Chapter 2 - Understanding Identity & Access Management . Flashcards
________ allows entities to prove their identity by using credentials known to another entity.
Authentication
________ occurs when a user claims or processes an identity, such as with a username, an email address, a PIV card, or by using biometrics.
Identification
Authentication occurs when an entity provides proof of an identity (such as a password) (T/F) ?
True!
What is the second identity that verifies the authentication?
Authenticator
Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?
A). HOTP
B). TOTP
C). CAC
D). Kerberos
B). TOTP (a time-based one time password).
- passwords created with TOTP expired after 30 seconds.
An HMAC-based One-Time Password (HTOP) creates passwords that do not expire (T/F) ?
True!
Kerberos uses ______ instead of passwords.
Tickets
A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?
A). Shibboleth
B). SAML
C). LDAP
D). Kerberos
D). Kerberos
What is a TGT server?
Ticket-granting server. It creates tickets for authentication.
Shibboleth is a federated identity solution used in some single sign-on (SSO) solutions (T/F)?
True!
_______ methods track user activity and record the activity in logs.
Accounting
What are the 5 factors of authentication?
- something you know
- something you have
- something you are
- somewhere you are
- something you do
Which is the least secure form of authentication?
Something you know (refers to a shared secret such as a password).
Strong passwords are complex and at least ____ characters long.
14
_____-_____ password systems automate password recovery.
Self-service
Password policies provide a technical means to ensure users employ secure password practices (T/F) ?
True!
Password length specified the ______ number of _______ in the password.
- minimum
- characters
_______ _______ ensures passwords are complex and includes at least three of the four character types, such as special characters.
Password complexity
What remembers past passwords and prevents users from reusing passwords?
Password history
Your organization is implementing an SDN. Management wants to use an access control model that controls access based on attributes. Which of the following is the BEST solution?
A). DAC
B). MAC
C). Role-BAC
D). ABAC
D). Attribute-based access control (ABAC)
A Mandatory Access Control (MAC) uses ____ assigned to _____ and _____ ?
- labels
- subjects
- objects
This access control model uses roles or groups to assign rights and permissions.
Role-based access control (role-BAC).
This access control model has an owner, and the owner establishes access for the objects.
Discretionary access control (DAC).
_______ password age is used with password history to prevent users from changing their password repeatedly to get back to the original password.
Minimum
_______ password age or password expiration forces users to change their password periodically.
Maximum
______ _____ are credit card-sized cards that have embedded certificates used for authentication. They require. PKI to issue certificates.
Smart cards
_____ and _____ are open source standards used to create one-time use passwords.
HOTP and TOTP
HOTP creates a one-time-use password that expires (T/F)?
False!
- the passwords DO NOT expire.
TOTP creates a one-time password that expires after ____ seconds?
30
Biometric methods are the most difficult to falsify (T/F) ?
True!
What do physical methods of Biometrics include?
- voice
- facial recognition
- fingerprints
- retina scans
- iris scans
- palm scans
What does the False Acceptance Rate (FAR) or the False Match Rate identify?
The percentage of times false acceptance occurs.
False Rejection Rate (FRR) or False Nonmatch Rate, identifies what?
The percentage of times false rejections occur.
What does the Crossover Error Rate (CER) indicate?
The quality of the biometric system.
- lower CERs are better!
Single-factor authentication includes one or more authentication methods in the same factor, such as a PIN and a password (T/F) ?
True!
Dual-factor authentication uses how many factors of identification?
Two
- such as a USB token and a PIN
_________ authentication is stronger than any form of single-factor authentication.
Multifactor
Authentication methods using two or more methods in the same factor are _____ - _____ authentication.
Single-factor
Ex: password and a pin are both in the something you know factor, so they only provide single-factor authentication.
What happens if a ticket-granting ticket expires?
The user might not be able to access resources.
_______ specifies formats and methods to query directories. It provides a single point of management for objects, such as users and computers, in an Active Directory domain or Unix realm.
(acronym)
LDAP
LDAP Secure (LDAPS) encrypts transmissions with ____ or _____ .
(acronym)
- SSL
- TLS
_____ _____-___ allows users to authenticate with a single user account and access multiple resources on a network without authenticating again.
Single sign-on
