Sec+ CH.2 Review Test Professional Development Quiz

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Your organization wants to identify biometric methods used for

identification. The requirements are:

1) Collect the data passively.

2) Bypass a formal enrollment process.

3) Avoid obvious methods that let the subject know data is being

collected.

Which of the following biometric methods BEST meet these requirements?

(Select TWO.)

Fingerprint

Retina

Iris

Facial

Gait analysis

Answer explanation

D and E are correct. It’s possible to collect facial scan data and perform

gait analysis without an enrollment process. You would use cameras to

observe subjects from a distance and collect data passively. You need a

formal enrollment process for fingerprints, retinas, irises, and palm vein

methods. Retina and iris scans need to be very close to the eye and are very

obvious. Palm vein methods require users to place their palm on a scanner.

While it’s possible to collect fingerprints passively, you still need an

enrollment process.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your organization recently updated an online application that employees

use to log on when working from home. Employees enter their username

and password into the application from their smartphone and the application

logs their location using GPS. Which type of authentication is being used?

One-factor

Dual-factor

Something you are

Something you have

Answer explanation

A is correct. This is using one-factor authentication—something you

know. The application uses the username for identification and the

password for authentication. Note that even though the application is

logging the location using Global Positioning System (GPS), there isn’t any

indication that it is using this information for authentication. Dual-factor

authentication requires another factor of authentication such as something

you are or something you have. Something you are authentication factor

refers to biometric authentication methods. The something you have

authentication factor refers to something you can hold, such as a smart card.

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Management within your organization wants to add 2FA security for

users working from home. Additionally, management wants to ensure that

2FA passwords expire after 30 seconds. Which of the following choices

BEST meets this requirement?

HOTP

TOTP

SMS

Kerberos

Answer explanation

B is correct. A Time-based One-Time Password (TOTP) meets the

requirement of two-factor authentication (2FA). A user logs on with regular

credentials (such as a username and password), and then must enter an

additional one-time password. Some smartphone apps use HOTP and

display a new password every 30 seconds. An HMAC-based One-Time

Password (HOTP) creates passwords that do not expire until they are used.

Short message service (SMS) is sometimes used to send users a one-time

use password via email or a messaging app, but these passwords typically

don’t expire until at least 15 minutes later. Kerberos uses tickets instead of

passwords.

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Management within your organization has decided to implement a

biometric solution for authentication into the data center. They have stated

that the biometric system needs to be highly accurate. Which of the

following provides the BEST indication of accuracy with a biometric

system?

The lowest possible FRR

The highest possible FAR

The lowest possible CER

The highest possible CER

Answer explanation

C is correct. A lower crossover error rate (CER) indicates a more

accurate biometric system. The false acceptance rate (FAR) and the false

rejection rate (FRR) vary based on the sensitivity of the biometric system

and don’t indicate accuracy by themselves. A higher CER indicates a less

accurate biometric system.

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The Marvin Monroe Memorial Hospital was recently sued after removing

a kidney from the wrong patient. Hospital executives want to implement a

method that will reduce medical errors related to misidentifying patients.

They want to ensure medical personnel can identify a patient even if the

patient is unconscious. Which of the following would be the BEST

solution?

Gait analysis

Vein scans

Retina scan

Voice recognition

Answer explanation

B is correct. A vein scan implemented with a palm scanner would be the

best solution of the available choices. The patient would place their palm on

the scanner for biometric identification, or if the patient is unconscious,

medical personnel can place the patient’s palm on the scanner. None of the

other biometric methods can be easily performed on an unconscious patient.

Gait analysis attempts to identify someone based on the way they walk. A

retina scan scans the retina of an eye, but this will be difficult if someone is

unconscious. Voice recognition identifies a person using speech recognition.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Users regularly log on with a username and password. However,

management wants to add a second authentication factor for any users who

launch the gcga application. The method needs to be user-friendly and non-

disruptive. Which of the following will BEST meet these requirements?

An authentication application

TPM

HSM

Push notifications

Answer explanation

D is correct. Push notifications are user-friendly and non-disruptive.

Users receive a notification on a smartphone and can often acknowledge it

by simply pressing a button. An authentication application isn’t as user-

friendly as a push notification. It requires users to log on to the smartphone,

find the app, and enter the code. A Trusted Platform Module (TPM)

provides full drive encryption and would protect the data if someone

accessed the laptop, but it doesn’t prevent access. A hardware security

module (HSM) is a removable device that can generate and store RSA keys

used with servers. Neither a TPM nor an HSM is relevant in this question.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Your organization hires students during the summer for temporary help.

They need access to network resources, but only during working hours.

Management has stressed that it is critically important to safeguard trade

secrets and other confidential information. Which of the following account

management concepts would be MOST important to meet these goals?

Account expiration

Account lockout

Time-of-day restrictions

Password recovery

Password history

Answer explanation

C is correct. Time-of-day restrictions should be implemented to ensure

that temporary workers can only access network resources during work

hours. The other answers represent good practices, but don’t address the

need stated in the question that “personnel need access to network

resources, but only during working hours.” Account expiration should be

implemented if the organization knows the last workday of these workers.

Account lockout will lock out an account if the wrong password is entered

too many times.

Password recovery allows users to recover a forgotten password or change

their password if they forgot their password. Password history remembers

previously used passwords and helps prevent users from using the same

password.

8.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

You need to provide a junior administrator with appropriate credentials to

rebuild a domain controller after it suffers a catastrophic failure. Of the

following choices, what type of account would BEST meet this need?

User account

Generic account

Guest account

Service account

Answer explanation

A is correct. A user account is the best choice of the available answers.

More specifically, it would be a user account with administrative privileges

(also known as a privileged account) so that the administrator can add the

domain controller. A generic account (also known as a shared account) is

shared between two or more users and is not recommended. A guest

account is disabled by default and it is not appropriate to grant the guest

account administrative privileges. A service account is an account created

to be used by a service or application, not a person.

9.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Lisa is reviewing an organization’s account management processes. She

wants to ensure that security log entries accurately report the identity of

personnel taking specific actions. Which of the following steps would

BEST meet this requirement?

Implement generic accounts.

Implement role-based privileges.

Use an SSO solution.

Remove all shared accounts.

Answer explanation

D is correct. Removing all shared accounts is the best answer of the

available choices. If two employees are using the same account, and one

employee maliciously deletes data in a database, it isn’t possible to identify

which employee deleted the data. Generic accounts are the same as shared

accounts and shouldn’t be used. Role-based (or group-based) privileges

assign the same permissions to all members of a group, which simplifies

administration. A single sign-on (SSO) solution allows a user to log on once

and access multiple resources.

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A recent security audit discovered several apparently dormant user

accounts. Although users could log on to the accounts, no one had logged

on to them for more than 60 days. You later discovered that these accounts

are for contractors who work approximately one week every quarter. Which

of the following is the BEST response to this situation?

Remove the account expiration from the accounts.

Delete the accounts.

Reset the accounts.

Disable the accounts.

Answer explanation

D is correct. The best response is to disable the accounts and then

enable them when needed by the contractors. Ideally, the accounts would

include an expiration date so that they would automatically expire when no

longer needed, but the scenario doesn’t indicate the accounts have an

expiration date. Because the contractors need to access the accounts

periodically, it’s better to disable them rather than delete them. Reset the

accounts implies you are changing the password, but this isn’t needed.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground