4.3 Given a scenario, implement identity and access management controls. Flashcards
Mandatory Access Control
Most restrictive Uses Labels (Secret, Top Secret, FOUO)
Discretionary access control
Owner Controls
Role-based Access control
The position/job you have determines your access on test (if you see "high turn over" answer will be role based)
Rule-based Access control
Pre-defined security rules determine access.
Physical Access control
something that physically stops you from entering a building/room/etc
Smart Cards
CAC - Government
PIV - Civilian
Biometrics
Eyeball,fingerprint
Retina Scanner
Scanns the BACK of the eye
Iris Scanner
Scans the colored part of the eye
HOTP
Will not change until someone uses it
TOTP
Changes in a time interval regardless of when you use it. usually changes every 1 minute.
IEEE 802.1x
Certificate-based authentication
If you see a question about RADIUS and one answer says 802.1X THAT is the answer,
Bitlocker
Encrypts entire harddrive, Microsoft only. only works when you reboot or turnoff your computer.
EFS
Encrypting File system - encrypts just the folders you tel it to.
What should you encrypt on a Server?
Encrypt sensitive records only not the entire database