3.8

Question 1

What are password keys

Answer 1

Hardware-based authentication

Helps prevent unauthorized logins and account takeovers

Question 2

Password vaults

Answer 2

Password managers create unique passwords and store them. All the credentials are encrypted.

Question 3

A specification for cryptographic functions. Has a cryptographic processor and comes with unique keys burned in during production of the product.

Answer 3

TPM

Question 4

What is a hardware security module (HSM)

Answer 4

High end cryptographic hardware that can be a plug in card or separate hardware device
Key backup
Has Cryptographic accelerators
Used in large environments

Question 5

What uses personal knowledge as an authentication factor

Answer 5

Knowledge-based authentication (KBA)

Question 6

Differences between Static KBA and Dynamic KBA

Answer 6

Static KBA
-PRe-configured shared secrets
Dynamic KBA
- Questions are based on an identity verification service

Question 7

A basic authentication method that is used in legacy systems.

Answer 7

Password Authentication Protocol (PAP)

Question 8

Is an encrypted challenge sent over the network

Answer 8

Challenge-Handshake Authentication Protocol

Question 9

Describe the three way handshake that takes place in CHAP

Answer 9

• After link is established, server sends a challenge
• Client responds with a password hash calculated from the challenge and the password
• Server compares received hash with stored hash

Question 10

What is MS-Chap

Answer 10

Microsoft’s implementation of CHAP

Used commonly on Microsoft’s Point-to-Point Tunneling Protocol (PPTP)

Question 11

What is one of the most common AAA protocols that is centralized authentication for users

Answer 11

RADIUS

Remote Authentication Dial-in User Service

Question 12

What provides a remote authentication protocol and is created to control access to dial-uplines to ARPANET

Answer 12

TACACS

Question 13

What is the difference between XTACACS and TACACS+

Answer 13

XTACS
- is a Cisco created version of TACACS (proprietary)
TACACS+
- has more authentication requests and response codes (open source)

Question 14

This network authentication protocol only needs to be authenticated one time. Also includes mutual authentication between the server and the client

Answer 14

Kerberos

Question 15

This is a port based Network Access Control (NAC). Prevents access tot the network until the authentication succeeds.

Answer 15

IEEE 802.1X

Question 16

True or False does EAP integrate with 802.1X

Answer 16

True

Question 17

What are some examples of databases 802.1X is used in conjunction with

Answer 17

RADIUS, LDAP, TACACS+

Question 18

What does federation do

Answer 18

Provides network access by the use of a third party to authenticate and authorize between two organizations

Question 19

Secuirty Assertion Markup (SAML)

Answer 19

Open standard for authentication and authorization. Not originally designed for mobile apps

Question 20

This is an Authorization framework that will determine what resources a user will be able to access but is not an authentication protocol

Answer 20

OAuth

Question 21

Name the two aspects of Access control and what do they do

Answer 21

Authorization
- The process of ensuring authorized rights are exercised 
User received rights 
- based on access control models 
- The correct business needs

Question 22

What is Mandatory Access Control

Answer 22

Operating system limits the operation on an object

Question 23

True or False Discretionary Access Control is an access control that grants or restricts access via an access policy determined by an object’s owner group

Answer 23

True

Question 24

This Access control is based on the role you have in your corporation

Answer 24

Role-based access control (RBAC)

Question 25

Attribute-based access control (ABAC)

Answer 25

Access control that considers many parameters such as: Resource information, IP address, Roll in the company, and etc.

Question 26

True or False Rule based access control is determined by users. Also is the rule associated with the object? Lastly is there any conditions associated besides who you know?

Answer 26

False Rule-based control is determined by system administrators. Yes and Yes

Question 27

Name some attributes for the File system security

Answer 27

File system handles encryption and decryption. Can access information via: Access control list, Group/user rights and permissions, can be centrally administered and/ or users can manage files they own