Chapter 2

Question 1

What is Authentication?

Answer 1

Proving identity with credentials such as a username and password

Question 2

Acronym

AAA

Answer 2

Authentication, Authorization, Accounting

Question 3

What is authorization?

Answer 3

Providing access to resources based on a proven identity

Question 4

Accounting Methods

Answer 4

Tracking user activity and recording the activity in logs

Question 5

What are audit trails used for?

Answer 5

Security professionals use audit trails to recreate the events that preceded a security incident

Question 6

What are the FOUR factors of authentication

Answer 6

1. Something you know
2. Something you have
3. Something you are
4. Somewhere you are

Question 7

What is the least secure factor of authentication?

Answer 7

Something you know.

Knowledge can be stolen

Question 8

Give examples of common password requirements

Answer 8

• minimum password length
• password expiration

Question 9

Acronym

KBA

Answer 9

Knowledge-Based Authentication

Question 10

What are the two types of KBA and what are they used for?

Answer 10

1. Static KBA: Used to verify your identity when you forget your password(i.e. security questions)
2. Dynamic KBA: Identifies individuals without an account(uses questions generated from real-time data about the user)

Question 11

Acronym

PKI

Answer 11

Public Key Infrastructure

Question 12

What type of attacks do account lockout policies prevent?

Answer 12

Brute force and dictionary attacks

Question 13

Acronym

CAC

Answer 13

Common Access Card

Question 14

What is a security key

Answer 14

A small electronic device the size of a remote key for a car that is used to authenticate to systems

Question 15

Acronym

OTP

Answer 15

One Time Password

Question 16

Acronym

HOTP

Answer 16

HMAC-based One-Time Password

Question 17

How do Tokens using the HOTP algorithm stay in sync

Answer 17

Both the authentication server and the token use the algorithm with a shared secret key to generate the next code

Password doesn’t expire until it’s used

Question 18

Acronym

TOTP

Answer 18

Time-based One Time Password

expire after a specified period of time

Question 19

What is the strongest individual authentication factor?

Answer 19

Something you are (biometrics)

The strongest of the biometric methods are Iris and retina scans

Question 20

What is the biometric efficacy rate?

Answer 20

The performance of the system under ideal conditions

Question 21

Acronym

FAR

Answer 21

False Acceptance Rate

The percentage of times false acceptance occurs

Question 22

Acronym

FRR

Answer 22

False Rejection Rate

Question 23

What is false acceptance?

Answer 23

When a biometric system incorrectly identifies an unknown user as a registered user

Question 24

What is false rejection?

Answer 24

When a biometric system incorrectly rejects a registered user

Question 25

Acronym

CER

Answer 25

Crossover Error Rate

The point where the FAR crosses over with the FRR. A lower CER indicates that the biometric system is more accurate

Question 26

Acronym

MAC

Answer 26

1. Media Access Control
2. Mandatory Access Control

Media Access Control is related to the somewhere you are factor of authentication (think MAC address)

Question 27

Acronym

PAM

Answer 27

Privileged Access Management

Question 28

What is Account Management?

Answer 28

Creating, managing, disabling, and terminating accounts.

Question 29

What are examples of account types?

and credential policies

Answer 29

• Personnel/end-user accounts
• Administrator and root accounts: multifactor authentication
• Service accounts: password should not expire
• Device accounts

Question 30

What is the main issue with using shared accounts?

Answer 30

Shared accounts prevent effective identification, authentication, authorization and accounting

Question 31

Acronym

PAM

Answer 31

Privileged Access Management

Implements security controls over accounts with elevated privileges. i.e allowing authorized users to access the admin account without knowing the password, and logging all related activity

Question 32

Why do account polices require administrators to have two accounts?

Answer 32

To prevent privilege escalation and other attacks

Question 33

What are just-in-time permissions?

Answer 33

A concept implemented by PAM where administrators don’t have administrative privileges until they need them

Question 34

What are temporal accounts?

Answer 34

Temporary accounts with administrative privileges that are issued for a limited period of time created by PAM systems

Question 35

What is deprovisioning?

Answer 35

The process used to disable a user’s account when they leave the organization

Question 36

What are time-based logins/time-based restrictions

Answer 36

Restrictions that prevent users from logging on or accessing network resources during specific hours

Question 37

Account audit

Answer 37

identifies the privileges granted to users and compares them against what the users need

Question 38

What is privilege creep?

Answer 38

occurs when a user is granted more and more privileges due to changing job requirements but unneeded privileges are never removed

a.k.a Permission bloat

Question 39

What is attestation?

Answer 39

A formal process for reviewing user permissions

Question 40

Acronym

LDAP

Answer 40

Lightweight Directory Access Protocol

Allows users and applications to retrieve information about users from the organization’s directory

Question 41

Acronym

SAML

Answer 41

Security Assertion Markup Language

an XML based standard used to exchange authentication and authorization information between different parties. Provides SSO for web based applications

Question 42

Acronym

XML

Answer 42

Extensible Markup Language

Question 43

Acronym

IdP

Answer 43

Identity Provider

Creates, maintains, and manages identity information, authentication, and authorization for principals

Question 44

Acronym

SSO

Answer 44

Single Sign on

Question 45

What is the primary purpose of SSO

Answer 45

The identification and authentication of users

Question 46

Acronym

OAuth

Answer 46

Open standard for authorization

Question 47

What does OAuth do?

Answer 47

Allows users to grant one service access to information in another service without disclosing their login credentials

Question 48

What are the authorization models/ access control schemes?

Answer 48

• Role based access control
• Rule based access control
• Discretionary access control (DAC)
• Mandatory Access Control (MAC)
• Attribute based access control (ABAC)

Question 49

What is role based access control?

Answer 49

A control scheme that uses roles to grant access by placing users into roles based on their assigned jobs, functions, or tasks

example: group based privileges

Question 50

What is rule based access control?

Answer 50

A control scheme based on a set of approved instructions.

Some rule-BAC implementations use rules that trigger in response to an event

Question 51

Acronym and Definition

What is DAC?

Answer 51

• Discretionary Access Control
• A control scheme where every object has an owner and the owner establishes access for the objects

Significantly more flexible than the MAC scheme

Question 52

Acronym

ACL

Answer 52

Action Control List

Also DACL - Discretionary Action Control List

Question 53

Acronym (Control Schemes) and definition

What is MAC?

Answer 53

• Mandatory Access Control
• A control scheme that uses labels(sensitivity labels or security labels) to determine access.

Question 54

What is DACL

Answer 54

• Discretionary Access Control List
• Identifies who has access and what access they are granted

Question 55

Acronym and Definition

What is ABAC?

Answer 55

• Attribute-Based Access Control
• A control scheme that evaluates attributes and grants access to resources based on these attributes

Used in software defined networks

Question 56

Acronym

SDN

Answer 56

Software Defined Networks

Question 57

What are the key things you should look out for when reviewing authentication logs

Answer 57

• Account lockouts
• Concurrent session usage
• Impossible travel time
• Blocked content
• Resource consumption
• Resource inaccessibility
• Log Anomalies