4.4 Flashcards

1
Q

federated single sign-on (SSO)

A

also known as Federated identity management, refers to the formation of a trusted relationship between separate entities and
third parties, such as cloud/application vendors or
partners, enabling them to share identities and authenticate users across domains and realms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SSO allows a user to:

A

access multiple applications
using a single set of credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

LDAP servers are:

A

easy to install, maintain, and
optimize, but they are without solid security of the
queries, updates, and valuable information in the
LDAP directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Lightweight Directory access protocol (LDAP)

A

Lighter, cross platform, and standard base solution 

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

security assertion markup language (SAML)

A

an XML-based open-source SSO standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A key advantage of SAML

A

open-source
interoperability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Open authorization (OAuth)

A

an open authorization framework that allows a third-party application to get limited access
to an HTTP service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Developers use OAuth to

A

publish and interact with
protected data in a safe and secure manner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Service provider developers can use OAuth to

A

store protected data and give users secure delegated
access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

mandatory access control (MAC)

A

an access control policy that is uniformly
enforced across all subjects and objects within the
boundary of an information system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

(MAC)
A subject that has
been granted access to information is constrained from
doing any of the following:

A
  • Passing the information to unauthorized subjects or objects
  • Granting its privileges to other subjects
  • Changing one or more security attributes on subjects,
    objects, the information system, or system components
  • Choosing the security attributes to be associated with
    newly-created or modified objects
  • Changing the rules governing access control”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A mandatory access control model uses

A

a strict set of established sensitivity levels and access controls
for integrity and confidentiality based on classifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Discretionary access control (DAC)

A

DAC models involve control and management by the
owner/creator of the object

DAC leaves a certain amount of access control to the
discretion of the object’s owner – or anyone else
who is authorized to control the object’s access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The DAC policy is enforced over all entities so that a subject being granted access can:

A
  • Pass the information to other subjects or objects
  • Grant its privileges to other subjects
  • Change security attributes on subjects, objects,
    information systems, or system components
  • Choose the security attributes to be associated with
    newly-created or revised objects; or
  • Change the rules governing access control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Multi-factor authentication (MFA)

A

typically involves adding
an additional authentication mechanism to the initial origin authentication or credential
presentation

  • Something you know
  • Something you have
  • Something you are
  • Somewhere you are
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

4 MFA authentications

A
  • Something you know
  • Something you have
  • Something you are
  • Somewhere you are
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Something you know

A

Password
Personal identification number
(PIN)
Secret word or phrase
Passphrase

18
Q

Something you have

A

Hard/soft authentication tokens
(YubiKey/Authy)
Badge or smart card
Security keys
X509v3 certificates

19
Q

Something you are

A

Fingerprint
Ocular biometrics
Speech patterns
Facial recognition

20
Q

Somewhere you are

A

Remote client-based and
clientless VPN
Remote Software Defined
Perimeter (SDP)
Cloud IdM managed
network
802.1x wired or wireless
network

21
Q

Fingerprint biometric

A

oldest and most common biometrics since they vary from person to person
and do not change over time

22
Q

A fingerprint scanner system has two functions

A
  • Gets an image of the finger
  • Determines whether the outline of ridges and valleys in the image matches the patterns in pre-scanned images
23
Q

facial recognition

A

One of the fastest growing mechanisms prepandemic

Commonly used to identify or verify an individual in still or video images

24
Q

The main applications of face recognition are

A

areas of security biometrics and human-tocomputer interaction (including robotics)

25
The primary method for modeling facial images is
Principal Component Analysis (PCA)
26
iris scan biometric
The iris is the thin, circular structure "color" part of the eye and controls the diameter and size of the pupils and therefore the amount of light reaching the retina
27
iris scanners use:
Iris scanners use camera technology to get images of the intricate and detailed structures of the iris using delicate infrared illumination
28
retina scan biometrics
The retina is a thin tissue composed of neural cells located in the back portion of the eye Due to the complex make-up of the capillaries, every person's retina is distinctive more invasive
29
how are retina scanners used?
sends a beam of low-energy infrared light into an eye when user looks through the scanner's eyepiece A beam of light traces a standardized path on the retina and the pattern of variations are converted to code and stored in a database
30
voice recognition
is classified as a "behavioral biometric" which is non-invasive
31
mobile biometrics (3 of them)
fingerprint facial voice, ocular and swipe patterns
32
biometric measurements
False acceptance rate (FAR) False rejection rate (FRR) Crossover error rate (CER)
33
False acceptance rate (FAR)
measures the probability that the biometric system will incorrectly accept an access effort by an unauthorized user * A system's FAR is often specified as the ratio of the number of false acceptances divided by the amount of authentication attempts
34
False rejection rate (FRR)
the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input with a template
35
Crossover error rate (CER)
the value of FAR and FRR when the sensitivity is setup so that FAR and FRR are the same * This is an excellent metric for quantitative comparison of differing biometrics
36
Privileged access management (PAM)
an identity security initiative that helps organizations counter cyberthreats by monitoring, detecting, and stopping unauthorized access to critical resources **important in zero trust
37
PAM components
Just-in-time permissions Password vaulting Ephemeral credentials
38
Just-in-time permissions
A practice where the privilege granted to applications or systems is limited to predetermined periods of time, on an asneeded basis Minimizes the risk of standing privileges that attackers can easily exploit
39
Password vaulting
A program that securely stores credentials for multiple applications and in an encrypted format Users can access the vault via a single "master" password and the vault then presents it for the account they need to access
40
Ephemeral credentials
Dynamically generated credentials that are created when needed, then discarded afterward Like persistent credentials, these credentials offer the subject a temporary token needed to gain access