chapter 23 Flashcards
CAC
Common Access Cards
EXIF
Exchangeable Image File
GPO
Group Policy Objects
IdP
Identity Provider
PIV
Personal Identity Verification
SAML
Security Assertion Markup Language
XMP
Extensible Metadata Platform
What is the purpose of an SSH key?
To be used for automated processes and services.
The process of transforming a description of a location, with coordinates, address, or name of place, into a location on the Earth’s surface.
Geocoding
Location-based marketing that uses GPS, RFID, WiFi or cell data to define a virtual geographical boundary around a certain or specific area.
Geolocation
The process of appending geographic coordinates to media based on the location of a mobile device.
Geotagging
The primary advantage of using time-of-day restrictions for access.
Prevents users from logging onto an enterprise network outside of regular business hours, limiting the risk of outside cyber-attacks.
The primary disadvantage of using time-of-day restrictions for access.
Someone that needs to log into their account will have no access outside of business hours.
What is the purpose of a token?
To identify specific access rights and authentication.
What is the purpose of a digital certificate?
To verify the identity of the sender/receiver of an electronic message and provide the means to encrypt/decrypt messages between sender and receiver.
How might service accounts be used in batch operations?
To be restricted by the admin to only run at night to prevent them from being used by unauthorized personnel.
Identification used by DoD military personnel.
CAC
A smart card used for federal employees and contractors.
PIV
Used to denote a system or service that creates, maintain, and manages identity information.
IdP
What are the advantages and disadvantage of using token-based systems?
Advantage: Every token is unique so if one is removed from a system, the others won’t be affected.
Disadvantage: Since only the token is authenticated, the theft of the token can be used by anyone regardless of who holds it.
How can MFA be used to offset the disadvantage of a token-based system
By adding an extra layer of authentication security to mitigate the risk of unauthorized access.
What is the primary problem with shared/generic accounts?
The ability to easily track the activity of a user.
When might an account be automatically be locked out?
After an employee is terminated, time frame of inactivity and/or multiple attempts of failed log-ins.
Who should configure time-of-day, history and complexity account requirements?
Network administrators.
An independent verification that the policies associated with it are being followed.
Account Audits
Full control of files, directories, services and other resources. Has the most power.
Admin Account
Used for normal everyday tasks, may be limited from installing new programs.
Standard account
Limited user rights and usually used only one time.
Guest Account
Which type of account should be disabled by default?
Guest Accounts
Should both user IDs and password be unique?
Yes.
When might a network administrator disable an account?
If the user no longer uses that account, a breach of security happens, or a period of inactivity.
What are SAML, OpenID and OAuth?
Token-based authentication process protocols.
When a login occurs outside of a geological area while another ones within the enterprise follows suit.
Risky Logins
Logging into an account off site while logging into it again on site in a very short amount of time.
Impossible Travel Time
What are identity attributes?
Specific characteristics of an identity, like name, department, location, login ID, number, email address, and so on.
