Chapter 4 - Access Control, Authentication & Authorization

Question 1

What’s the concept behind “access control”?

4-131

Answer 1

Let the right ones in, keep the wrong ones out.

Question 2

Tell me the difference between identification and authentication.

4-131

Answer 2

identification - finding out who someone is

authentication - verifying the identification

Question 3

You have two or more parties authenticating each other. What is this called?

4-132

Answer 3

mutual authentication

Question 4

You have an authentication process, and in that process, two or more access methods are included. What kind of authentication system is this?

4-133

Answer 4

multifactor authentication

Question 5

Tell me the 5 “factors” you have to work with when building your authentication system.

4-131

Answer 5

something you know, have, are, or do

somewhere you are

Question 6

What does NAC stand for?

4-134

Answer 6

network access control

Question 7

True/False: Security tokens are used to identify and authenticate the user, and because of this, they are similar to certificates.

4-135

Answer 7

True

Question 8

You have a group of computer networks that all agree on standards of operation. What do you call this?

hint: Star Wars

4-135

Answer 8

a federation

Question 9

Your identity, linked with your priveleges, allows you to cross business units and business boundaries. What kind of identity is this?

4-135

Answer 9

a federated identity

Question 10

You are a user on a client PC communicating with an authentication server. Tell me the steps involved in the security token authentication.

4-136

Answer 10

server presents a challenge to the pc
pc provides a response
server sends a token device challenge
pc sends back a valid certificate
server grants authentication

Question 11

You have an Active Directory and the domains of your forest trust each other. By default, these trusts are _______ and _______.

4-136

Answer 11

two-way, transitive

Question 12

Tell me the difference between PAP and SPAP.

4-139

Answer 12

PAP sent stuff in plain text. SPAP encrypts stuff, THEN sends it.

Question 13

A protocol was designed to stop man-in-the-middle attacks. What is that protocol?

There is another protocol that uses the aforementioned protocol to provide authentication. which protocol is that?

4-139

Answer 13

CHAP

PPP

Question 14

Which protocol uses a time based factor for the creation of new passwords?

4-139

Answer 14

TOTP

Question 15

Which protocol is based on a hash message algorithm?

4-139

Answer 15

HOTP

Question 16

Tell me the lockout policies at the local level. There are three of them

4-141

Answer 16

account lockout duration
account lockout threshold
reset account lockout counter after

Question 17

Explain to me what SLIP is.

4-143

Answer 17

Serial Line Internet Protocol. It’s an older protocol, was used in early remote access situations, was not secure, and could only be used to pass TCP/IP traffic.

Question 18

Tell me 4 options that are common for remote authentication.

hint: tacks in a circle

4-143

Answer 18

TACACS, TACACS+, XTACACS, RADIUS

Question 19

We’ve talked about tunneling protocols like PPTP, L2TP and SSH. How is IPSec different from these?

4-145

Answer 19

It isn’t a tunneling protocol, but is used alongside a tunneling protocol. It is primarily used in LAN to LAN connections, but can also be used with some remote connections.

Question 20

Tell me the major difficulty with a single-server RADIUS environment.

4-145

Answer 20

If the server malfunctions, the entire network may refuse connections.

Question 21

What is SAML for?

4-147

Answer 21

authentication and authorization, based on XML

Question 22

You are using a KDC to get authentication to receive services from a server. What’s the problem with this?

4-148

Answer 22

the KDC is a single point of failure

Question 23

Tell me the 4 primary methods of access control.

4-150

Answer 23

mandatory access control - predefined
discretionary access control - some flexibility
role-based access control - user’s role dictates access capabilities
rule-based access control - limits the user to settings in preconfigured policies

Question 24

What is the SA account?

4-153

Answer 24

the system administrator

Question 25

Why would you perform an access review?

4-154

Answer 25

To determine if someone’s access level is still appropriate.

Question 26

There is a smart card used by the Department of Defense. What type of card is this?

4-155

Answer 26

Common Access Card

Question 27

You are tweaking the tolerance for unanswered login attacks on your firewall. Which feature are you adjusting?

4-158

Answer 27

the flood guard

Question 28

You want to prevent broadcast loops. Which feature will you use?

4-158

Answer 28

Loop protection

Question 29

You have a trusted operating system that meets a set of requirements for security. Whose requirements are those?

4-159

Answer 29

the government’s

Question 30

You have Evaluation Assurance Levels 1-7. Tell me very briefly about each one of them.

4-159

Answer 30

1-threats to security aren’t viewed as serious
2-good design practices for products
3-moderate levels of security
4-common benchmark for commercial security
5-high level security, security engineering has been implemented
6-specialized security engineering
7-extremely high level security

Question 31

You have a router that you need to configure securely. What three steps are you going to perform?

4-160

Answer 31

Change the default password
walk through the advanced settings
keep the firmware updated

Question 32

Tell me about LDAP and secure LDAP.

4 - 147

Answer 32

Lightweight Directory Access Protocol. standardized directory access protocol that allows queries to be made of directories and is the main protocol used by Active Directory, port 389

secure LDAP - encrypted with SSL/TLS and port 636

Question 33

In Kerberos, there are TGT and service ticket. tell me the difference.

4 - 148

Answer 33

ticket granting ticket, encrypted, time limit of 10 hours

service ticket - granted by the TGT, good for 5 minutes

Question 34

Lattice Based Control. tell me about it.

4 - 150

Answer 34

variation of MAC, involves a lattice composed of users, systems, and so forth

Question 35

what is DAC?

4 - 151

Answer 35

discretionary access control - allows users to share information dynamically with other users

Question 36

You are going to implement the best access controlling practices. what are they?

4 - 152 thru 160

Answer 36

least privelages
separation of duties
time of day restrictions
user access review
smart cards
access control lists (implicit deny, block the connection, allow the connection, allow the connection only if it is secured)
port security

Question 37

Port Security has three areas. what are they?

4 - 157

Answer 37

MAC Limiting and Filtering
802.1X
Unused Ports

Question 38

what is the most basic form of authentication?

4 - 161

Answer 38

single factor authentication