Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified in Cybersecurity > Chapter 2: Authentication and Authorization > Flashcards

Chapter 2: Authentication and Authorization Flashcards

Understand the Security Concepts of Information Assurance

1
Q

What are the three steps to access control?

A
  • Identification
  • Authentication
  • Authorization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access Control Process

During the first step of the process, {BLANK}, an individual makes a claim about their identity.

A

Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Together, the activities performed ny an access control system are referred to as AAA, or “triple-A”.

What does the three A’s stand for?

A

Authentication, authorization, and accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Control Process

During the {BLANK} step, the individual proves thair identity to the satisfaction of the access control system.

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access Control Process

The access control system also needs to be satisifed that you are allowed to access the system. This is the third step of the process called {BLANK}.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access Control Process

In addition to indentication, authentication, and authorization, access control systems also provide an {BLANK} functioanlity that allows administrators to track user activity and reconstruct it from logs.

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the electronic world, authorization often takes the form of {BLANK} that itemize the specific file system permissions granted to an individual user or a group of users.

A

Access Control Lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The simplest and most common control on passwords is setting the {BLANK}.

A

password length

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Organizations may also set {BLANK} requirements. These requirements force users to include different types of characters in their passwords, such as uppercase and lowercase, digits, and special characters.

A

password complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

{BLANK} requiremts force users to change their passwors periodically.

A

password expiration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

{BLANK} requirements are designed to prevent users from reusing old passwords.

A

password history

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the three authentication factors?

A
  • Something you know
  • Something you are
  • Something you have
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authentication Factors

What is considersomething you know?

A

Passwords, Personal Identification Numbers (PINs), and answers to security questions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Authentication Factors

What is considersomething you are?

A

Fingerprint, eye pattern, face, or voice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

{BLANK} authentication techniques measure one of your physical characteristics.

A

Biometric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Authentication Factors

What is considersomething you have?

Requires the user to have physical possession of a device.

A
  • Smartphone running a software token application
  • Hardware authentication token key fob
  • Smart cards
17
Q

The access control process consists of three major steps. {BLANK} is when a user makes claim of identity. {BLANK} is when the user proves that identity claim. {BLANK} is when the system determines whether the user is allowed tp perform a requested action.

A

Identification; Authentication; Authorization

18
Q

{BLANK} processes create a record of who performed which actions on a system and are useful when investigating security incidents.

A

Accounting

19
Q

{BLANK} combines at least two of the thre factors: something you know, something you have, and something you are.

A

Multi-factor Authentication (MFA)

20
Q

Password {BLANK} requirements set a minimum number of characters that must be in a user’s password, whereas password {BLANK} requirements mandate the use of different character types.

A

length; complexity

21
Q

Password {BLANK} requirement prevent the reuse of old passwords, whereas password {BLANK} requirements force the periodic reset of existing passwords. Users should be permitted to reset their passwords whebevr they wish.

A

history; expiration

22
Q

Users should be encouraged not to {BLANK} passwords across multiple sites, as this increases the risk of compromise. Password {BLANK} provides a convenient tool for managing many unique, strong passwords.

A

reuse; managers

23
Q

You are considering deploying a multi-factor authentication system to protect access to your organization’s virtual private network (VPN). Which one of the following combinations of access controls would meet this requirement?

A. Password and PIN
B. Fingerprint and eye scan
C. Smart card and fingerprint
D. Key fob and smart card

A

Smart card and fingerprint

24
Q

Andy is attempting to change his password and has created the following long password:

p7djkqnr2LAD

He recieves an error message that he must use a symbol in his password. Which password policy is he failing to meet?

A. Password length
B. Password history
C. Password complexity
D. Password reuse

A

Password complexity

Certified in Cybersecurity (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions