4.4

Question 1

federated single sign-on (SSO)

Answer 1

also known as Federated identity management, refers to the formation of a trusted relationship between separate entities and
third parties, such as cloud/application vendors or
partners, enabling them to share identities and authenticate users across domains and realms

Question 2

SSO allows a user to:

Answer 2

access multiple applications
using a single set of credentials

Question 3

LDAP servers are:

Answer 3

easy to install, maintain, and
optimize, but they are without solid security of the
queries, updates, and valuable information in the
LDAP directory

Question 4

Lightweight Directory access protocol (LDAP)

Answer 4

Lighter, cross platform, and standard base solution 

Question 5

security assertion markup language (SAML)

Answer 5

an XML-based open-source SSO standard

Question 6

A key advantage of SAML

Answer 6

open-source
interoperability

Question 7

Open authorization (OAuth)

Answer 7

an open authorization framework that allows a third-party application to get limited access
to an HTTP service

Question 8

Developers use OAuth to

Answer 8

publish and interact with
protected data in a safe and secure manner

Question 9

Service provider developers can use OAuth to

Answer 9

store protected data and give users secure delegated
access

Question 10

mandatory access control (MAC)

Answer 10

an access control policy that is uniformly
enforced across all subjects and objects within the
boundary of an information system.

Question 11

(MAC)
A subject that has
been granted access to information is constrained from
doing any of the following:

Answer 11

• Passing the information to unauthorized subjects or objects
• Granting its privileges to other subjects
• Changing one or more security attributes on subjects,
  objects, the information system, or system components
• Choosing the security attributes to be associated with
  newly-created or modified objects
• Changing the rules governing access control”

Question 12

A mandatory access control model uses

Answer 12

a strict set of established sensitivity levels and access controls
for integrity and confidentiality based on classifications

Question 13

Discretionary access control (DAC)

Answer 13

DAC models involve control and management by the
owner/creator of the object

DAC leaves a certain amount of access control to the
discretion of the object’s owner – or anyone else
who is authorized to control the object’s access

Question 14

The DAC policy is enforced over all entities so that a subject being granted access can:

Answer 14

• Pass the information to other subjects or objects
• Grant its privileges to other subjects
• Change security attributes on subjects, objects,
  information systems, or system components
• Choose the security attributes to be associated with
  newly-created or revised objects; or
• Change the rules governing access control

Question 15

Multi-factor authentication (MFA)

Answer 15

typically involves adding
an additional authentication mechanism to the initial origin authentication or credential
presentation

• Something you know
• Something you have
• Something you are
• Somewhere you are

Question 16

4 MFA authentications

Answer 16

• Something you know
• Something you have
• Something you are
• Somewhere you are

Question 17

Something you know

Answer 17

Password
Personal identification number
(PIN)
Secret word or phrase
Passphrase

Question 18

Something you have

Answer 18

Hard/soft authentication tokens
(YubiKey/Authy)
Badge or smart card
Security keys
X509v3 certificates

Question 19

Something you are

Answer 19

Fingerprint
Ocular biometrics
Speech patterns
Facial recognition

Question 20

Somewhere you are

Answer 20

Remote client-based and
clientless VPN
Remote Software Defined
Perimeter (SDP)
Cloud IdM managed
network
802.1x wired or wireless
network

Question 21

Fingerprint biometric

Answer 21

oldest and most common biometrics since they vary from person to person
and do not change over time

Question 22

A fingerprint scanner system has two functions

Answer 22

• Gets an image of the finger
• Determines whether the outline of ridges and valleys in the image matches the patterns in pre-scanned images

Question 23

facial recognition

Answer 23

One of the fastest growing mechanisms prepandemic

Commonly used to identify or verify an individual in still or video images

Question 24

The main applications of face recognition are

Answer 24

areas of security biometrics and human-tocomputer interaction (including robotics)

Question 25

The primary method for modeling facial images is

Answer 25

Principal Component Analysis (PCA)

Question 26

iris scan biometric

Answer 26

The iris is the thin, circular structure “color” part of
the eye and controls the diameter and size of the
pupils and therefore the amount of light reaching
the retina

Question 27

iris scanners use:

Answer 27

Iris scanners use camera technology to get images
of the intricate and detailed structures of the iris
using delicate infrared illumination

Question 28

retina scan biometrics

Answer 28

The retina is a thin tissue composed of neural cells located in the back portion of the eye

Due to the complex make-up of the capillaries, every person’s retina is distinctive

more invasive

Question 29

how are retina scanners used?

Answer 29

sends a beam of low-energy infrared light into an eye when user looks through the scanner’s
eyepiece

A beam of light traces a standardized path on the
retina and the pattern of variations are converted to
code and stored in a database

Question 30

voice recognition

Answer 30

is classified as a “behavioral biometric” which is non-invasive

Question 31

mobile biometrics (3 of them)

Answer 31

fingerprint
facial
voice, ocular and swipe patterns

Question 32

biometric measurements

Answer 32

False acceptance rate (FAR)
False rejection rate (FRR)
Crossover error rate (CER)

Question 33

False acceptance rate (FAR)

Answer 33

measures the
probability that the biometric system will incorrectly
accept an access effort by an unauthorized user

• A system’s FAR is often specified as the ratio of the
  number of false acceptances divided by the amount
  of authentication attempts

Question 34

False rejection rate (FRR)

Answer 34

the probability that
the system incorrectly rejects access to an authorized person, due to failing to match the biometric input with a template

Question 35

Crossover error rate (CER)

Answer 35

the value of FAR
and FRR when the sensitivity is setup so that FAR and FRR are the same

• This is an excellent metric for quantitative comparison of differing biometrics

Question 36

Privileged access management (PAM)

Answer 36

an identity security
initiative that helps organizations counter cyberthreats by
monitoring, detecting, and stopping unauthorized access to
critical resources

**important in zero trust

Question 37

PAM components

Answer 37

Just-in-time permissions
Password vaulting
Ephemeral credentials

Question 38

Just-in-time permissions

Answer 38

A practice where the
privilege granted to
applications or systems is
limited to predetermined
periods of time, on an asneeded basis

Minimizes the risk of
standing privileges that
attackers can easily
exploit

Question 39

Password vaulting

Answer 39

A program that securely
stores credentials for
multiple applications and
in an encrypted format

Users can access the
vault via a single
“master” password and
the vault then presents
it for the account they
need to access

Question 40

Ephemeral credentials

Answer 40

Dynamically generated
credentials that are
created when needed,
then discarded afterward

Like persistent credentials, these
credentials offer the subject a temporary token needed to gain
access