Chapter 2 - Understanding Identity & Access Management . Flashcards
________ allows entities to prove their identity by using credentials known to another entity.
Authentication
________ occurs when a user claims or processes an identity, such as with a username, an email address, a PIV card, or by using biometrics.
Identification
Authentication occurs when an entity provides proof of an identity (such as a password) (T/F) ?
True!
What is the second identity that verifies the authentication?
Authenticator
Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?
A). HOTP
B). TOTP
C). CAC
D). Kerberos
B). TOTP (a time-based one time password).
- passwords created with TOTP expired after 30 seconds.
An HMAC-based One-Time Password (HTOP) creates passwords that do not expire (T/F) ?
True!
Kerberos uses ______ instead of passwords.
Tickets
A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?
A). Shibboleth
B). SAML
C). LDAP
D). Kerberos
D). Kerberos
What is a TGT server?
Ticket-granting server. It creates tickets for authentication.
Shibboleth is a federated identity solution used in some single sign-on (SSO) solutions (T/F)?
True!
_______ methods track user activity and record the activity in logs.
Accounting
What are the 5 factors of authentication?
- something you know
- something you have
- something you are
- somewhere you are
- something you do
Which is the least secure form of authentication?
Something you know (refers to a shared secret such as a password).
Strong passwords are complex and at least ____ characters long.
14
_____-_____ password systems automate password recovery.
Self-service
Password policies provide a technical means to ensure users employ secure password practices (T/F) ?
True!
Password length specified the ______ number of _______ in the password.
- minimum
- characters
_______ _______ ensures passwords are complex and includes at least three of the four character types, such as special characters.
Password complexity
What remembers past passwords and prevents users from reusing passwords?
Password history
Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes. Which of the following is the BEST solution?
A). DAC
B). MAC
C). Role-BAC
D). ABAC
D). Attribute-based access control (ABAC)
A Mandatory Access Control (MAC) uses ____ assigned to _____ and _____ ?
- labels
- subjects
- objects
This access control model uses roles or groups to assign rights and permissions.
Role-based access control (role-BAC).
This access control model has an owner, and the owner establishes access for the objects.
Discretionary access control (DAC).
_______ password age is used with password history to prevent users from changing their password repeatedly to get back to the original password.
Minimum