Chapter 14

Question 1

the access granted for an object that determine what you can do with it (read/edit/create/delete)

Answer 1

permissions

Question 2

the ability to take an action on an object

Answer 2

right

Question 3

a combination of rights and permissions

Answer 3

privileges

Question 4

access control model that restricts access to data based on the content within an object

Answer 4

content-dependent control

Question 5

access control model that requires specific activity before granting users access

Answer 5

context-dependent control

Question 6

subjects are granted access only to what they need to know

Answer 6

need to know

Question 7

subjects are granted only the privileges they need

Answer 7

least privilege

Question 8

access control model where every object has an owner and the owner can grant or deny access to other subjects

Answer 8

discretionary access control (DAC)

Question 9

access control model where roles or groups are used to assign permissions

Answer 9

Role-Based Access Control (RBAC)

Question 10

access control model that applies global rules to all subjects (such as a firewall)

Answer 10

Rule-Based Access Control

Question 11

access control model where rules can include multiple attributes and apply differently to different subjects

Answer 11

Attribute-Based Access Control

Question 12

access control model where labels are applied to both subjects and objects (clearances)

Answer 12

Mandatory Access Control (MAC)

Question 13

access control model that grants access after evaluating risk based on machine learning

Answer 13

Risk-Based Access control

Question 14

MAC classification where labels are ordered from low to high security

Answer 14

Hierarchical

Question 15

MAC classification where there is no relationship between security domains

Answer 15

Compartmentalized Environment

Question 16

MAC classification that combines hierarchical and compartmentalized concepts

Answer 16

hybrid environment

Question 17

this XML based standard is used to send authentication information within federated environments

Answer 17

SAML

Question 18

3 entities involved in SAML

Answer 18

principal or user agent
service provider (SP) - website
identity provider (IdP) - third party that authenticates user

Question 19

what are the three types of XML messages an IdP can send in SAML?

Answer 19

Authentication Assertion
Authorization Assertion
Attribute Assertion

Question 20

an authorization framework maintained by the IETF

Answer 20

OAuth 2.0

Question 21

Can you authenticate users with OAuth 2.0?

Answer 21

No, it is only authorization, not authentication

Question 22

this standard provides decentralized authentication and allows users to log into mulptiple websites with one set of credentials by providing a URI.

Answer 22

OpenID

Question 23

an authentication layer using the OAuth 2.0 framework - provides both authentication and authorization

Answer 23

OpenID Connect (OIDC)

Question 24

what does RFC 6749 describe?

Answer 24

OAuth 2.0

Question 25

which auth framework exchanges information using APIs?

Answer 25

OAuth

Question 26

which auth framework uses a JSON Web Token?

Answer 26

OIDC

Question 27

AAA protocol that uses ticket authentication

Answer 27

Kerberos

Question 28

what is the primary purpose of Kerberos

Answer 28

authentication

Question 29

what Kerberos element is the trusted third party that provides authentication services?

Answer 29

Key Distribution Center

Question 30

what Kerberos element hosts the functions of a ticket-granting service (TGS) and an Authentication Service (AS)?

Answer 30

Kerberos Authentication Server

Question 31

what kerberos element is an encrypted message that provides proof that a subject is authorized?

Answer 31

Ticket

Question 32

what Kerberos element provides proof that a subject has authenticated through a KDC, and includes a symmetric key, and expiration time, and the user’s IP address?

Answer 32

TGT Ticket-Granting Ticket

Question 33

What Kerberos element receives the tickets (usually a user)

Answer 33

Kerberos Principal

Question 34

what encryption standard does Kerberos use?

Answer 34

AES

Question 35

This remote authentication service uses UDP and only encrypts the password’s exchange by default

Answer 35

RADIUS

Question 36

how can RADIUS encrypt the entire session?

Answer 36

Using TLS over TCP with RADIUS/TLS

Question 37

this Cisco authentication service uses separate processes for authentication, authorization, and accounting

Answer 37

TACACS+

Question 38

what does TACACS+ encrypt

Answer 38

all of the authentication information

Question 39

an attacker steals credentials and can login as the user

Answer 39

impersonation attack

Question 40

when an attacker sends a captured hash of a password to an authenticating service

Answer 40

pass-the-hash

Question 41

Kerberos attacks

Answer 41

Overpass the Hash
Pass the Ticket
Silver Ticket
Golden Ticket
Kerberos Brute-Force
ASREPRoast
Kerberoasting