4.2 Security Architecture and Tool Sets Flashcards
what is the top-most level of the LDAP hierarchy?
root
what is the primary function of LDAP?
lightweight directory access protocol (LDAP) controls client access to directories
what are flood guards?
devices that protect denial of service (DoS) attacks
what does the acronym RADIUS denote?
remote authentication dial-in user service
what are the two types of eye scans?
iris scans and retinal scans
which type of authentication is accomplished by authenticating both the client and server sides of a concentration through the encrypted exchange of credentials?
mutual authentication
what does the acronym TACACS denote?
terminal access controller access control system
which function does a single sign-on (SSO) system provide?
it allows a user to present authentication credentials once and gain access to all computers within the SSO system
what is the purpose of federated identity management?
it allows single sign-on (SSO) between companies
what does the acronym KDC denote?
key distribution center
which authentication protocol uses UDP: TACACS+ or RADIUS?
RADIUS
which security-server application and protocol implements authentication and authorization of users from a central server over TCP?
terminal access controller access control system plus (TACACS+)
which authentication protocol is an open standard: TACACS+ or RADIUS?
RADIUS
which authentication system includes clients, servers, and a key distribution center (KDC)?
kerberos
which authentication protocol separates authentication and authorization: TACACS+ or RADIUS?
TACACS+
which Cisco implementation is similar to a RADIUS implementation?
TACACS
what are the two components of the kerberos key distribution center?
authentication server (AS) and ticket-granting server (TGS)
which access control model is based on the data’s owner implementing and administering access control?
discretionary access control (DAC)
which eye scan measures the pattern of blood vessels at the back of the eye?
retinal scan
scanning fingerprints is an example of which authentication technique
biometrics
using role-based access control (RBAC), which entities are assigned roles?
users or subjects
which kerberos component holds all users’ and services’ cryptographic keys and generates tickets?
key distribution center (KDC)
who has the responsibility for configuring access rights in discretionary access control (DAC)?
the data owner or data custodian
what is the most important biometric system characteristic?
accuracy
which type of attack can turn a switch into a hub?
MAC flooding
what does the acronym MAC denote?
mandatory access control
which type of eye scan is considered more intrusive than other eye scans?
retinal scan
which fingerprint scan will analyze fingerprint ridge direction?
minutiae matching
why is password disclosure a significant security issue in a single sign-on network?
it could compromise the entire system because authentication grants access to any systems on the network to which the actual user may have permission
which access control model has the lowest cost?
role-based access control (RBAC)
what does the acronym SSO denote?
single sign-on
which authentication protocol encrypts the entire packet (not just the password): TACACS+ or RADIUS?
TACACS+
which authentication protocol uses tickets to authenticate users?
Kerberos
which function does RADIUS provide?
centralized authentication, authorization, and accounting for remote dial-in users
which security-server application and protocol implement authentication of users from a central server over UDP?
remote authentication dial-in user service (RADIUS)
which directory protocol does directory-enabled networking (DEN) use?
lightweight directory access protocol (LDAP)
which access control model uses security labels for each resource?
mandatory access control (MAC)
what are the two advantages of single sign-on (SSO)?
convenience and centralized administration
which access control model requires assigning security clearance levels to users, such as secret, top-secret, and confidential?
mandatory access control (MAC)
which internet protocol based on X.500 is used to access the data stored in a network directory?
lightweight directory access protocol (LDAP)
what is the purpose of RADIUS?
remote access dial-in user service (RADIUS) enables remote access users to log on to a network through a shared authentication database
which ethernet standard uses a wireless access point with a remote authentication dial-in user service (RADIUS) server to authenticate wireless users?
802.1x
which type of authentication combines two or more authentication methods, like something that a person knows (such as password), something that a person owns (such as a smart card), and a characteristic about the person (such as a fingerprint)?
multi-factor authentication
which technique is used to prevent network bridging?
network separation
on which standard is lightweight directory access protocol (LDAP) based?
X.500
