Ch 2. Identity and Access Management

Question 1

Accounting

Answer 1

track user activity and record the activity in logs

Question 2

What are the five authentication factors?

Answer 2

Something you… are, know, have, do; Somewhere you are

Question 3

CAC/PIV

Answer 3

Common Access Card / Personal Identity Verification

Question 4

HOTP

Answer 4

Hash Based One-Time Password; the algorithm combines a secret key and an incrementing counter, and then creates a hash; the result is then converted into a 6-8 digit value

Question 5

TOTP

Answer 5

like HTOP but a timestamp is used instead of a counter

Question 6

Multifactor-Authentication

Answer 6

uses two or more factors of authentication

Question 7

Kerberos

Answer 7

network authentication mechanism used within Windows Active Directory domains and some Unix realms; prevent man-in-the-middle attacks and uses tickets to prevent relay attacks

Question 8

Kerberos Requirements

Answer 8

method of issuing tickets used for authentication; time synchronization; database of subjects or users

Question 9

NTLM

Answer 9

New Technology LAN Manager; a suite of protocols that use a Message Digest hashing algorithm to challenge users and check their credentials

Question 10

LDAP

Answer 10

Lightweight Directory Access Protocol; specifies formats and methods to query directories

Question 11

SSO

Answer 11

Single Sign On; refers to the ability of a user to log on or access multiple systems by providing credentials only once

Question 12

Transitive Trust

Answer 12

creates an indirect relationship

Question 13

SAML

Answer 13

Security Assertion Markup Language; an XML based standard used to exchange authentication and authorization information between different parties; provides SSO for web apps

Question 14

Federation

Answer 14

uses a federated database to provide central authentication in a non-homogeneous environment; links credentials to multiple OS or networks

Question 15

Shibboleth

Answer 15

a free, open-source federated identity solution provider

Question 16

OAuth

Answer 16

an open standard for authorization many companies

Question 17

OpenID Connect

Answer 17

works with OAuth 2.0 to allow clients (web site) to verify the identity of end users without managing theit credentials

Question 18

Least Privilege

Answer 18

a technical control; specifies that individuals and processes are granted only the rights and permissions needed to perform assigned tasks or functions

Question 19

What are the four different account types?

Answer 19

End User account; Privileged accounts; Guest accounts; Service accounts

Question 20

Disablement Policy

Answer 20

specifies how to manage accounts in different situations

Question 21

Credential

Answer 21

a collection of information that provides an identity and proves that identity

Question 22

What are the five access control models?

Answer 22

Role-BAC; Rule-BAC; DAC; MAC; ABAC

Question 23

Role-BAC

Answer 23

a role-BAC models uses roles based on jobs and functions. A matrix is a planing document that matches the roles with the required privileges

Question 24

Rule-BAC

Answer 24

based on a set of approved instructions, such as an access control list.

Question 25

DAC

Answer 25

Discretionary Access Control; specifies that every object has an owner, and the owner has full, explicit control of the object. Microsoft NTFS uses the DAC model

Question 26

MAC

Answer 26

Mandatory Access Control; uses sensitivity labels for users and data. Commonly used when access needs to be restricted based on a need to know.

Question 27

ABAC

Answer 27

Attribute Based Access Control; uses attributes defined in policies to grant access to resources; commonly used in software defined networks