Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA security+ 701 > Chapter4: Identity and Access Management > Flashcards

Chapter4: Identity and Access Management Flashcards

1
Q
  1. What type of access management controls are used for classified data?
A

Mandatory Access Control (MAC) is based on the classification of the data. The creator of the data, also known as the owner, is responsible for its classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is the Microsoft authentication method that uses tickets?
A

The Microsoft authentication method that uses tickets is called Kerberos; it uses updated sequence numbers and timestamps. It can prevent pass the hash and replay attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What are the three main components of identity and access management? Place them in the correct order.
A

The first stage is identification is where a username or smart card is used, followed by authentication where a password or pin is inserted, and then the authorization stage where your access to resources is determined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What are the three main components of an AAA server?
A

The three main components of an AAA solution are Authentication, Authorization, and Accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. What are the TCP-based and UDP-based AAA servers? Name three.
A

The UDP-based AAA solution is RADIUS. The two that are TCP-based are TACACS+ and DIAMETER.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What is the directory services protocol that stores objects in X500 format?
A

The directory services protocol that stores object in an X500 format is Lightweight Directory Access Protocol (LDAP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What type of access management control is used for the whole company or department?
A

Rule-based authentication can be used for the whole company or department. For example, contractors are allowed access from 9 a.m. to 5 p.m.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What type of access management control is used for a subset of a department to complete a subset of duties?
A

Role-based authentication is used for a subset of a department completing a subset of duties. For example, two people in finance control the petty cash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What type of account would someone need if they worked in finished goods?
A

Someone who works in finished goods only needs a standard user account for work purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What type of account makes it impossible to audit or log an individual user?
A

A shared account makes it impossible to audit or log to an individual user as several people could use this account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What is the most common authentication factor that is rejected if entered incorrectly?
A

The password is the most common authentication factor that is inserted incorrectly inserted; however, it is rejected by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What type of authentication model can accept the wrong information yet authenticate the user?
A

False Acceptance Rate (FAR), used in biometrics, will incorrectly accept an access attempt by unauthorized users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is inserted at the identity portion of identity access management?
A

The identity portion of access management is where either a username or smart card is inserted to identify the person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Explain why a RADIUS or TACACS+ server uses accounting.
A

RADIUS and TACACS+ are both server use accounting to track when users access and leave a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What happens at the authorization portion of identity access management?
A

The authorization phase follows identification and authentication; this is where a user’s access is determined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is inserted at the authentication portion of identity access management?
A

The authentication phase is where a password or pin is inserted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What type of identity access management control uses cookies to authenticate users?
A

Federation services use cookies to authenticate users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. When we log into a website such as Airbnb and we are asked to enter our Facebook account details for authentication, what type of authentication model are we using?
A

The protocol being used is OAuth2.0 but the authentication type is known as OpenID Connect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. When using biometric authentication, how is the crossover error rate measured?
A

Biometric authentication uses the crossover error rate to measure when the Failure Acceptance Rate is equal to the Failure Rejection Rate (FRR).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. What tools should we use to prevent someone from using CD/DVD drives as well as setting up the password policy for the whole domain?
A

Group policy can be used to prevent someone from using a CD/DVD drives as well as setting up the password policy for the whole domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. What is a third-party to third-party authentication model that uses extended attributes?
A

Federation services is a third party to third party authentication model that uses extended attributes.

21
Q
  1. What is an open source third-party to third-party authentication model that uses extended attributes?
A

Open source federation services are called Shibboleth.

22
Q
  1. What authentication protocol can be subject to a pass-the-hash attack and what two methods can be used to prevent the attack? Put them in order, with the best solution first.
A

NTLM authentication can be subjected to a pass the hash attack. The best way to prevent it to use Kerberos and the other way is to disable NTLM.

22
Q
  1. What is a third-party to third-party authentication model that uses extended attributes and connects through a WAP?
A

Federation services through a WAP are called RADIUS federation.

23
Q
  1. When we access the company network, we need to insert four sets of credentials to access resources. What type of identity and access management concept would make accessing these resources simpler?
A

Using Single Sign-On (SSO) allows you to access the systems using one set of credentials.

24
Q
  1. What type of authentication and access management concepts does gait come under?
A

Your gait is the way you walk, therefore it comes under the something you do authentication model.

25
Q
  1. What type of authentication and access management concepts does an elegant natural signature come under?
A

A natural signature comes under the something you do authentication model.

25
Q
  1. What type of authentication and access management concepts does your birth date come under?
A

You should know the birth date, therefore, it comes under the something you know authentication model.

26
Q
  1. How many authentication factors do password, pin, and birth date amount to?
A

A password, pin, and birth date are all something that you know, therefore, they are a single factor.

27
Q
  1. How many authentication factors do iris, retina, fingerprint, and palm come under?
A

An iris, retina, fingerprint, and palm are all parts of the body that come under the something you have authentication model; therefore, they are a single factor.

28
Q
  1. What type of authentication and access management concepts do a password and token fob come under?
A

A password is something that you know and a token fob is something you have; therefore, they are two factors.

29
Q
  1. What type of authentication and access management concepts do a password and TOTP come under?
A

A password is something that you know while a token fob and TOTP comes via a handheld device and is something you have; therefore, they are two factors.

30
Q
  1. What type of identity and access management biometric characteristics does a security guard possess?
A

A security guard is a deterrent who checks identity but is also a biometric scanner as they can carry out facial recognition.

31
Q
  1. What type of biometric factors will allow false information to be accepted so that someone can gain access to a system?
A

Failure Acceptance Rate will allow someone not authorized to access the systems.

32
Q
  1. What type of identity and access services replaced NTLM and prevents a pass-the-hash attack?
A

Kerberos replaced NTLM; it is more secure as the credentials are stored in an Active Directory database, and prevents a pass the hash attack.

33
Q
  1. What type of authentication has the authenticator send a challenge that is used by the person logging in to encrypt their password?
A

CHAP authentication has the authenticator send the challenge that is to encrypt the login password.

34
Q
  1. What type of authentication is used during Point to Point (PPP) authentication where the password is sent in clear text?
A

PAP is an authentication protocol where the password is sent in clear text.

35
Q
  1. What type of Microsoft authentication is seen as being mutual authentication, single sign-on, and is time-dependent?
A

Kerberos is a Microsoft authentication protocol that provides mutual authentication and single sign-on and is time-dependent. Each computer must be within 5 minutes of the domain controller’s time.

36
Q
  1. What type of authentication can be device or location-based dependent?
A

Context-aware authentication can be used for location-based authentication.

37
Q
  1. What type of authentication system is XML-based and can be used between third parties?
A

Security Assertion Markup Language (SAML) is XML-based and used with federation services.

38
Q
  1. What type of authentication system can be used between third parties using extended attributes? What are extended attributes?
A
  1. Federation services are used between third parties and extended attributes are used to form a claim. Extended attributes are unique to a user, for example, their employee ID or email address with a password.
39
Q
  1. What type of authentication system is used between third parties using extended attributes where the connection method is using a wireless connection?
A

RADIUS federation is federated services where the connection method is using wireless technology.

40
Q
  1. How can we measure that the biometric authentication system is reliable?
A

Biometric faults are measured by looking at the FAR and the FRR. On a graph, the CER is where they cross over as they are equal. A low CER indicates more reliability.

41
Q
  1. My company has decided to use shared accounts for the customer services department. What problems might this cause an auditor in relation to monitoring or auditing?
A

An auditor needs to be able to audit or monitor so that they can identify the individual who is responsible. Using shared accounts prohibits them from doing this.

42
Q
  1. Two Scottish people get into an elevator in New York that is using voice recognition technology and don’t seem to be able to get the elevator to work. What should the systems administrator have done when setting up the elevator?
A

Voice recognition technology is normally based on an American- or English-based voice, therefore, for it to be successful for a Scottish dialect it would have to be updated to accept a Scottish regional accent.

43
Q
  1. What type of user should be allocated a privileged account?
A

Administrator and service technicians would need privileged accounts to give them the privileges to perform their jobs.

44
Q
  1. What type of certificate-based authentication can only be used by military personnel?
A

The CAC card is a smart card used extensively by military personnel; in addition to being a smart card, it also has the blood group and which part of the military they belong to, for example, Army, Navy, or Air Force.

45
Q
  1. My smart card expired a month ago and a new card was issued; however, when I try to access data that I encrypted six weeks ago, I cannot access it. What actions are required to access the data?
A

You will need the old private key associated with the old public key that was used to encrypt the data in the first place.

46
Q
  1. An IT consultant is setting up a new Active Directory domain for a company that has 200 users. What is the most simplified method of setting up accounts when you do not wish to use smart cards?
A

The most simplified way to set up accounts in an Active Directory environment when smart cards are not an option is to use usernames and passwords.

47
Q
  1. When someone leaves a company, what are the responsibilities of the HR and IT teams?
A

The IT team should disable the account and reset the password and take possession of company-owned computer equipment. The HR team should be responsible for performing an exit interview to discover why they are leaving.

CompTIA security+ 701 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions