Authentication, Authorization, & Account 1.2 Flashcards

1
Q

Describe the step of IDENTIFICATION in the AAA Framework?

A
  • This is the first step.
  • The user provides information claiming to be the registered user of that system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the step of AUTHENTICATION in the AAA Framework?

A
  • Checks between your username, passwords, and other authentication factors.
  • Proves that you are who you say you are.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the purpose of the AUTHORIZATION step of the AAA Framework?

A
  • Once authentication has been completed, the next step is determine what systems the user will have access to.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the AAA Framework?

A

Refers to a system that implements the use of Authentication, Authorization, and Accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of ACCOUNTING?

A
  • Records the resources used when engaging with a system.
  • Resources used can include: Login time, data sent and received, logout time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What way can a device be authenticated to access an internal system?

A
  • External devices can use certificates which is digital signed and checked at the login process.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are some systems that can validate or authenticate an external device?

A
  • Certificates can be validated using a VPN concentrator or management software that validates the end device
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of a CERTIFICATE AUTHORITY when authenticating an external device?

A
  • A device or software that manages all the certificates within the environment.
  • Creates certificates that are digitally signed by the Certificate Authority.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the role of an AUTHORIZATION MODEL in granting an external device access?

A
  • Grants a registered user access to specific applications and systems.
  • Is placed in the middle of granting the user access to the system.
  • Authorization is granted by the user’s assigned roles, organization, or attributes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the caveats to having no AUTHORIZATION MODEL in place?

A
  • Can still grant a user specific access to certain systems, however, without this method does NOT SCALE well when granting access to a large amount of systems or data to a larger amount of users.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe the application of ABSTRACTION in the Authorization Model

A
  • Separates the users from the information they need to access.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly