ch24 questions and definitions

Question 1

The user presents credentials and requests a ticket from the key Distribution Server

Answer 1

Step 1 of Kerberos

Question 2

The KDS verifies credentials and issues a TGT

Answer 2

Step 2 of Kerberos

Question 3

The user presents a TGT and request for service to the KDS

Answer 3

Step 3 of Kerberos

Question 4

The KDS verifies authorization and issues a client-to-server ticket to the desired service

Answer 4

Step 4 of Kerberos

Question 5

The user presents a request and a client-to-server ticket to the desired service.

Answer 5

Step 5 of Kerberos

Question 6

If the client-to-server ticket is valid, service is granted to the client.

Answer 6

Step 6 of Kerberos

Question 7

A flexible EAP method that allows mutual authentication between a supplicant and a server.

Answer 7

EAP-FAST

Question 8

A open standard that provides enhanced network security by locking down the network, only allowing authenticated users to access company data, resources, and applications.

Answer 8

EAP-TLS

Question 9

Protocol that extends TLS and provides certificate-based mutual authentication of the client and network through an encrypted channel.

Answer 9

EAP-TTLS

Question 10

An access control approach in which access is mediated based on attributes associated with subjects and the objects to be accessed.

Answer 10

ABAC (Attribute Based Access Control)

Question 11

Access Control policy that is enforced over all subjects and objects in a system where the policy specifies that a subject has been granted access to information can do one or more actions.

Answer 11

DAC (Discretionary Access Control)

Question 12

Access Control that restricts the ability of a subject or initiator to access or perform some sort of operation on an object or target.

Answer 12

MAC (Mandatory Access Control)

Question 13

A strategy for managing user access on IT systems.

Answer 13

RBAC (Rule Based Access Control)

Question 14

A policy-neutral access control mechanism that restricts network access based on a person’s role within an organization.

Answer 14

RBAC (Role Based Access Control)

Question 15

Stores login credentials, including username, passwords, and addresses, for use on a local computer or on other computers in the same network server.

Answer 15

Credential Manager.

Question 16

Password management system for macOS.

Answer 16

Keychain

Question 17

An authentication standard that supports port-based authentication services between a user and an authorization device.

Answer 17

802.1x

Question 18

An authentication method in which users are asked to answer at least one secret question. Often used as a component for MFA and self-service password retrieval.

Answer 18

Knowledge-based authentication.

Question 19

Encrypted authentication scheme in which the unencrypted password is not transmitted over the network.

Answer 19

CHAP (Challenge-Handshake Authentication Protocol)

Question 20

Encrypted authentication scheme used in wide area network (WAN) communication.

Answer 20

MS-CHAP

Question 21

A simple user authentication protocol that does not encrypt the data and sends the password and username to the authentication server as plain text

Answer 21

PAP (Password Authentication Protocol)

Question 22

What is the purpose of a daemon?

Answer 22

Service process on a server.

Question 23

CHAP three-way handshake is.

Answer 23

Challenge sent to client. Client uses one-way hashing function to calculate response to send back. If match, communication continues.

Question 24

To describe what constituted a trusted computing system.

Answer 24

DOD’s orange book.

Question 25

An international standard for a secure crypto processor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.

Answer 25

TPM

Question 26

A physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, authentication, and other cryptographic functions.

Answer 26

HSM

Question 27

What is the difference between permissions and rights

Answer 27

Permissions are for files.
Rights are for actions.

Question 28

Software mechanism designed to manage the problem of users having multiple passwords for the myriad of different systems.

Answer 28

Password Vault

Question 29

Why does a password vault represent a single point of failure?

Answer 29

If an attacker gets the password key or master password, they have access to all the user’s passwords.

Question 30

An open protocol that allows secure, token-based authorization on the internet from the web, mobile, and desktop applications.

Answer 30

OAuth

Question 31

Is OAuth 2.0 backward-compatible with OAuth 1.0?

Answer 31

No it’s not backward-compatible.

Question 32

A simple identity layer on top of the OAuth protocol that allows clients of all types to request and received information about authenticated sessions and end users.

Answer 32

OpenID

Question 33

What role does NAS play in RADIUS and TACACS+?

Answer 33

Contacting the two servers and transmit the request for authentication to the server.

Question 34

What types of communications in RADIUS are subject to compromise?

Answer 34

Communications between a user and the client.

Question 35

What transport-layer protocol does RADIUS use?

Answer 35

UDP

Question 36

What port# does RADIUS use for accounting?

Answer 36

UDP Port 1813

Question 37

What port# does RADIUS use for authentication and authorization?

Answer 37

UDP Port 1812

Question 38

What types of communications in TACACS+ are subject to compromise?

Answer 38

NAS client and TACACS+ client.

Question 39

Is TACACS+ backward-compatible with previous TACACS versions?

Answer 39

No it’s not backward-compatible.

Question 40

What transport-layer protocol does TACACS+ use?

Answer 40

UDP and TCP

Question 41

What port# does TACACS+ use?

Answer 41

49

Question 42

Compare browser-based password storage and OS password vaults.

Answer 42

Browser-based is much less secured, OS based ones are more robust and have less overall risk.