Ch3 Identity and Access Management

Question 1

Authentication is

Answer 1

proving you have rights to a system

Question 2

Authorization is

Answer 2

proving which rights you have to a system

Question 3

the main 3 Authentication factors are _____ another two are ___

Answer 3

something you know, something you have, something about you; something you do and somewhere you are

Question 4

combining different types of authorization is called ____ authorization

Answer 4

multifactor

Question 5

_______ is a system where a central authority decides that since you are trusted on one system, you can be trusted on another

Answer 5

Federated Trust

Question 6

______ are things you can do that have been assigned to you

Answer 6

Permissions

Question 7

_____ are things that everyone on a system can do

Answer 7

rights and privileges

Question 8

the idea that just because you need access to data doesn’t mean you need to be able to delete it is an example of _____

Answer 8

least privilege

Question 9

having one person in charge of recording earnings and a different person in charge of payroll is an example of ____

Answer 9

separation of duties

Question 10

_____ access control might use a label, such as “top secret”

Answer 10

mandatory

Question 11

in ____ access control the owner of the data decides who has access to what

Answer 11

discretionary

Question 12

_____ access control defines access according to rules for groups of people

Answer 12

role-based (RBAC)

Question 13

____ means assuming you are not permitted to do something unless you are listed

Answer 13

implicit deny

Question 14

a good password security policy will address which 3 topics?

Answer 14

complexity, expiration and history

Question 15

in windows ___ you can set rules for passwords, logins and lockouts

Answer 15

local security policy

Question 16

windows ___ are like local security policy, but can work across an active directory in windows network server

Answer 16

group policy objects

Question 17

in Linux, use the command ___ to see the permissions for all the files in a directory

Answer 17

“ls -l”

Question 18

in Linux, permission rights for an object are shown by the three characters ___ repeated 3 times for the ___, ___ and ___ respectively

Answer 18

rwx; owner; group; everyone else

Question 19

to give full permissions in Linux to the owner, but only read permissions to groups and others, use the alphabetical command _____ or the numeric command _____

Answer 19

chmod g=r FileName; chmod 744 FileName

Question 20

to change the ownership in Linux of a file, use the command ___

Answer 20

sudo chown NewOwner FileName

Question 21

to change the password of a file in Linux, use the command ___

Answer 21

sudo passwd [and wait for prompt]

Question 22

in a Windows system, create users and groups with different permissions through the ___ system

Answer 22

Computer Management

Question 23

When you change the permissions for a file in Windows, this change is automatically applied to all files in the folder, and subfolders, this is called ___

Answer 23

inheritance

Question 24

to override security permissions inheritance for a file, use the _____

Answer 24

deny checkbox in the file properties

Question 25

security settings are lost if a file is ___ in the same drive or moved to a ___ drive

Answer 25

copied; non-NTFS

Question 26

what happens to file security permissions if you move or copy the file onto another NTFS drive?

Answer 26

the file takes on the permissions of the folder you place it into

Question 27

continually monitor ___ and ___ of users in general

Answer 27

login/logoff; file access

Question 28

if someone needs to have multiple accounts, then make sure their ___ and ___ are different, and be sure to exercise the principle of ___

Answer 28

username; passwords; least privilege

Question 29

in general, enforce non-repudiation by avoiding ___ accounts and ___ usernames

Answer 29

shared; generic

Question 30

what is the AAA of access?

Answer 30

authentication; authorization; accounting

Question 31

the ___ network security protocol was originally developed for dial-up connections, but is now used for wireless networks

Answer 31

Remote Authentication Dial-in User Service (RADIUS)

Question 32

the weakness of RADIUS authentication is that is doesn’t perform ___

Answer 32

authorization

Question 33

the user attempting to get authenticated in a RADIUS network is called the ___

Answer 33

supplicant

Question 34

RADIUS systems can use up to ___ UDP ports

Answer 34

4

Question 35

the ___ system performs both authentication and authorization for networks

Answer 35

Terminal Access Controller Access-Control System Plus (TACACS Plus)

Question 36

TACACS systems use TCP port ___

Answer 36

49

Question 37

___ is the oldest authentication system, not used anymore because is uses no encryption

Answer 37

Password Authentication Protocol (PAP)

Question 38

in a ___ authentication system, the server sends a hash of its key, the client’s key and a question to be answered

Answer 38

Challenge Handshake Authentication Protocol (CHAP)

Question 39

a windows ___ authentication system is like a CHAP system done from both sides

Answer 39

NT LAN Manager

Question 40

a ___ authentication system works with a windows domain controller between the client and server

Answer 40

Kereberos

Question 41

in a Kereberos authentication system, the domain server acts as a ___, granting tickets for access

Answer 41

Key Distribution Center (KDC)

Question 42

a Kereberos authentication system uses TCP and UDP port ___

Answer 42

88

Question 43

in a Kereberos authentication system, a ___ is used to get a session key

Answer 43

Ticket Granting Ticket (TGT)

Question 44

a ___ authentication system is used primarily for web applications, or to access devices that are physically spread out - not for file sharing

Answer 44

Security Assertion Markup Language (SAML)

Question 45

___ is not really an authentication protocol, but is used to access someone else’s directory, and uses TCP/UDP port ___

Answer 45

Lightweight Directory Access Protocol (LDAP); 389

Question 46

to establish single sign-on to a network of computers, usually you will want to use ___ even if they aren’t running Windows

Answer 46

windows active directory

Question 47

to use Windows Active Directory on a network, you must first install ___, then establish a ___

Answer 47

Windows Server; Domain

Question 48

the ___ authorization model is based on data labels

Answer 48

mandatory access control (MAC)