Chapter 4 - Access Control, Authentication and Authorization

Question 1

Rene

What is the mechanism of verifying that identification?

Answer 1

page 131

Authentication

Question 2

Rene

Authentication systems or methods are based on one or more of which 5 factors

Answer 2

page 131
Something you know, such as a password or PIN
Something you have, such as a smart card, token or ID device
Something you are, such as your fingerprints or retinal pattern (often called biometrics)
Something you do, such as an action you must take to complete authentication
Somewhere you are (this is based on geolocation)

Question 3

Rene

Whenever two or more parties authenticate each other, it is know as _______?

Answer 3

page 132

Mutual Authentication

Question 4

Rene

When two or more access methods are included as part of the authenticate process is known as _______?

Answer 4

page 133

Multi-factor Authentication

Question 5

Rene

A system that uses smart cards and passwords is referred to as a _________________?

Answer 5

page 133

Two-Factor Authentication

Question 6

Rene

What are similar to certificates in that they are used to identify and authenticate the user, contain the rights and access privileges to the bearer, and at the completion of a session is destroyed?

Answer 6

page 135

Token

Question 7

Rene

What is collection of computer networks that agree on standards of operation such as security standards?

Answer 7

page 135

Federations

Question 8

Rene

What the 5 Authentication Protocols?

Answer 8

page 139
PAP (Password Authentication Protocol)
SPAP (Shiva Password Authentication Protocol)
CHAP (Challenge Handshake Authentication Protocol)
TOTP (Time-Base One-Time Password)
HOTP (HMAC-Based One-Time Password)

Question 9

Rene

What must you do to configure the router securely?

Answer 9

page 160
Change the default password
Walk through the advanced settings
Keep the firmware upgraded

Question 10

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) requires product developers to use good design practices?

Answer 10

page 159

EAL 2

Question 11

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) requires conscientious development moderate levels of security?

Answer 11

Page 159

EAL 3

Question 12

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) is primarily used when the user wants assurance that the system will operate correctly but threats to security aren’t viewed as serious?

Answer 12

page 159

EAL 1

Question 13

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) requires positive security engineering based on good commercial development practices?

Answer 13

page 159

EAL 4

Question 14

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) is intended to ensure that security engineering has been implemented in a product from the early design phases.

Answer 14

page 159

EAL 5

Question 15

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) provides high level of assurance of specialized security engineering?

Answer 15

page 160

EAL 6

Question 16

Rene

In the Trusted OS which of the 7 Evaluation Assurance Levels (EAL) is intended for extreme high levels of security?

Answer 16

page 160

EAL 7

Question 17

Rene

What is Network Bridging?

Answer 17

page 158
Occurs when a device has more than one network adapter card installed and the opportunity presents itself for a user on one of the networks to which the device is attached to jump to the other.

Question 18

Rene

What are the Firewall Rules?

Answer 18

page 157
Block the connection
Allow the connection
Allow the connection only if it is secured

Question 19

Rene

Who issued the CAC?

Answer 19

page 155
The DoD (Department of Defense), issued the CAC (Common Access Card) as a general identification / authorization card for military personnel, contractors and non-DoD employee.

Question 20

Rene

What are the 4 Access Control methods?

Answer 20

page 150

• Mandatory Access Control (MAC)
• Discretionary Access Control (DAC)
• Role-Based Access Control (RBAC)
• Rule-Based Access Control (RBAC)

Question 21

Rene

What is a variation of Mandatory Access Control and it isn’t addresses separately on the Security+ exam?

Answer 21

page 150

LBAC (Lattice-Based Control)

Question 22

Rene

What is SSO?

Answer 22

page 149
Single Sign On
The purpose is to give users access to all the applications and systems they need when they logon

Question 23

Rene

What type of authentication does Kerberos use?

Answer 23

page 148
Key Distribution Center (KDC)
KDC authenticates the principle (which can be a user, program or system) and provides it with a ticket.

Question 24

Rene

What type of ticket is the user given when using Kerberos and authenticates with KDC?

Answer 24

page 148
Ticket Granting Ticket (TGT)
This ticket is encrypted and has a time limit of up to 10 hours. The ticket lists the privileges of that user (much like a token)

Question 25

Rene

What is a standardized directory access protocol that allows queries to be made of directories (specifically, pared-down X.500-based directories)?

Answer 25

page 147

Lightweight Directory Access Protocol (LDAP)