Chapter 13 Flashcards

1
Q

What includes knowledge based authentication and cognitive passwords that only the user will know ?

A

Identity Proofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you establish identity for a user as an HR person?

A

Through a passport, birth certificate, or driver’s license

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What provides accountability ?

A

Identification
Authentication
Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What happens after a user is identified in a system ?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens after a user is authenticated by a system?

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What happens after a user is authorized by a system ?

A

Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three primary factors of authentication ?

A

Something you know, have, and are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What identifies the accuracy of a biometric method and shows where the FRR is equal to the FAR?

A

CER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What provisions users accounts on third party sites the first time the user logs onto the site and reduces admin workload.

A

JIT Provisioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What helps prevent unauthorized access by closing unattended sessions ?

A

Session Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What helps developers easily store usernames and passwords and retrieve them when a user revisits a website.

A

Credential Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What NIST SP recommends users are only required to change their passwords if their current one is compromised ?

A

NIST SP 800-63B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What password control can prevent users from rotating between two passwords ?

A

Password History

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What control can ensure users change their passwords regularly ?

A

Password Age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is active and is always the entity that receives information about, or data from, the object.

A

Subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is always the entity that provides or hosts information or data?

A

Object

17
Q

What type of token generates and displays onetime passwords that are synchronized with an authentication server ?

A

Synchronous Tokens

18
Q

What token uses a challenge response process to generate the onetime password?

A

Asynchronous

19
Q

What does a lower CER indicate ?

A

A higher quality biometric device

20
Q

What does a higher CER indicate ?

A

A less accurate biometric device

21
Q

What is also called a Type I error and occurs when an authentication doesn’t recognize a valid subject.

A

False Rejection

22
Q

What is also called a Type II error and occurs when an authentication system incorrectly recognizes an invalid subject.

A

False Acceptance

23
Q

What are the fingerprint details/features?

A

Ridges
Bifurcations
Whorls

24
Q

What are required to support accountability ?

A

Identification
Authentication