Pass4sure CASECURID01.70 Questions

Transcription

1 Pass4sure CASECURID01.70 Questions Number: CASECURID01 Passing Score: 800 Time Limit: 120 min File Version: CASECURID01 RSA SecurID Certified Administrator 8.0 Exam Finally, I got right questions for this exam and share with you guys. Best Wishes. I have changed answers of Q2, Q11, Q31, Q44, Q59 and Q87. Modified few questions, fixed few spelling mistakes and typos. 100% Valid in US, UK, Australia, India and Emirates. All my friends in group have these same questions. Excellent Questions, I pass with 90% with these questions. Guys just read this only. I only used these questions and got 900 marks with this. Perfect Show.

2 Exam A QUESTION 1 Which of the following can cause the error message "Node Secret Mismatch?" (Choose two) A. A user is not activated on the Agent Host. B. The Agent is not certified as "Secured by RSA" C. The Agent has been uninstalled then re-installed. D. The Agent is installed on an unreachable remote network node. E. The Node Secret file has been cleared or deleted on the Agent host. Correct Answer: CE /Reference: : QUESTION 2 An RSA Authentication Manager Enterprise license will allow which of the following to be added to a Primary instance? A. multiple Replica instances B. Risk-Based authentication capability C. On-Demand authentication capability D. Business Continuity Option (BCO) capability /Reference: : QUESTION 3 What circumstance would allow an administrator to have read/write access to an RSA Authentication Manager database on a Replica instance? A. The Replica is first promoted to a Primary instance. B. The Replica instance is in a different domain from the Primary instance. C. The database service on the Replica instance is running in Offline mode. D. The Replica does not have a network connection to the Primary instance. /Reference: : QUESTION 4 The term "Silent Collection" refers to gathering information about a user's access and authentication patterns. A. True B. False

3 /Reference: correct answer. QUESTION 5 Which types of administrative objects are contained within an RSA Authentication Manager Security Domain? (Choose two) A. Users B. Administrators C. Identity Sources D. Replica Instances E. Security Question Requirements B /Reference: best multiple answer. QUESTION 6 What are three steps an administrator can use for reporting past user transactions stored in the RSA Authentication Manager audit database? (Choose three) A. Run a report job. B. Edit a report template. C. View a report job output. D. View the Audit Monitor utility. E. Use the 'view-audit-log' command line utility. F. Export the audit database to a spreadsheet format. BC /Reference: : QUESTION 7 Token expiration dates; A. Appear on the token display thirty days prior to expiration. B. Are programmed into a token record at the time of manufacture. C. Vary according to the date set by the administrator when assigning the token. D. Depend on the clock in the Authentication Agent to determine if the token is active.

4 /Reference: : QUESTION 8 Which statements concerning RSA SecurID time-synchronous authentication are true? (Choose two) A. On-demand codes have a 5-minute synchronization window. B. Token expiration dates are based on the date of the token's first use. C. Calculation of a tokencode involves the use of Universal Coordinated Time. D. An administrator can configure the tokencode change interval on an RSA SecurID token. E. Tokencode calculations are performed by both the RSA Authentication Manager instance and RSA SecurID tokens. Correct Answer: CE /Reference: : QUESTION 9 The Authentication Activity Monitor is helpful in which of the following cases? A. Monitoring a user's network path to the Web Tier server B. Locating RSA SecurID tokens that are near their expiration date C. Defining parameters for the Self-Service Troubleshooting Policy D. Troubleshooting authentication attempts while in direct contact with the user /Reference: : QUESTION 10 Which of the following services is NOT an option to users through the Self-Service Console? A. Changing a password or PIN B. Creating an individual PIN policy C. Requesting a replacement token D. Resynchronizing an RSA SecurID token /Reference: : QUESTION 11 For RSA Authentication Manager administration, "Administrative Role" is a combination of. (Choose two) A. scope B. domain C. group list D. permissions E. RADIUS profile

5 D /Reference: : QUESTION 12 What can cause the error message "Cannot Communicate with RSA Authentication Manager" to be displayed on the RSA Authentication Agent when the Agent is used for the first time? A. The Agent is open only to locally known users. B. The Primary Instance cannot resolve the Agent's name. C. The Agent contains two conflicting Network Interface Cards. D. The Agent has the wrong name and IP address for the Primary Instance. /Reference: : QUESTION 13 If the access time range allowed for a group is specified as 8 AM to 6 PM each weekday, which statement about a group member's login is true? A. All group members will be logged out automatically at 6 PM. B. A user will be prompted to renew their login each day after 8 AM. C. A user's individual access times override a group's access time range. D. Once logged in during the allowed time period, a user can remain logged in indefinitely. /Reference: : QUESTION 14 Which RSA SecurID authentication method can use alphabetic characters as part of the user's PASSCODE? A. Key Fob B. PINPad C. On-demand authentication D. Software Token in PINPad mode /Reference: : QUESTION 15 The "Quick Search" function that allows access to a user's account, token and recent activity is a feature of A. The User Dashboard. B. The Self-Service Console.

6 C. On-Demand Authentication. D. The Windows MMC Snap-In. /Reference: : QUESTION 16 If a user forgets his/her PIN and still has possession of his/her token, an Administrator should verify the identity of the user and then A. Clear the user's old PIN. B. Disable the user's token. C. Assign a new token to the user. D. Assign a temporary Fixed Passcode. /Reference: : QUESTION 17 When is the user PIN established? A. when the useraccountis first created B. at the time a token is first assigned to a user C. upon the first successful authentication with the token D. after the user successfully enters two sequential tokencodes Correct Answer: C /Reference: : QUESTION 18 If the option "Automatically delete replaced tokens" is selected, the token records will be deleted when A. new tokens are imported. B. the token expiration date is reached. C. the Administrator unassigns the token from a user. D. a user logs in successfully with a new assigned token. /Reference: : QUESTION 19 Three consecutive log entries for one user contain the message "Authentication Method Failed". When the user contacts the Help Desk, what administrative action would NOT be appropriate?

7 A. attempt to resynchronize the token through the Security Console B. set the user's PIN to Next Tokencode through the Manage Tokens menu C. verify the correct system time of the RSA Authentication Manager instance D. assign a Temporary Fixed Passcode for troubleshooting through the User menu /Reference: : QUESTION 20 If multiple users request On-demand Tokencodes but are not receiving them, what would be an appropriate action to take? A. Verify that the users are not in New PIN mode. B. Verify that SMS or SMTP services are configured correctly. C. Ensure that the token codes assigned to the users have not expired. D. Verify that the user's receiving device is set to the same time zone as the Authentication Manager instance. /Reference: proper answer. QUESTION 21 In the case where a Microsoft Windows Authentication Agent is configured for Offline Authentication, if a user requests an Emergency Access Tokencode from the Help Desk, what must the user remember? A. their secret PIN B. their token's serial number C. their token's last tokencode D. their computer's Node Secret value /Reference: : QUESTION 22 The RSA Authentication Manager Report options can assist you in A. Troubleshooting network logout problems. B. Determining how long users are logged in. C. Troubleshooting Authentication Agent activity. D. Determining when audit log encryption is compromised. Correct Answer: C /Reference: :

8 QUESTION 23 A user has an RSA SecurID Key Fob. The Key Fob Change Interval is 60 seconds and has been used successfully in the past. If the RSA Authentication Manager is now out of synch with the token by 2 minutes, what will happen when the user tries to authenticate? A. Authentication Manager will automatically adjust the token offset value and authenticate the user. B. Authentication Manager will reject the PASSCODE and the user will receive an "Access Denied" message. C. Authentication Manager will post a "Token Requires Resync" message in the log and deny access to the user. D. Authentication Manager will request the user for next tokencode, adjust the user's token offset value, and authenticate the user. /Reference: : QUESTION 24 What are three minimal administrative steps that must be taken before a user can authenticate to a new RSA Authentication Manager deployment? (Choose three) A. Create a user group B. Create a user account C. Create a new user administrator D. Import a Node Secret from the Agent E. Create an Authentication Agent Record F. Assign an authentication method to a user EF /Reference: : QUESTION 25 The Identity Attribute parameter is useful for A. Ignoring users with duplicate user names. B. Storing additional information in a user record. C. Specifying a user's LDAP CN and account password. D. Allowing a user to authenticate transparently among multiple domains. /Reference: updated answer. QUESTION 26 A user who is enabled for Risk-Based Authentication will likely be associated with what other authentication method? A. PIN-less SecurID token. B. On-Demand Authentication.

9 C. Emergency Access Passcode. D. Digital Certificate Authentication. /Reference: : QUESTION 27 When a user authenticates with a token for the first time, what does the user enter when prompted for a PASSCODE? A. the serial number of the token B. the tokencode on the token's display C. a PIN the user creates followed by their tokencode D. a temporary PASSCODE assigned by the Administrator /Reference: : QUESTION 28 RSA SecurID tokens are initially supplied with matching token records. After tokens are assigned, deployed and used by end-users, what information might be overwritten if the original token records are re-imported into the RSA Authentication Manager database? (Choose two) A. user assignment B. tokencode values C. Authentication Agent usage D. token time offset information E. system PIN parameter settings D /Reference: : QUESTION 29 One or more Replica RSA Authentication Manager instances can A. Help load-balance authentication requests. B. Translate LDAP directory information for the Primary instance. C. Allow the administrator to add users when the Primary instance is down. D. Allow a single PASSCODE to be accepted on multiple RSA Authentication Agents. /Reference: : QUESTION 30

10 What action will allow an Authentication Agent to register automatically with RSA Authentication Manager? A. Edit the Authentication Agent Access Policy to allow auto-registration B. Enable "Allow authentication agent auto-registration" in the Agent record C. Select the option to "Allow Auto Registration" during installation of the Agent D. Add "Auto-Registration=ALLOW" as a parameter value in the sdconf.rec file /Reference: satisfied answer. QUESTION 31 If all users are denied access when they attempt to authenticate to an RSA Authentication Manager instance, the problem might be that A. the licensed number of users has been exceeded. B. the Authentication Manager services are not running. C. all Agent node secrets have been cleared by the users. D. the Super Admin administrator has left the instance in debug mode. /Reference: : QUESTION 32 If the RSA Authentication Manager places a token into Next Tokencode Mode, and the user waits for three minutes (three tokencode increments) to enter his/her next tokencode, what will be the expected result? A. Authentication Manager will not accept the value because it is not sequential. B. The authentication will be successful even though the input was delayed. C. Authentication Manager will ask for a third tokencode, so that it has two sequential codes. D. Authentication Manager will assume that the token has been stolen, and disable the token. /Reference: : QUESTION 33 If a Super Admin administrator can view a certain set of user records in the Authentication Manager database but a Help Desk administrator can NOT view the same records, A. the Help Desk administrator should be assigned a Super Admin role.

11 B. the Help Desk administrator may not have the scope to view these users. C. the user accounts have been marked as "hidden" for Help Desk level administrators. D. the Help Desk administrator must be a member of the same Security Domain as the users to view them. /Reference: : QUESTION 34 A feature of the RADIUS protocol is A. The ability to track a user's login and logout time (RADIUS accounting). B. Auser's default login name becomes their password (RADIUS login synchronization). C. The computer time setting is verified remotely by the RADIUS client (remote time service). D. The user Profile and Attribute Value Pair matches their tokencode (RADIUS token matching). /Reference: good answer. QUESTION 35 A "Secured by RSA Security Implementation Guide" document would assist you in A. Configuring a third-party Authentication Agent. B. Installing RSA Authentication Manager software. C. Finding vendors for purchasing RSA SecurID tokens. D. Defining a deployment plan for installing Primary and Replica instances. /Reference: : QUESTION 36 RSA Authentication Manager audit log records: A. Can be archived using a scheduled job. B. Are only accessible by the Super Admin administrator. C. Are always deleted from the database when they are archived. D. Can be digitally signed by the administrator for archival storage protection. /Reference: right answer. QUESTION 37 If a user is seeking help after receiving an `Access Denied' message, which Security Console function would help locate the activity?

12 A. Reporting B. Token record C. User activation record D. Administrative Activity Monitor /Reference: : QUESTION 38 A user password policy can be used to define A. Which character strings can not be used for passwords. B. The number of password attempts before a user is locked out. C. Which RSA SecurID token types can be used with or without PINs. D. If Windows Password Integration is used with Authentication Manager. /Reference: : QUESTION 39 What are two elements are involved in Risk-Based Authentication? (Choose two) A. a user's device profile B. a user's Security Level C. the length of a user's PIN D. the behavior pattern of a user E. the strength of a user's Passcode D /Reference: good sort of answer. QUESTION 40 The RSA SecurID Software token calculates tokencodes using the time value A. Of the Remote Access or VPN server computer. B. Obtained from the Authentication Manager instance. C. Obtained from the Authentication Agent host computer. D. Of the host device on which the software token is installed. /Reference: :

13 QUESTION 41 Dynamic Seed Provisioning allows secure distribution of: A. Node Secret files to Authentication Agents. B. RSA SecurID hardware tokens to end users. C. Software token information to end user devices. D. Configuration information to Authentication Agents. Correct Answer: C /Reference: : QUESTION 42 An On-Demand authentication involves: A. Entering two sequential RSA SecurID tokencodes. B. Manually assigning a temporary tokencode to a user. C. Sending a tokencode to a user via mobile phone SMS message or . D. Connecting an RSA SecurID token directly to the USB port of an Authentication Agent computer. Correct Answer: C /Reference: : QUESTION 43 When creating and running RSA Authentication Manager reports, the administrator has the option of. (Choose two) A. Allowing the report to run with the scope of the administrator who is running the report. B. Creating and running reports from a Replica database if the Primary instance is down. C. Using the 'rsautil' command-lineutilityto extract report data directly from the database. D. Customizing a report template by adding and removing columns and applying data filters. E. Previewing the report output before the report is run to make sure the desired data is included. D /Reference: truthfully. QUESTION 44 When using the "Resynchronize Token" function, after an administrator enters two consecutive tokencodes, the token clock time is displayed. A. False B. True /Reference: :

14 QUESTION 45 If Windows Password Integration is enabled and a Fixed Passcode is assigned to a user, it is important that the Fixed Passcode have the same number of characters as the user's Windows password. A. False B. B. True /Reference: QUESTION 46 A User Group can include which of the following as members? A. other User Groups B. user Identity Attributes C. LDAP Identity Sources D. tokens assigned to users /Reference: well answer. QUESTION 47 Of the following RSA Authentication Manager components, which one is most likely to be located in a network DMZ? A. Web Tier B. Risk Engine C. Replica Server D. Authentication Agent /Reference: : QUESTION 48 An RSA Authentication Manager is licensed for 500 users. The license must be upgraded if you want to A. Assign more than 500 tokens to individual users. B. Populate the database with more than 500 users. C. Import more than 500 token records into the database. D. Map more than 500 users from an LDAP directory source. /Reference: :

15 QUESTION 49 An Authentication Manager user can exist in only one Security Domain at any one time. A. True B. False /Reference: : QUESTION 50 Within which RSA Authentication Manager menu would you configure the number of incorrect PASSCODES that will invoke Next Tokencode Mode? A. Policies B. System Setup C. Identity Settings D. RADIUS Lockout /Reference: : QUESTION 51 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new code. B. the user continuously changes their secret PIN. C. the Node Secret is updated after each authentication. D. the Authenticaiton Manager instance clock is set to Universal Coordinated Time. /Reference: : QUESTION 52 What is the maximum number of active tokens and/or user fixed passcodes that can be assigned to a user at one time? A. one B. three C. seven D. unlimited /Reference: :

16 QUESTION 53 User authentication: A. always consists of two factors. B. requires an RSA SecurID token. C. is the same as user identification. D. can consist of one or more factors. /Reference: : QUESTION 54 Offline Authentication capability allows: A. an On-demand tokencode to be used in place of an RSA SecurID passcode B. an Authentication Agent to verify user passcodes in the event that an instance is unavailable C. a list of RSA SecurID passcodes to be stored in a text file in the event that an instance is unavailable D. user authentication with an RSA SecurID token when their computer is disconnected from a network /Reference: : QUESTION 55 The term "Secured by RSA" is most closely associated with A. An RSA token device. B. Asecure directory server. C. An Authentication Agent device. D. AManaged Security Provider company. Correct Answer: C /Reference: right choice of answer. QUESTION 56 Which one of the following statements concerning an RSA Authentication Manager Identity Source is true? A. An Identity Source can only be assigned to one user. B. An Identity Source can only be associated with one User Group. C. Multiple Identity Sources can be mapped to Authentication Manager. D. An Identity Source must include at least one external Security Domain. Correct Answer: C /Reference:

17 updated. QUESTION 57 Settings for the Lockout Policy affect which of the following? A. User attempts to log in to the Self-service console B. Administrator login to the RSA Operations Console C. User authentication attempts using an RSA SecurID token D. User login to a Windows environment with Windows Password Integration Correct Answer: C /Reference: : QUESTION 58 Allowing only certain users to authenticate on a given Authentication Agent ("Restricted" Agent) is accomplished with A. Agent APIs. B. User Policies. C. Node Secrets. D. Group Associations. /Reference: : QUESTION 59 If an administrator creates a new administrative user, A. by default, the new administrator must use a SecurID token to log in. B. the administrator creating the new user must have at least a Super Admin role. C. by default, the new user has permissions identical to the administrator creating the new user. D. permissions granted to the new user can not exceed those of the administrator creating the new user. /Reference: right answer. QUESTION 60 A user is trying to authenticate to establish a VPN connection but receives an "Access Denied" message. The most recent authentication log entry for the user shows the message: "PIN Rejected". What should the next action be? A. Clear the user's PIN. B. Resynchronize the user's token. C. Clear the VPN Agent's Node Secret. D. Instruct the user to log in using only a tokencode.

18 /Reference: : QUESTION 61 Universal Coordinated Time (UTC) is a critical component of which type of authentication method? A. Fixed Passcode B. Risk-Based Authentication C. On-Demand Authentication D. RSA SecurID hardware token /Reference: : QUESTION 62 Using the `Generate Configuration File' function of the Security Console helps to establish A. RADIUS client profiles. B. Aconnection to a Replica instance. C. Aconnection to external Identity Sources. D. Communication with Authentication Agents. /Reference: appropriate answer. QUESTION 63 An RSA Authentication Manager deployment must have at least one Authentication Agent record in the database in order to A. Add time-restricted user accounts to the database. B. Perform user authentications with an RSA SecurID token. C. Configure a Authentication Sources through the Self-Service Console. D. Establish logon policies related to Authentication Agent time restrictions. /Reference: : QUESTION 64 A user complains that they have received seven `Access Denied' messages in a row when attempting to authenticate. What would be an appropriate action to take? A. Change the token Lockout Policy B. Access the user record and unlock the user account C. Access the token record and resynchronize the token

19 D. Instruct the user to attempt to log in to the Self-Service Console /Reference: : QUESTION 65 If a user has both a Fixed Passcode and an RSA SecurID token assigned, A. the Fixed Passcode becomes the user's PIN by default. B. either the Fixed Passcode or the token may be used for authentication. C. the Fixed Passcode can only be used if the token status is set to `disabled'. D. the user must supply their secret PIN in addition to the Fixed Passcode when authenticating. /Reference: : QUESTION 66 When adding a new Authentication Agent record to the RSA Authentication Manager database, an attempt is made to resolve the hostname of the Agent Host with its IP Address. If the attempt fails, A. the administrator can override the hostname/ip Address by using the Auto-Registration option. B. the Agent is added to the database with a `Pending' status until it is first used for a successful authentication. C. a warning is given that the hostname/ip Address cannot be resolved but the database will allow the Agent to be added. D. the administrator must correct the address resolution through DNS or editing the /etc/hosts file before the Agent can be added to the database. Correct Answer: C /Reference: : QUESTION 67 The Operations Console allows administrators to modify attributes defined in RADIUS dictionary files. A. True B. False

20 /Reference: right answer. QUESTION 68 Can multiple Identity Sources be established from the same LDAP directory? A. Yes, if the mapped Organizational Units (OUs) do not overlap. B. Yes, if duplicate attribute values do not exist in the LDAP directory. C. No only one LDAP directory can be mapped to one Identity Source. D. Yes, if no duplicate passwords exist in the LDAP directory (unique password for each user). /Reference: : QUESTION 69 When assigning a user a Temporary Fixed Tokencode to replace a lost token, what is the default value for the expiration period of that Tokencode? A. 24 hours B. 5 days C. 14 days D. 30 days Correct Answer: C /Reference: : QUESTION 70 If a user is NOT a member of an Authentication Manager user group, which of the following statements is true? A. The user can not be restricted to certain login times. B. The user can not be forced to adhere to password polices. C. The user can not take advantage of Risk-Based authentication. D. The user can not log on to an unrestricted Authentication Agent. /Reference: :