4.3 Given a scenario, implement identity and access management controls. Flashcards
Mandatory Access Control
Most restrictive Uses Labels (Secret, Top Secret, FOUO)
Discretionary access control
Owner Controls
Role-based Access control
The position/job you have determines your access on test (if you see "high turn over" answer will be role based)
Rule-based Access control
Pre-defined security rules determine access.
Physical Access control
something that physically stops you from entering a building/room/etc
Smart Cards
CAC - Government
PIV - Civilian
Biometrics
Eyeball,fingerprint
Retina Scanner
Scanns the BACK of the eye
Iris Scanner
Scans the colored part of the eye
HOTP
Will not change until someone uses it
TOTP
Changes in a time interval regardless of when you use it. usually changes every 1 minute.
IEEE 802.1x
Certificate-based authentication
If you see a question about RADIUS and one answer says 802.1X THAT is the answer,
Bitlocker
Encrypts entire harddrive, Microsoft only. only works when you reboot or turnoff your computer.
EFS
Encrypting File system - encrypts just the folders you tel it to.
What should you encrypt on a Server?
Encrypt sensitive records only not the entire database
What form of authorization is based on a scheme of attributes or characteristics related to the user, the object, the system, the application, the network, the service, the time of day, or even other subjective environmental concerns?
A. RBAC
B. MAC
C. DAC
D. ABAC
D. ABAC
What type of biometric error increases as the sensitivity of the device increases? A. FAR B. FRR C. CER D. False Positive
B. FRR
Which is the strongest form of password? A. More than eight characters B. A password that is used once C. Static D. Different types of keyboard characters
B. A password that is used once
