Chapter 16: Identity and Access Fundamentals

Question 1

identification claim

Answer 1

username, account number, email address

Question 2

authentication information

Answer 2

password

Question 3

authorization

Answer 3

determines if a subject is given rights to carry out requested actions

Question 4

three main types of factors for authentication

Answer 4

something a person knows (password), something a person has (token), something a person is (fingerprint)

Question 5

two additional factors

Answer 5

somewhere a person is (geolocation), something a person does (keystroke behavior)

Question 6

salts

Answer 6

random values added to plaintext passwords prior to hashing to add complexity and randomness

Question 7

cognitive passwords

Answer 7

fact or opinion based questions, typically based on life experiences, used to verify an individual’s identity

Question 8

Type I biometric authentication error

Answer 8

a legitimate individual is denied access

Question 9

Type II error

Answer 9

an impostor granted access

Question 10

CER

Answer 10

crossover error rate

Question 11

crossover error rate of a biometric authentication system

Answer 11

the point at which the false rejection rate (Type I errors) is equal to the false acceptance rate (Type II errors)

Question 12

ownership-based authentication

Answer 12

something a person owns, such as a token device

Question 13

token device

Answer 13

password generator

Question 14

password generator

Answer 14

token device; handheld device with a display synchronized with an authentication server and displays to the user a one-time password

Question 15

OTP

Answer 15

one-time password

Question 16

synchronous token device

Answer 16

requires the device and authentication service to advance to the next OTP in sync with each other

Question 17

asynchronous token device

Answer 17

requires a challenge/response scheme to authentication the user

Question 18

memory card

Answer 18

holds information but cannot process information

Question 19

smart card

Answer 19

holds information and has the hardware and software to process that information

Question 20

password manager

Answer 20

password vault; solution to remembering a myriad of complex passwords

Question 21

JIT

Answer 21

just-in-time access

Question 22

just-in-time access

Answer 22

provisioning method which elevates users to the necessary privileged access to perform a specific task

Question 23

ASOR

Answer 23

authoritative system of record

Question 24

authoritative system of record

Answer 24

hierarchical tree-like structure system which tracks subjects and their authorization chains

Question 25

most commonly implemented directory services

Answer 25

Microsoft Windows Active Directory (AD)

Question 26

directory services

Answer 26

map resource names to their network addresses

Question 27

LDAP

Answer 27

Lightweight Directory Access Protocol

Question 28

SSO

Answer 28

single sign-on

Question 29

federated identity

Answer 29

portable identity and its associated entitlements which allow a user to be authenticated across multiple IT systems and enterprises

Question 30

IDaaS

Answer 30

Identity as a Service

Question 31

Identity as a Service

Answer 31

a type of Software as a Service (SaaS) offering which provides SSO, FIM, and password management services

Question 32

three identity management services approaches

Answer 32

on-premise, cloud-based, and hybrid

Question 33

biometrics

Answer 33

most expensive and most protection

Question 34

passwords

Answer 34

least protection, cheapest

Question 35

challenge/response protocol with token device

Answer 35

authentication service generates a challenge, smart token generates a response based on the challenge

Question 36

mutual authentication

Answer 36

user authenticates to system and system authenticates to user

Question 37

identification or authentication access control

Answer 37

biometrics

Question 38

directories used in identity management are

Answer 38

hierarchical and follow the X.500 standard

Question 39

Lightweight Directory Access Protocol

Answer 39

allows subjects and applications to interact with the directory; apps make LDAP request to the directory for information about a user, and users make LDAP requests for information about specific resources

Question 40

password synchronization

Answer 40

allows user to maintain one password across multiple systems

Question 41

biometric input for identity verification

Answer 41

app identifies points of data as match points, algorithm used to process the match points and translate it to numeric value, authentication approved or denied when the database value is compared with the end user input entered into the scanner

Question 42

FRR

Answer 42

false rejection rate; rejects authorized individual

Question 43

FAR

Answer 43

false acceptance rate; accepts impostor

Question 44

Type I error

Answer 44

FRR