050-80-CASECURID01 - RSA SecurID Certified Administrator 8.0 Exam
Go back to RSA
Dynamic Seed Provisioning allows secure distribution of:
Software token information to end user devices.
If a Super Admin administrator can view a certain set of user records in the Authentication Manager database but a Help Desk administrator can NOT view the same records,
the Help Desk administrator may not have the scope to view these users.
An RSA Authentication Manager is licensed for 500 users. The license must be upgraded if you want to
Assign more than 500 tokens to individual users.
If Windows Password Integration is enabled and a Fixed Passcode is assigned to a user, it is important that the Fixed Passcode have the same number of characters as the user's Windows password.
RSA Authentication Manager audit log records:
Can be archived using a scheduled job.
An RSA Authentication Manager deployment must have at least one Authentication Agent record in the database in order to
Perform user authentications with an RSA SecurID token.
An RSA SecurID tokencode is unique for each successful authentication because
a token periodically calculates a new code.
Which of the following can cause the error message "Node Secret Mismatch?" (Choose two)
The Agent has been uninstalled then re-installed.
The Node Secret file has been cleared or deleted on the Agent host.
A User Group can include which of the following as members?
other User Groups
The RSA Authentication Manager Report options can assist you in
Troubleshooting Authentication Agent activity.
If a user forgets his/her PIN and still has possession of his/her token, an Administrator should verify the identity of the user and then
Clear the user's old PIN.
Settings for the Lockout Policy affect which of the following?
User authentication attempts using an RSA SecurID token
When using the "Resynchronize Token" function, after an administrator enters two consecutive tokencodes, the token clock time is displayed.
The term "Silent Collection" refers to gathering information about a user's access and authentication patterns.
What are two elements are involved in Risk-Based Authentication? (Choose two)
a user's device profile
the behavior pattern of a user
An On-Demand authentication involves:
Sending a tokencode to a user via mobile phone SMS message or email.
The "Quick Search" function that allows access to a user's account, token and recent activity is a feature of
The User Dashboard.
In the case where a Microsoft Windows Authentication Agent is configured for Offline Authentication, if a user requests an Emergency Access Tokencode from the Help Desk, what must the user remember?
their secret PIN
If multiple users request On-demand Tokencodes but are not receiving them, what would be an appropriate action to take?
Verify that SMS or SMTP services are configured correctly.
If all users are denied access when they attempt to authenticate to an RSA Authentication Manager instance, the problem might be that
the Authentication Manager services are not running.
When adding a new Authentication Agent record to the RSA Authentication Manager database, an attempt is made to resolve the hostname of the Agent Host with its IP Address. If the attempt fails,
a warning is given that the hostname/IP Address cannot be resolved but the database will allow the Agent to be added.
What can cause the error message "Cannot Communicate with RSA Authentication Manager" to be displayed on the RSA Authentication Agent when the Agent is used for the first time?
The Agent has the wrong name and IP address for the Primary Instance.
If an administrator creates a new administrative user,
permissions granted to the new user can not exceed those of the administrator creating the new user.
Offline Authentication capability allows:
user authentication with an RSA SecurID token when their computer is disconnected from a network
If the option "Automatically delete replaced tokens" is selected, the token records will be deleted when
a user logs in successfully with a new assigned token.
If a user is seeking help after receiving an `Access Denied' message, which Security Console function would help locate the activity?
Three consecutive log entries for one user contain the message "Authentication Method Failed". When the user contacts the Help Desk, what administrative action would NOT be appropriate?
set the user's PIN to Next Tokencode through the Manage Tokens menu
Which one of the following statements concerning an RSA Authentication Manager Identity Source is true?
Multiple Identity Sources can be mapped to Authentication Manager.
A user is trying to authenticate to establish a VPN connection but receives an "Access Denied" message. The most recent authentication log entry for the user shows the message: "PIN Rejected". What should the next action be?
Instruct the user to log in using only a tokencode.
When assigning a user a Temporary Fixed Tokencode to replace a lost token, what is the default value for the expiration period of that Tokencode?
If the RSA Authentication Manager places a token into Next Tokencode Mode, and the user waits for three minutes (three tokencode increments) to enter his/her next tokencode, what will be the expected result?
Authentication Manager will not accept the value because it is not sequential.
An RSA Authentication Manager Enterprise license will allow which of the following to be added to a Primary instance?
multiple Replica instances
Using the `Generate Configuration File' function of the Security Console helps to establish
Communication with Authentication Agents.
When is the user PIN established?
upon the first successful authentication with the token
Which of the following services is NOT an option to users through the Self-Service Console?
Creating an individual PIN policy
When a user authenticates with a token for the first time, what does the user enter when prompted for a PASSCODE?
the tokencode on the token's display
Can multiple Identity Sources be established from the same LDAP directory?
Yes, if the mapped Organizational Units (OUs) do not overlap.
A user complains that they have received seven `Access Denied' messages in a row when attempting to authenticate. What would be an appropriate action to take?
Access the user record and unlock the user account
A feature of the RADIUS protocol is
The ability to track a user's login and logout time (RADIUS accounting).
A user has an RSA SecurID Key Fob. The Key Fob Change Interval is 60 seconds and has been used successfully in the past. If the RSA Authentication Manager is now out of synch with the token by 2 minutes, what will happen when the user tries to authenticate?
Authentication Manager will request the user for next tokencode, adjust the user's token offset value, and authenticate the user.
Universal Coordinated Time (UTC) is a critical component of which type of authentication method?
RSA SecurID hardware token
A user who is enabled for Risk-Based Authentication will likely be associated with what other authentication method?
An Authentication Manager user can exist in only one Security Domain at any one time.
The Authentication Activity Monitor is helpful in which of the following cases?
Troubleshooting authentication attempts while in direct contact with the user
Token expiration dates;
Are programmed into a token record at the time of manufacture.
If a user has both a Fixed Passcode and an RSA SecurID token assigned,
either the Fixed Passcode or the token may be used for authentication.
What action will allow an Authentication Agent to register automatically with RSA Authentication Manager?
Enable "Allow authentication agent auto-registration" in the Agent record
A "Secured by RSA Security Implementation Guide" document would assist you in
Configuring a third-party Authentication Agent.
Allowing only certain users to authenticate on a given Authentication Agent ("Restricted" Agent) is accomplished with
The Operations Console allows administrators to modify attributes defined in RADIUS dictionary files.