3.8 Given a scenario, implement authentication and authorization solutions. Flashcards

1
Q

TACAS

A

Terminal Access Controller Access-Control System Plus (TACACS+) is specifically designed for network administration of routers. TACACS+ data packets are encrypted and make it easier for network admins to work with multiple routers simultaneously.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

RADIUS

A

Remote Authentication Dial Up (RADIUS) is used primarily for network access control. Although it can be used to administer network appliances, TACACS+ performs authentication, authorization, and accounting functions better.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

802.1x

A

802.1X Port-based Network Access Control (NAC) protocol provides the means of using an Extensible Authentication Protocol (EAP) method when a device connects to a switch port, wireless access point, or VPN gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

PAP

A

The Password Authentication Protocol (PAP) is an unsophisticated authentication method used as the basic authentication mechanism in HTTP. It relies on clear-text password exchange.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ABAC

A

Attribute-Based Access Control (ABAC) is the ideal choice for assigning complex rule-based privileges. ABAC makes access decisions based on subject and object attributes, as well as context-dependent and system-wide attributes, making it the most fine-tuned control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RBAC

A

Role-Based Access Control (RBAC) allocates user permissions based on roles or group memberships. This company requires more fine-grained access controls that take into account other factors, as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DAC

A

Discretionary Access Control (DAC) gives access based on a content creator or owner, who grants permissions. This type of control is flexible, yet vulnerable to an insider attack, and task-heavy for the content creator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

MAC

A

Mandatory Access Control (MAC) enforces rules based on security clearances and labels of resources, to which a user is granted “need to know” or not. This form is ideal for military units and highly secure information but is cumbersome for normal use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SAML

A

Security Association Markup Language (SAML) authorizations or tokens are written and signed with the eXtensible Markup Language (XML) signature specification; this digital signature allows the service provider to trust the identity provider.
SAML tokens are not encrypted using Public Key Infrastructure (PKI) digital signatures, but with the eXtensible Markup Language (XML) signature specification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

OIDC

A

OpenID and OpenID Connect (OIDC) are examples of user-centric identity management protocols; whereas, SAML implementations are controlled by the system, or enterprise controlled. These use JavaScript Object Notation (JSON) and JSON Web Tokens (JWT) rather than eXtensible Markup Language (XML).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

OAUTH

A

The “auth” in OAuth stands for “authorization,” not authentication. This is an easy method to distinguish between OAuth and OpenID Connect (OIDC). OAuth facilitates the transfer of information between sites with authentication delegated to the OAuth provider, not the OAuth consumer. OIDC authenticates federated applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly