CompTIA Security+ Domain 4 Exam
Questions and Answers 100% Correct
Authorization - ANSWER-access resources based on proven identity
Accounting - ANSWER-track user activity and record activity in logs
Authenticaion - ANSWER-providing Identity
ex: password
Identification - ANSWER-claiming an identity
ex: username
Authentication Factors - ANSWER-Something you know, something you are, something
you have, somewhere you are, something you do.
Something you Know - ANSWER-refers to a shared secret- least secure form of
authentication
Password Complexity - ANSWER-Uppercase
Lowercase
Numbers
Special Characters
Password Length-14
Something You Have - ANSWER-refers to something physically held
Smart Cards - ANSWER-Credit card sized card containing a microchip for data storage
and processing.
Somewhere you are - ANSWER-identifies a user's location
Something you do - ANSWER-refers to actions you can take such as gestures on a
touch screen
Something You Are - ANSWER-uses biometrics for authentication
Federation - ANSWER-A formal association containing many individual groups
Federated Identity Management - ANSWER-An arrangement that can be made among
multiple enterprises that lets subscribers use the same identification data to obtain
access to the networks of all enterprises in the group
, Single sign-on - ANSWER-A gateway service that permits users to log in once with a
single user ID and password to gain access to multiple software applications.
Transitive Trust - ANSWER-A trust relationship between two or more domains in a tree,
in which each domain has access to objects in the others.
OpenID Connect - ANSWER-Works with OAuth 2.0 and it allows clients to verify the
identity of end users without managing their credentials
Shibboleth - ANSWER-open source federated identity solution that includes Open
SAML libraries
Secure Token - ANSWER-Authentication mechanism that can identify and authenticate.
Tell servers (resources) what access rights a user possesses.
Can allow or deny access.
LDAP - ANSWER-specifies formats and methods to query directories- based on earlier
version of X.500
Kerberos - ANSWER-network authentication mechanism used with Active Directory
domains and some Unix ralms
Kerberos Requirements - ANSWER-A method of issuing tickets used for authentication
Time Synchronization
Database of subjects or users
TACACS+ - ANSWER-Cisco alternative to RADIUS; used for
remote access and authentication with routers and other network devices; uses
multiple challenges and responses between the client and the server; encrypts the
entire authentication process; uses TCP
CHAP - ANSWER-used to provide authentication by using the user's password to
encrypt a challenge string of random numbers
PAP - ANSWER-used to provide authentication but not secure since it transmits login
credentials in plaintext
MS-CHAP - ANSWER-Microsoft's variation of the Challenge Handshake Authentication
Protocol
that uses a slightly more advanced encryption protocol.
Deprecated
MS-CHAPv2 - ANSWER-An improvement over MS-CHAP which includes mutual
authentication.
Questions and Answers 100% Correct
Authorization - ANSWER-access resources based on proven identity
Accounting - ANSWER-track user activity and record activity in logs
Authenticaion - ANSWER-providing Identity
ex: password
Identification - ANSWER-claiming an identity
ex: username
Authentication Factors - ANSWER-Something you know, something you are, something
you have, somewhere you are, something you do.
Something you Know - ANSWER-refers to a shared secret- least secure form of
authentication
Password Complexity - ANSWER-Uppercase
Lowercase
Numbers
Special Characters
Password Length-14
Something You Have - ANSWER-refers to something physically held
Smart Cards - ANSWER-Credit card sized card containing a microchip for data storage
and processing.
Somewhere you are - ANSWER-identifies a user's location
Something you do - ANSWER-refers to actions you can take such as gestures on a
touch screen
Something You Are - ANSWER-uses biometrics for authentication
Federation - ANSWER-A formal association containing many individual groups
Federated Identity Management - ANSWER-An arrangement that can be made among
multiple enterprises that lets subscribers use the same identification data to obtain
access to the networks of all enterprises in the group
, Single sign-on - ANSWER-A gateway service that permits users to log in once with a
single user ID and password to gain access to multiple software applications.
Transitive Trust - ANSWER-A trust relationship between two or more domains in a tree,
in which each domain has access to objects in the others.
OpenID Connect - ANSWER-Works with OAuth 2.0 and it allows clients to verify the
identity of end users without managing their credentials
Shibboleth - ANSWER-open source federated identity solution that includes Open
SAML libraries
Secure Token - ANSWER-Authentication mechanism that can identify and authenticate.
Tell servers (resources) what access rights a user possesses.
Can allow or deny access.
LDAP - ANSWER-specifies formats and methods to query directories- based on earlier
version of X.500
Kerberos - ANSWER-network authentication mechanism used with Active Directory
domains and some Unix ralms
Kerberos Requirements - ANSWER-A method of issuing tickets used for authentication
Time Synchronization
Database of subjects or users
TACACS+ - ANSWER-Cisco alternative to RADIUS; used for
remote access and authentication with routers and other network devices; uses
multiple challenges and responses between the client and the server; encrypts the
entire authentication process; uses TCP
CHAP - ANSWER-used to provide authentication by using the user's password to
encrypt a challenge string of random numbers
PAP - ANSWER-used to provide authentication but not secure since it transmits login
credentials in plaintext
MS-CHAP - ANSWER-Microsoft's variation of the Challenge Handshake Authentication
Protocol
that uses a slightly more advanced encryption protocol.
Deprecated
MS-CHAPv2 - ANSWER-An improvement over MS-CHAP which includes mutual
authentication.
