Chapter 2 - Understanding Identity & Access Management .

Question 1

________ allows entities to prove their identity by using credentials known to another entity.

Answer 1

Authentication

Question 2

________ occurs when a user claims or processes an identity, such as with a username, an email address, a PIV card, or by using biometrics.

Answer 2

Identification

Question 3

Authentication occurs when an entity provides proof of an identity (such as a password) (T/F) ?

Answer 3

True!

Question 4

What is the second identity that verifies the authentication?

Answer 4

Authenticator

Question 5

Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A). HOTP
B). TOTP
C). CAC
D). Kerberos

Answer 5

B). TOTP (a time-based one time password).

• passwords created with TOTP expired after 30 seconds.

Question 6

An HMAC-based One-Time Password (HTOP) creates passwords that do not expire (T/F) ?

Answer 6

True!

Question 7

Kerberos uses ______ instead of passwords.

Answer 7

Tickets

Question 8

A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?

A). Shibboleth
B). SAML
C). LDAP
D). Kerberos

Answer 8

D). Kerberos

Question 9

What is a TGT server?

Answer 9

Ticket-granting server. It creates tickets for authentication.

Question 10

Shibboleth is a federated identity solution used in some single sign-on (SSO) solutions (T/F)?

Answer 10

True!

Question 11

_______ methods track user activity and record the activity in logs.

Answer 11

Accounting

Question 12

What are the 5 factors of authentication?

Answer 12

• something you know
• something you have
• something you are
• somewhere you are
• something you do

Question 13

Which is the least secure form of authentication?

Answer 13

Something you know (refers to a shared secret such as a password).

Question 14

Strong passwords are complex and at least ____ characters long.

Answer 14

14

Question 15

_____-_____ password systems automate password recovery.

Answer 15

Self-service

Question 16

Password policies provide a technical means to ensure users employ secure password practices (T/F) ?

Answer 16

True!

Question 17

Password length specified the ______ number of _______ in the password.

Answer 17

• minimum

- characters

Question 18

_______ _______ ensures passwords are complex and includes at least three of the four character types, such as special characters.

Answer 18

Password complexity

Question 19

What remembers past passwords and prevents users from reusing passwords?

Answer 19

Password history

Question 20

Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes. Which of the following is the BEST solution?

A). DAC
B). MAC
C). Role-BAC
D). ABAC

Answer 20

D). Attribute-based access control (ABAC)

Question 21

A Mandatory Access Control (MAC) uses ____ assigned to _____ and _____ ?

Answer 21

• labels
• subjects
• objects

Question 22

This access control model uses roles or groups to assign rights and permissions.

Answer 22

Role-based access control (role-BAC).

Question 23

This access control model has an owner, and the owner establishes access for the objects.

Answer 23

Discretionary access control (DAC).

Question 24

_______ password age is used with password history to prevent users from changing their password repeatedly to get back to the original password.

Answer 24

Minimum

Question 25

_______ password age or password expiration forces users to change their password periodically.

Answer 25

Maximum

Question 26

______ _____ are credit card-sized cards that have embedded certificates used for authentication. They require. PKI to issue certificates.

Answer 26

Smart cards

Question 27

_____ and _____ are open source standards used to create one-time use passwords.

Answer 27

HOTP and TOTP

Question 28

HOTP creates a one-time-use password that expires (T/F)?

Answer 28

False! - the passwords DO NOT expire.

Question 29

TOTP creates a one-time password that expires after ____ seconds?

Answer 29

30

Question 30

Biometric methods are the most difficult to falsify (T/F) ?

Answer 30

True!

Question 31

What do physical methods of Biometrics include?

Answer 31

- voice - facial recognition - fingerprints - retina scans - iris scans - palm scans

Question 32

What does the False Acceptance Rate (FAR) or the False Match Rate identify?

Answer 32

The percentage of times false acceptance occurs.

Question 33

False Rejection Rate (FRR) or False Nonmatch Rate, identifies what?

Answer 33

The percentage of times false rejections occur.

Question 34

What does the Crossover Error Rate (CER) indicate?

Answer 34

The quality of the biometric system. - lower CERs are better!

Question 35

Single-factor authentication includes one or more authentication methods in the same factor, such as a PIN and a password (T/F) ?

Answer 35

True!

Question 36

Dual-factor authentication uses how many factors of identification?

Answer 36

Two - such as a USB token and a PIN

Question 37

_________ authentication is stronger than any form of single-factor authentication.

Answer 37

Multifactor

Question 38

Authentication methods using two or more methods in the same factor are _____ - _____ authentication.

Answer 38

Single-factor Ex: password and a pin are both in the something you know factor, so they only provide single-factor authentication.

Question 39

What happens if a ticket-granting ticket expires?

Answer 39

The user might not be able to access resources.

Question 40

_______ specifies formats and methods to query directories. It provides a single point of management for objects, such as users and computers, in an Active Directory domain or Unix realm. (acronym)

Answer 40

LDAP

Question 41

LDAP Secure (LDAPS) encrypts transmissions with ____ or _____ . (acronym)

Answer 41

- SSL | - TLS

Question 42

_____ _____-___ allows users to authenticate with a single user account and access multiple resources on a network without authenticating again.

Answer 42

Single sign-on