Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Sec+ -> 2.0 Architecture and Design (21%) > 2.4 - Summarize authentication and authorization design concepts. > Flashcards

2.4 - Summarize authentication and authorization design concepts. Flashcards

1
Q
  • Directory services
A

*
Keep all of an organization’s usernames and passwords
in a single database
– Also contains computers, printers, and other devices
*
Large distributed database
– Constantly replicated
*
All authentication requests reference this directory
– Each user only needs one set of credentials
– One username and password for all services
*
Access via Kerberos or LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Federation
A

*
Provide network access to others
– Not just employees - Partners, suppliers, customers, etc.
– Provides SSO and more
*
Third-parties can establish a federated network
– Authenticate and authorize between the
two organizations
– Login with your Facebook credentials
*
The third-parties must establish a trust relationship
– And the degree of the trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Attestation
A

*
Prove the hardware is really yours
– A system you can trust
*
Easy when it’s just your computer
– More difficult when there are 1,000
*
Remote attestation
– Device provides an operational report to a
verification server
– Encrypted and digitally signed with the TPM
– An IMEI or other unique hardware component can be
included in the report

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Time-based one- time password (TOTP)
A

*
Time-based One-Time Password algorithm
– Use a secret key and the time of day
– No incremental counter
*
Secret key is configured ahead of time
– Timestamps are synchronized via NTP
*
Timestamp usually increments every 30 seconds
– Put in your username, password, and TOTP code
*
One of the more common OTP methods
– Used by Google, Facebook, Microsoft, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • HMAC-based one-time password (HOTP)
A

*
One-time passwords
– Use them once, and never again
– Once a session, once each authentication attempt
*
HMAC-based One-Time Password algorithm
– Keyed-hash message authentication code (HMAC)
– The keys are based on a secret key and a counter
*
Token-based authentication
– The hash is different every time
*
Hardware and software tokens available
– You’ll need additional technology to make this work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Short message service (SMS)
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Token key
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Static codes
A

*
Authentication factors that don’t change
– You just have to remember
*
Personal Identification Number (PIN)
– Your secret numbers
*
Can also be alphanumeric
– A password or passphrase

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Authentication applications
A

*
Pseudo-random token generators
– A useful authentication factor
*
Carry around a physical hardware token generator
– Where are my keys again?
*
Use software-based token generator on your phone
– Powerful and convenient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Push notifications
A

*
Similar process to an SMS notification
– Authentication factor is pushed to a specialized app
– Usually on a mobile device
*
Security challenges
– Applications can be vulnerable
– Some push apps send in the clear
*
Still more secure than SMS
– Multiple factors are better than one factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  • Phone call
A

*
A voice call provides the token
– The computer is talking to you
– “Your code is 1-6-2-5-1-7.”
*
Similar disadvantages to SMS
– Phone call can be intercepted or forwarded
– Phone number can be added to another phone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Smart card authentication
A

Integrated circuit card - Contact or contactless
*
Common on credit cards - Also used for access control
*
Must have physical card to provide digital access
– A digital certificate
*
Multiple factors
– Use the card with a PIN or fingerprint

Chapple 231
Weiss 324
Gibson 41

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Fingerprint
A

Chapple
Weiss
Gibson

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Retina
A

Chapple
Weiss
Gibson

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Iris
A

Chapple
Weiss
Gibson

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Facial
A

Chapple
Weiss
Gibson

17
Q
  • Voice
A

Chapple
Weiss
Gibson

18
Q
  • Vein
A

Chapple
Weiss
Gibson

19
Q
  • Gait analysis
A
  • the way you walk
20
Q
  • Efficacy rates
21
Q
  • False acceptance
A

False acceptance rate (FAR)
– Likelihood that an unauthorized user will be accepted
– Not sensitive enough

22
Q
  • False rejection
A

False rejection rate (FRR)
– Likelihood that an authorized user will be rejected
– Too sensitive

23
Q
  • Crossover error rate
A

– Defines the overall accuracy of a biometric system

– The rate at which FAR and FRR r equal

– Adjust sensitivity to equalize both values

24
Q

AAA - (Authentication, authorization, and accounting)

A

*
Identification
– This is who you claim to be
– Usually your username
*
Authentication
– Prove you are who you say you are
– Password and other authentication factors
*
Authorization
– Based on your identification and authentication,
what access do you have?
*
Accounting
– Resources used: Login time, data sent
and received, logout time

25
Q

Cloud vs. on-premises requirements

A

*
Cloud-based security
– Third-party can manage the platform
– Centralized platform
– Automation options with API integration
– May include additional options (for a cost)
*
On-premises authentication system
– Internal monitoring and management
– Need internal expertise
– External access must be granted and managed

26
Q
  • Somewhere you are (MFA Attributes)
A

Provide a factor based on ur location
- The transaction only completes if u r in a
particular geography

IP address
– Not perfect, but can help provide more info
– Works wth IPv4, NOT so much wth IPv6

Mobile device location services
– Geolocation to a specific area
– Must be in a location that can receive GPS info/near an identified mobile/802.11 net
– Still not a perfect identifier of location

27
Q
  • Something you can do (MFA Attributes)
A

-A personal way of doing things

Handwriting analysis
– Signature comparison
– Writing technique

V similar to biometrics
– Close to something you are

28
Q
  • Something you exhibit (MFA Attributes)
A

– unique trait, personal to u
-> Gait analysis - the way you walk
->Typing analysis - the way u hit the enter key too hard

29
Q
  • Someone you know (MFA Attributes)
A

– A social factor
-> not what you know…

– Web of trust

– Digital signature

30
Q
  • Something you know (MFA Factors)
A

Password
– Secret word/phrase, string of characters
– v common auth factor

PIN
– Personal identification #
– Not typically contained anywhere on a smart card/ATM card

Pattern
– Complete a series of patterns
– Only u know the right format

31
Q
  • Something you have ( MFA Factors)
A

Smart card
– Integrates with devices
– May require a PIN

USB token
- Certificate is on the USB device

Hardware/software tokens
– Generates pseudo-random auth codes

Your phone
-SMS a code to your phone

32
Q
  • Something you are (MFA Factors)
A

Biometric authentication
– Fingerprint, iris scan, voice print

Usually stores a mathematical representation of your biometric
– ur actual fingerprint isn’t usually saved

Difficult to change
– u can change ur pswd
– u can’t change ur fingerprint

Used in very specific situations
– Not foolproof

Sec+ -> 2.0 Architecture and Design (21%) (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions