. For the user to claim their identity

B. To enable mutual authentication

C. To maintain total anonymity

D. To prove a user’s identity with credentials

17 / 111

Why is it often required by account management policies for each user to have at least one account?

A. To support effective identification, authentication, authorization, and accounting

B. To facilitate communication between users

C. To save on disk space by reducing the number of accounts

D. To make it easier for administrators to manage users

18 / 111

What does the ’Write’ permission allow in NTFS?

A. Users can delete a file

B. Users can add files to a folder

C. Users can change the content of a file

D. Users have full control over a file and its permissions

19 / 111

What does a high False Rejection Rate (FRR) in a biometric system indicate?

A. The system correctly identifies a registered user

B. The system incorrectly rejects a registered user

C. The system incorrectly identifies an unknown user as a registered user

D. The system correctly rejected an unknown user.

20 / 111

Which of the following best describes the ’Object’ in an Attribute-Based Access Control (ABAC) scheme?

A. It’s the action the user is attempting to do.

B. It’s the resource (such as a file, database, or application) that the user is trying to access.

C. It’s an environmental attribute.

D. It’s the user trying to access the data.

21 / 111

What is the function of a time-based login?

A. It logs users off the system when the restricted time arrives

B. It allows users to access computers at any time

C. It restricts users from logging on to computers outside certain specified times

D. It deletes accounts of users who attempt to log in outside the specified times

22 / 111

What is the concept of just-in-time administration in the context of Privileged Access Management?

A. Administrators have continuous elevated privileges

B. Administrators only receive administrative privileges when they send a request for them.

C. Administrators must always know the password to access the privileged account

D. Administrators can access the privileged account at any time without checks

23 / 111

Why should personnel not use shared or generic accounts according to account management policies?

A. It prevents users from claiming an identity with an identifier such as a username.

B. It is impossible to determine the specific user who performed an action.

C. Users can not authenticate their identity using any method.

D. It enables users not authorized for resources to have access to them.

24 / 111

What is the main function of role-Based Access Control?

A. It is a method to bypass login credentials

B. It assigns rights and permissions directly to users

C. It uses roles to manage rights and permissions for users

D. It provides a hierarchy structure based on user’s job titles

25 / 111

Which of the following statements about embedded certificates in smart cards is true?

A. The embedded certificate holds a user’s public key.

B. The certificate can only be used for data encryption.

C. The smart card cannot provide non-repudiation.

D. The embedded certificates support cryptography for increased security.

26 / 111

Which group of technologies is most commonly used in the ’Somewhere You Are’ authentication attribute?

A. Internet Protocol (IP) address

B. Virtual Private Network (VPN)

C. Media Access Control (MAC) address

D. Geolocation

27 / 111

What is the role of the Key Distribution Center (KDC) in the Kerberos network authentication mechanism?

A. The KDC is responsible for synchronizing all system clocks within five minutes of each other.

B. The KDC is a database of user or subject objects.

C. The KDC issues ticket-granting tickets (TGTs) and packages user credentials within a ticket.

D. The KDC is a clock that time-stamps tickets to ensure they expire correctly.

28 / 111

What does the concept of ’’Roles Based on Jobs and Functions’ imply in the context of an organization with multiple departments?

A. Assigning roles to users based on their position in the company

B. Granting users the right to modify server settings irrespective of their department

C. Assigning all employees the same privileges on the server

D. Disabling the ability for users to access data from projects outside of their own department

29 / 111

What is the role of an owner in the discretionary access control (DAC) scheme?

A. The owner uses the system resources and hardware.

B. The owner establishes the software settings.

C. The owner installs the operating system.

D. The owner establishes access for objects such as files and folders.

30 / 111

What are the uses of Password Keys?

A. To encrypt data on systems

B. To reset passwords on systems

C. To protect systems from malware

D. To update system software

31 / 111

What is commonly done with the Guest account in most organizations, according to the text?

A. It is always kept active to allow easy access to the network.

B. It is generally disabled and only enabled in special situations.

C. It is designated for daily use by all employees.

D. It is used to provide general access to third-party accounts.

32 / 111

What might be a possible reason for organizations to prefer disabling user accounts over deleting them?

A. Deleting the accounts immediately frees up system resources

B. Disabling keeps the encryption and security keys associated with the accounts

C. Deleting accounts creates more security on the network

D. Disabling accounts costs the organization less money in IT expenses

33 / 111

Why should administrators avoid using shared or generic accounts?

A. To prevent privilege escalation attacks

B. They cannot implement basic authorization controls with shared accounts

C. To avoid logging conflicts when multiple users use the same account

D. All of the above

34 / 111

What is the purpose of the constantly changing number displayed on a token key?

A. It serves as a regular password that the user must remember

B. It is a unique identifier for the token key

C. It is a rolling one-time use password synced with a server

D. It is a countdown timer indicating the token key’s battery life

35 / 111

What is a fundamental feature of Microsoft’s Conditional Access within Azure Active Directory environments?

A. It only allows access from specific IP addresses or ranges.

B. It allows access solely based on group membership.

C. It is a policy with an if-then statement.

D. It allows access only from desktop PCs.

36 / 111

What are important aspects of password security that organizations should provide training on, according to the text?

A. Not reusing passwords and creating strong passwords

B. The importance of disclosing passwords to trustworthy colleagues

C. The use of common passwords like ’123456’

D. The use of simple passphrases such as ’ICanCountTo6.’

37 / 111

What is the primary benefit of Single sign-on (SSO) in a network?

A. It allows users to create weak passwords

B. It gives access to multiple systems with a single login

C. It encourages users to write down their passwords

D. It enhances the threat level by giving access to multiple systems with one set of credentials

38 / 111

What are some of the requirements for Kerberos to work properly?

A. A system of dispensing tickets for authentication, time synchronization, a database of users or subjects.

B. Antivirus software, multi-factor authentication, and a robust firewall.

C. A hardware token, a database of network addresses, and a robust firewall.

D. A Flash Application, a system of dispensing cookies for authentication, time synchronization.

39 / 111

What is the term for when a biometric system incorrectly rejects a recognized user?

A. False acceptance

B. True rejection

C. True acceptance

D. False rejection

40 / 111

What is the primary function of a federated identity management system in single sign on (SSO) systems?

A. It merges different networks into one.

B. It authenticates user credentials from different networks or operating systems as a single identity.

C. It creates a new identity for each network or operating system.

D. It ignores user credentials from different networks or operating systems.

41 / 111

Why are shared accounts discouraged in account management policies?

A. They undermine the individual authorization controls

B. They widen the system’s vulnerability to external attacks

C. They demand additional memory resources

D. They slow down system performance

42 / 111

What permissions does an administrator have in Microsoft Project Server?

A. Administrators have complete access only to the projects they manage

B. Administrators can access data from any project but do not have access to modify server settings

C. Administrators only have access to report on work assigned to them

D. Administrators have complete access and control over everything on the server

43 / 111

Which type of account pertains to external entities that have access to a network?

A. Administrator and root accounts

B. Service accounts

C. Device accounts

D. Third-party accounts

44 / 111

Which of the following is NOT a characteristic used by facial recognition systems in biometrics?

A. Size of the face compared with the rest of the body

B. The patterns on the person’s skin

C. The position of their eyes, nose, mouth, cheekbones, and jaw

D. The size and shape of their eyes, nose, mouth, cheekbones, and jaw

45 / 111

What is typically considered as ’Subjects’ in an access control scheme?

A. Files or folders accessed by users

B. The scheme which authorizes access

C. Users or groups that access objects

D. The principles ensuring security

46 / 111

What is the principle called which suggests giving the users only the account permissions they need to perform their job?

A. Principle of Maximum Privilege

B. Principle of Least Privilege

C. Principle of Balanced Privilege

D. Principle of Exceptional Privilege

47 / 111

Which role in SAML is an entity providing services to principals?

A. Principal

B. Identity provider

C. Service provider

D. XML provider

48 / 111

Why is it necessary to change default passwords on systems and devices before usage?

A. To keep the password easy to remember

B. To prevent unauthorized individuals from gaining access

C. To match company-wide password standards

D. To reset the system or device

49 / 111

What does the ’Modify’ permission in NTFS allow a user to do?

A. Only change the contents of a file

B. Only open and view a file

C. Run any executable files

D. View and change files, including deleting files or adding files to a folder

50 / 111

What does ’True rejection’ refer to in the context of biometric systems?

A. The system incorrectly identifies a registered user.

B. The system incorrectly rejects a registered user.

C. The system correctly identifies a registered user.

D. The system correctly rejects an unknown user.

51 / 111

What is a common signal used within Conditional Access policies in Microsoft’s Azure Active Directory environments?

A. The user’s favorite color

B. The type of software installed on the device

C. The user’s credit score

D. Device type

52 / 111

Which is an example of a signal used in Microsoft’s Conditional Access policies within Active Directory environments?

A. File type

B. Device temperature

C. IP location

D. Internet speed

53 / 111

In the role-BAC scheme, how do administrators commonly grant access?

A. By assigning rights and permissions to individuals directly

B. By creating a unique group for every user

C. By assigning rights and permissions to groups and adding users to the appropriate group

D. By creating a group that assigns rights and permissions on the basis of a user’s job title

54 / 111

Who is responsible for defining the access for subjects and objects in a system?

A. The network administrator

B. The IT administrator

C. The security professional

D. The higher authority entities

55 / 111

What does the NIST SP-800-63B state about two-step authentication via SMS?

A. It is the most secure method of two-step authentication.

B. It encourages its use due to its simplicity.

C. It discourages its use due to several vulnerabilities.

D. It doesn’t mention SMS-based two-step authentication.

56 / 111

Which element is NOT typically included in an ABAC policy statement?

A. Object

B. Device

C. Subject

D. Action

57 / 111

What does the ’Something You Have’ authentication factor refer to in CompTIA Security+ SY0-701?

A. Something you can remember

B. Something you can physically hold

C. Something that is part of you

D. Something you can perceive

58 / 111

What is the difference between Static KBA and Dynamic KBA?

A. Static KBA verifies the identity of existing users, while Dynamic KBA identifies new users.

B. Dynamic KBA is used to reset passwords, whereas Static KBA is used for high-risk transactions.

C. Static KBA only uses public data sources, while Dynamic KBA uses both public and private sources.

D. Dynamic KBA involves answering questions about personal history, while Static KBA does not require answering questions.

59 / 111

What does the DAC scheme emphasis regarding object ownership within the Microsoft NTFS system?

A. The user and administrator share control of the object

B. The administrator has full, explicit control of the object

C. Every object has an owner, and the owner has full, explicit control of the object

D. Every object is controlled by the system, irrespective of the user

60 / 111

What is the role of the Key Distribution Center (KDC) in Kerberos authentication?

A. It provides time synchronization on all systems

B. It serves as the database for subjects or users

C. It issues ticket-granting tickets (TGTs) and other tickets

D. It functions as the encryption and decryption key

61 / 111

What is the role of an Identity provider (IdP) in the context of Security Assertion Markup Language (SAML)?

A. It is an entity that provides services to principals.

B. It is typically a user who logs on once.

C. It creates, maintains, and manages identity information for principals.

D. It is a system that hosts one or more websites accessible through a web-based portal.

62 / 111

What does a password expiration setting identifies?

A. The strength of a user’s password

B. The amount of characters a password must have

C. The time period after which a user must change their password

D. The mix of character types a password must have

63 / 111

What does the ’Modify’ permission enable users to do in NTFS?

A. It only allows users to view files

B. It allows users to change files and view them, including deleting files or adding files to a folder

C. Enables users to run any executable files

D. Gives users the ability to delete a file and its contents

64 / 111

What does the ’Something You Can Do’ authentication factor refer to in terms of Microsoft Windows 10?

A. Actions you can perform such as gestures on a picture

B. Steps of installing a software

C. Creating a text password

D. Using face recognition software

65 / 111

What are the main functions of the embedded certificates in a smart card?

A. It only supports cryptography for increased security

B. It provides certificate-based authentication and simple password security

C. It allows the use of a complex encryption key, supports digital signatures, data encryption, and provides secure authentication

D. It allows users to log into their online banking securely

66 / 111

Which of the following best describes a strong password according to the text?

A. A password that is at least 8 characters long, combining at least three of the four character types: uppercase, lowercase, numbers and special characters

B. A password that is at least 7 characters long as recommended by PCI DSS

C. A simple password with more than 10 characters, that only uses numbers

D. A password that includes part of the user’s name for better memorability

67 / 111

What type of biometric authentication method is commonly used by laptop computers, smartphones and USB flash drives?

A. Iris Scans

B. Voice recognition

C. Fingerprint Scanners

D. Gait analysis

68 / 111

Which of the following best describes the ’Read & execute’ NTFS permission in Linux?

A. It allows a user to open and view the contents of a file

B. It gives a user the ability to delete a file

C. It gives a user permission to run any executable files, including scripts

D. It does not grant any permissions to the user

69 / 111

Why are shared or generic accounts often prohibited in account management policies?

A. It simplifies the task of assigning user privileges.

B. It makes it difficult to implement basic authorization controls and track user actions.

C. It limits the number of accounts that need to be created.

D. It improves the performance of the network by reducing the number of active connections.

70 / 111

What is the least secure form of authentication factor?

A. Something you are

B. Something you have

C. Something you know

D. Two factors authentication

71 / 111

What is one of the common signals that Conditional Access policies use in a Microsoft Azure Active Directory environment?

A. Performance of the device’s CPU

B. User or group membership

C. Size of the accessed files

D. The color scheme of the user interface

72 / 111

What is one of the requirements for Kerberos to work properly?

A. All systems must be within five miles of each other

B. The KDC issues timestamped tickets that expire after a certain number of bytes are transferred

C. The clock that provides time synchronization is used to track user activity

D. Time synchronization, with systems synchronized and within five minutes of each other

73 / 111

What does the Mandatory Access Control (MAC) scheme use to determine access?

A. User passwords

B. Sensitivity labels or security labels

C. Usernames

D. Encryption keys

74 / 111

In an Attribute-Based Access Control (ABAC) system, what does the Action element represent?

A. The type of Internet access via a proxy server along with a specific list of URLs

B. The resource that the user is trying to access

C. The context of the access request including time, location, protocols, encryption, devices, and communication method

D. What the user is attempting to do, such as reading or modifying a file, accessing specific websites, and accessing website applications

75 / 111

Which of the following is NOT one of the access control schemes mentioned in the text?

A. Role-based access control

B. Discretionary access control (DAC)

C. Identity-based access control (IBAC)

D. Mandatory access control (MAC)

76 / 111

In the role-BAC scheme in Microsoft Project Server, what level of access do Project Managers have?

A. They have complete access and control over everything on the server.

B. They can access data from any project but do not have access to modify server settings.

C. They have full control over their own projects but do not control projects owned by other project managers.

D. They can report on work assigned to them, but they have little access outside the scope of their assignments.

77 / 111

What are some of the security features provided by smart cards?

A. Confidentiality and accountability

B. Confidentiality, integrity, authentication, and non-repudiation

C. Integrity only

D. Authentication and redundancy

78 / 111

What is the level of access typically granted to ’Team Members’ in a role-Based Access Control (BAC) scheme on a Microsoft Project Server?

A. Complete access and control over everything on the server

B. Access to data from any project but cannot modify server settings

C. Full control over their own projects but do not control projects owned by other project managers

D. Limited access to only report on assigned work

79 / 111

What are the three different meanings of MAC within the context of CompTIA Security+

A. Media access control, Mandatory amusement control, Message authentication code

B. Media assignment control, Mandatory access control, Message authentication code

C. Media access control, Mandatory access control, Message authentication code

D. Media access control, Manual access control, Message assignment code

80 / 111

What is the role of ’Executives’ in Microsoft Project Server?

A. They have complete access and control over everything on the server, including all of the projects managed on the server.

B. They can access data from any project held on the server but do not have access to modify server settings.

C. They have full control over their own projects but do not control projects owned by other project managers.

D. They can typically report on work that project managers assign to them, but they have little access outside the scope of their assignments.

81 / 111

In SAML, what is the function of the Principal?

A. It provides services to other systems.

B. It queries the IdP to verify user credentials.

C. It hosts websites accessible through a web-based portal.

D. It’s typically a user who logs on once and, if necessary, requests an identity from the IdP.

82 / 111

What capabilities does the ’Full control’ NTFS permission provide to users?

A. Users can only read the file content

B. Users can read and execute files

C. Users can only modify the files

D. Users can do anything with a file and its permissions

83 / 111

What is the recommended procedure for managing user accounts when an employee is on an extended leave of absence according to the material?

A. The account should be deleted.

B. The account should remain enabled.

C. The account should be disabled.

D. The account should be transferred to another employee.

84 / 111

What do credential policies require for administrator and root accounts?

A. Basic credential policies

B. Single-factor authentication

C. Multifactor authentication

D. No specific authentication methods

85 / 111

Which of the following statements about shared and generic account/credentials is true?

A. Access can be tailored for shared and generic accounts

B. They are not discouraged for normal work

C. Stronger authentication methods such as multifactor authentication are required for them

D. They should have strong passwords in place, enforced at a minimum

86 / 111

Why is it often detrimental to security if users constantly reuse the same password?

A. It makes it easier for users to impersonate other users.

B. It gives the system administrator too many passwords to keep track of.

C. It increases the chance that the password will become predictable and therefore easier to guess or crack.

D. It takes up too much memory to keep track of the same password over and over.

87 / 111

What is the purpose of labels in the MAC scheme?

A. To define the boundaries for the security levels

B. To create a need to know

C. To classify users and data

D. All of the above

88 / 111

What is a primary function of a password vault?

A. To make it easier for unauthorized users to access your passwords

B. To store passwords in an unencrypted format

C. To store most of your passwords in an encrypted format which requires one password to access them

D. To generate passwords for new accounts

89 / 111

What is the role of a Service Provider in Security Assertion Markup Language (SAML)?

A. It verifies user identity and provides the identity.

B. It provides services to the user after authenticating them.

C. It establishes trust between two different websites.

D. It hosts the SSO for web browsers.

90 / 111

Which type of account is most often associated with regular users or the personnel working in organizations?

A. Device accounts

B. Service accounts

C. Administrator and root accounts

D. Personnel or end-user accounts

91 / 111

Which of the following is NOT a key characteristic of voice recognition as a method of biometric authentication?

A. It involves using speech recognition to identify various acoustic features.

B. Its accuracy is influenced by differences in individuals’ mouth and throat, and their speaking style.

C. It requires physical contact with the device for identification.

D. Devices like Apple’s Siri can be set up to respond only to the owner’s voice.

92 / 111

Which authentication factor does the ’something you know’ category typically refer to?

A. Biometric identification

B. Smart card or phone

C. Shared secret like password or pin

D. Hardware token

93 / 111

What does an iris scanner use for recognition and how does it capture this information?

A. Iris scanners use the patterns of the veins in the palm, captured using near-infrared light.

B. Iris scanners use the pattern of the retina, captured using a camera technology.

C. Iris scanners use the pattern of the iris around the pupil, captured using a special biometric scanner.

D. Iris scanners use the patterns of the iris around the pupil, captured using camera technologies.

94 / 111

What are the four elements typically included in an Attribute-Based Access Control (ABAC) policy statement?

A. Subject, Environment, Action, Files

B. Device, User, Environment, Files

C. Subject, Object, Action, Environment

D. User, Device, Protocol, Action

95 / 111

What are some objections to using retina scanners for biometric authentication?

A. They are too accurate

B. They can identify medical issues

C. They require irises to be scanned

D. They can only scan one eye

96 / 111

What does the term ’someone you know’ imply in the context of cybersecurity and trust models?

A. The person, company or system that has been previously recognized and subjected to security checks.

B. The person, company or system responsible for compromised cyber security.

C. The person, company or system that are unknown and pose potential cyber threats.

D. The person, company or system for which someone else vouches or provides a level of trust.

97 / 111

What does ’Account lockout threshold’ refer to in the context of account lockout policies on Microsoft systems?

A. The maximum duration for which an account stays locked

B. The maximum number of times a user can enter the wrong password before the account is locked

C. The minimum number of times a user must enter the wrong password before the account is locked

D. The length of time after which the account automatically unlocks

98 / 111

What is a characteristic of gait analysis as a method of biometric authentication?

A. It can identify individuals based on the way they walk.

B. It is a form of biometric authentication that cannot be altered by the user.

C. It is primarily used in hospitals and healthcare systems.

D. It recognizes individuals based on acoustic features of their voice.

99 / 111

In the context of an organization’s disablement policy, why is disabling preferred over deleting the account for a terminated employee?

A. Deleting the account immediately removes the employee’s access to their email.

B. Deleting the account preserves any encryption and security keys associated with the account.

C. Disabling the account retain any encryption and security keys associated with the account.

D. Disabling the account immediately removes the employee’s access to their email.

100 / 111

What does ’Account lockout duration’ refer to in the context of Microsoft system security policies?

A. The maximum number of times a user can enter the wrong password before the system locks the account

B. The time delay between each unsuccessful login attempt

C. The length of time an account remains locked after exceeding the account lockout threshold

D. The minimum password length required to enhance security

101 / 111

What information can be determined from authentication log entries?

A. Time and date stamp, successful or unsuccessful login, and the computer name or IP address

B. Time and date stamp and whether the login was from a regular or privileged account

C. Whether a login was successful or not and what type of system the user was logging into

D. The user account and whether the system was being accessed remotely or locally

102 / 111

What is the primary purpose of SSO?

A. To provide authorization

B. To transfer authorization data between systems

C. To identify and authenticate users

D. To regulate access to nuclear power plant resources

103 / 111

What is the function of the VIP Access app created by Symantec, as utilized within authentication applications?

A. It protects the system from viruses and malware

B. It enhances the system’s firewall and defends from intruders

C. It creates a steady stream of one-time-use passwords

D. It acts as an encryption service for sensitive information

104 / 111

What does the ’Subject’ typically refer to in an ABAC policy?

A. The resource that the user is trying to access

B. The human operator of the system

C. The action the user wants to perform

D. The context of the access request

105 / 111

What is the primary purpose of Authentication attributes in system security?

A. Solely authenticate a user or device.

B. To identify a user or device based on characteristics or traits.

C. To replace the use of password.

D. To monitor user activity.

106 / 111

What type of account commonly requires long, complex passwords that should not expire?

A. Personnel or end-user accounts

B. Administrator and root accounts

C. Service accounts

D. Device accounts

107 / 111

Why does Kerberos version 5 require all systems to be synchronized and within five minutes of each other?

A. To ensure Client-Server communication

B. To timestamp tickets and prevent replay attacks

C. For efficient distribution of tickets

D. For symmetric-key cryptography

108 / 111

What are the additional requirements for a service account set by credential policies?

A. Multifactor authentication

B. Strong password policies enforced

C. They require long, complex passwords that do not expire

D. Basic credential policies

109 / 111

What is the purpose of an account audit?

A. To monitor and record a user’s activity.

B. To identify and compare the privileges granted to users against what they need.

C. To assign new roles and responsibilities to a user.

D. To limit a user’s access to minimum while they are transferring to a new role.

110 / 111

Within the context of authentication attributes, what is an example of ’Something You Exhibit’?

A. A password

B. A retinal scan

C. A fingerprint

D. A Common Access Card (CAC) or Personal Identity Verification (PIV) card

111 / 111

What are the characteristics of a service account in the context of credential policies?

A. It is a privileged account like administrator and root accounts.

B. Service accounts require long, complex passwords that do not expire.

C. It is an account made for a third-party entity that requires administrative access.

D. It is a shared user account used by temporary workers.

Your score is

Dowload the FREE OFFLINE Version of this Test Bank

Boost your cybersecurity skills! Click to download the CompTIA Security+ Practice Anki deck.

Free CompTIA Security+ Practice Test – Chapter 01: Mastering Security Basics

Mastering Security Basics for CompTIA Security+ is essential for anyone pursuing the certification. This chapter offers free practice questions to help you strengthen your foundational security knowledge. Boost your IT skills with our free CompTIA Security+ practice test focusing on Chapter 01: Mastering Security Basics. Whether you’re entering the IT industry or advancing in cyber security, our resources are here to help you succeed in the CompTIA Exam.

Why Choose Our CompTIA Security+ Practice Test?

Skill Enhancement: Covers essential security basics and concepts crucial for the CompTIA Exam and vulnerability management, including Identity and Access Management for CompTIA Security+.
Career Advancement: Passing the CompTIA Security+ exam can open doors to new job opportunities and significant career changes in the IT industry.
Vulnerability Management: Master the art of managing security vulnerabilities, a key skill in the field of cyber security.

Free Anki Deck Download

Download our free Anki Deck, reviewed by industry expert Josh Madakor, who has extensive experience in IT and cyber security, including work with Microsoft and government sectors. Learn more about Anki on the official site.

Get Started with Your IT Career Change Today!

Visit the CompTIA Security+ official site and the CompTIA Network+ official site for more information.

Chapter 02 – Understanding Identity and Access Management

Dowload the FREE OFFLINE Version of this Test Bank

Free CompTIA Security+ Practice Test – Chapter 01: Mastering Security Basics

Why Choose Our CompTIA Security+ Practice Test?

Free Anki Deck Download

Get Started with Your IT Career Change Today!

Explore our other free practice tests:

Related Posts

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

The Affordable, Hands-On Cyber Security that gets Results!

JOIN OUR

NEWSLETTER