501 Chapter 2

Question 1

____ proves identity with some type of credentials

Answer 1

Authentication

Question 2

AAA stands for

Answer 2

Authentication, Authorization, Accounting

Question 3

____ work together with AAA to provide CAMS

Answer 3

Identification

Question 4

CAMS stand for

Answer 4

Comprehensive Access Management System

Question 5

List five (5) authentication factors

Answer 5

Something you know, Something you are, Somewhere you are, Something you do, Something you have

Question 6

least secure of all authentication factors

Answer 6

Something you know

Question 7

credit card-sized embedded with microchip and certificate

Answer 7

smart card

Question 8

PKI stands for

Answer 8

Public Key Infrastructure

Question 9

____ holds a user’s private key

Answer 9

Embedded Certificate

Question 10

____ is a specialized type of smartcard used by the US Department of Defense

Answer 10

CAC

Question 11

CAC stands for

Answer 11

Common Access Card

Question 12

____ is a specialized type of smartcard used by the US Federal agencies

Answer 12

PIV

Question 13

PIV stands for

Answer 13

Personal Identification Verification

Question 14

sometimes called hardware tokens to differentiate them from logical or software tokens

Answer 14

fob

Question 15

includes LCD display that changes periodically every 60 secs

Answer 15

fob

Question 16

HMAC stands for

Answer 16

Hash-based Message Authentication Code

Question 17

____ is an open standard used for creating one-time passwords similar to those used in tokens and fobs

Answer 17

HOTP

Question 18

HOTP stands for

Answer 18

HMAC-based One-Time Password

Question 19

____ is similar to HOTP but it uses a timestamp instead of a counter

Answer 19

TOTP

Question 20

TOTP stands for

Answer 20

Time-based One-Time Password

Question 21

____ is a network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms

Answer 21

Kerberos

Question 22

three (3) factors for Kerberos to work

Answer 22

A method of issuing tickets, time synchronization, a database of subject or users

Question 23

KDC stands for

Answer 23

Key Distribution Center

Question 24

____ uses a complex process of issuing ticket-granting tickets (TGTs) and other tickets

Answer 24

KDC

Question 25

requires all systems to be synchronized and within 5 minutes of each other

Answer 25

time synchronization

Question 26

a suite of protocols provides authentication, integrity, confidentiality @Windows system, uses a Message Digest hashing algorithm to challenge users and check their credentials

Answer 26

NTLM

Question 27

list the three versions of NTLM

Answer 27

NTLM NTLMv2 NTLM2

Question 28

NTLM stands for

Answer 28

New Technology LAN Manager

Question 29

a simple MD4 hash of the user's password

Answer 29

NTLM

Question 30

____ has been cracked and therefore NTLM is not recommended for use

Answer 30

MD4

Question 31

challenge-response authentication protocol, | creates HMAC-MD5 hash composed of a combination of username, logon domain name, user password, current time and more

Answer 31

NTLMv2

Question 32

NTLMv2 + mutual authentication, | the client authenticates with server as well as server authenticates with the client

Answer 32

NTLM2

Question 33

____ is and extension of X.500 standard that Novell and early Microsoft exchange server used

Answer 33

LDAP

Question 34

____ uses encryption to protect LDAP transmissions

Answer 34

LDAPS

Question 35

LDAP stands for

Answer 35

Lightweight Directory Access Protocol

Question 36

LDAPS stands for

Answer 36

Lightweight Directory Access Protocol Secure

Question 37

when using LDAPS, client and server establishes a ____ session before transmission of data

Answer 37

TLS

Question 38

TLS stands for

Answer 38

Transport Layer Security

Question 39

____ refers to the ability of a user to log on or access multiple systems by providing credentials only once

Answer 39

SSO

Question 40

SSO stands for

Answer 40

Single Sign-On

Question 41

____ and ____ uses SSO capabilities

Answer 41

Kerberos and LDAP

Question 42

____ creates an indirect trust relationship

Answer 42

Transitive Trust

Question 43

____ is an XML (Extensible Markup Language) used to exchange authentication and authorization information between parties

Answer 43

SAML

Question 44

SAML stands for

Answer 44

Security Assertion Markup Language

Question 45

SAML as ____: users authenticate with one site are not required to authenticate to another

Answer 45

federated identity management system

Question 46

SAML three roles reqd:

Answer 46

principal, IdP, SP

Question 47

IdP stands for

Answer 47

Identity Provider

Question 48

SP stands for

Answer 48

Service Provider

Question 49

@SAML, ____ will authenticate a user so they can access other sites, thus Singe Sign-On is achieved

Answer 49

IdP

Question 50

@SAML, ____ is an entity that provides service to the principal

Answer 50

SP

Question 51

what is the primary purpose of SSO

Answer 51

identification and authentication of users

Question 52

____ is an open standard for authorization companies use to provide secure access to protected resources, instead of creating accounts for each web site, you can use the same account only to AUTHORIZE it to do a particular thing

Answer 52

OAuth

Question 53

has "id_token" for signing in profiles

Answer 53

OpenID Connect

Question 54

it specifies that users are only granted what they need in order to properly perform: a janitor does not need CEO privileges to perform his function

Answer 54

principle of least privilege

Question 55

four account types:

Answer 55

end-user accounts, privileged accounts, guest accounts, service accounts

Question 56

an account for regular users/standard user account

Answer 56

end-user account

Question 57

an account that has additional privileges than an end-user account

Answer 57

privileged account

Question 58

an account with limited access

Answer 58

guest account

Question 59

a regular account used by an application

Answer 59

service account

Question 60

specifies when users can log on to a computer. If a user connects the network outside the restricted time, the system denies access

Answer 60

time-of-day restrictions

Question 61

restrict access based on the location of the user

Answer 61

location-based policies

Question 62

a ____ is a collection of information that provides identity (like username) and proves the identity (like a password)

Answer 62

credential

Question 63

an access control model that uses role to manage rights and permissions for users

Answer 63

Role-based Access Control Model

Question 64

an access control model that uses rules like firewall and routers uses rules within the ACLs (Access Control Lists) is based on a set of approved instructions

Answer 64

Rule-based Access Control Model

Question 65

ACL stands for

Answer 65

Access Control List

Question 66

an access control model where files and folders are "owned" the owner, by his discretion, will establish access to these objects

Answer 66

DAC

Question 67

DAC stands for

Answer 67

Discretionary Access Control

Question 68

NTFS stands for

Answer 68

New Technology File System

Question 69

SID stands for

Answer 69

Security Identifiers

Question 70

DACL stands for

Answer 70

Discretionary Access Control List

Question 71

____ is a list of ACE

Answer 71

DACL

Question 72

ACE stands for

Answer 72

Access Control Entities

Question 73

an access control model that uses labels: sensitivity labels or security labels to determine access

Answer 73

MAC

Question 74

MAC stands for

Answer 74

Mandatory Access Control

Question 75

____ is a matrix of labels

Answer 75

Lattice

Question 76

MAC is used when access is based on

Answer 76

need to know

Question 77

ABAC stands for

Answer 77

Attribute-Based Access Control

Question 78

Many SDNs use this access control model

Answer 78

ABAC

Question 79

SDN stands for

Answer 79

Software-Defined Network

Question 80

can be any characteristics of a user

Answer 80

Attribute