104 Chapter 5 ■ dentity and Access Management (Domain 5)I
- Which of the following is best described as an access control model that focuses on subjects
and identifies the objects that each subject can access?
A. An access control list
B. An implicit denial list
C. A capability table
D. A rights management matrix - Jim’s organization-wide implementation of IDaaS offers broad support for cloud-based
applications. Jim’s company does not have in-house identity management staff and does
not use centralized identity services. Instead, they rely upon Active Directory for AAA
services. Which of the following options should Jim recommend to best handle the
company’s onsite identity needs?
A. Integrate onsite systems using OAuth.
B. Use an on-premises third-party identity service.
C. Integrate onsite systems using SAML.
D. Design an in-house solution to handle the organization’s unique needs. - Which of the following is not a weakness in Kerberos?
A. The KDC is a single point of failure.
B. Compromise of the KDC would allow attackers to impersonate any user.
C. Authentication information is not encrypted.
D. It is susceptible to password guessing. - Voice pattern recognition is what type of authentication factor?
A. Something you know
B. Something you have
C. Something you are
D. Somewhere you are - If Susan’s organization requires her to log in with her username, a PIN, a password, and a
retina scan, how many distinct authentication factor types has she used?
A. One
B. Two
C. Three
D. Four - Which of the following items are not commonly associated with restricted interfaces?
A. Shells
B. Keyboards
C. Menus
D. Database views