Comptia+ Chapter 7

Question 1

Identity and access management (IAM)

Answer 1

Technologies that provide control over user validation and the resources that may be accessed

Question 2

Identity proofing

Answer 2

Requiring the user to provide proof that they are the unique user

Question 3

Somewhere you are

Answer 3

Authentication, based on where the user is located

Question 4

Something you are

Answer 4

An authentication method based on the features and characteristics of an individual

Question 5

Something you have

Answer 5

A type of authentication credential based on the approved user having a specific term in their possession.

Question 6

Something you know

Answer 6

Authentication based on something the user knows, but no one else knows.

Question 7

Password

Answer 7

A secret combination of letters, numbers, and/or characters that only the user should have knowledge of

Question 8

Brute force attack

Answer 8

An attack in which every possible combination of letters, numbers, and characters is combined to attempt to determine the user’s password.

Question 9

Password spraying

Answer 9

An attack that uses one or a small number of commonly used passwords when trying to log into several different user accounts.

Question 10

Hard/soft authentication tokens

Answer 10

Hardware and software-based authentication tokens.

Question 11

Multifactor authentication (MFA)

Answer 11

Using more than one type of authentication credential

Question 12

Security key

Answer 12

A dongle inserted into a USB port or lightning port or held near the device. The key contains all the necessary cryptographic information to authenticate the user

Question 13

Attestation

Answer 13

A key pair “burned” into a security key during manufacturing and is specific to a device model.

Question 14

Biometrics

Answer 14

A category of authentication credentials that rests on the features and characteristics of the individual

Question 15

Salting

Answer 15

Adding a random string to a hash algorithm for enhanced security

Question 16

Key stretching

Answer 16

A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest

Question 17

Password vaulting

Answer 17

An enterprise-level system for storing user password credentials in a highly protected database on the organization’s network

Question 18

Password manager

Answer 18

A software application or on my website that stores user passwords along with login information

Question 19

Default passwords

Answer 19

Standard preconfigured, passwords.

Question 20

Reuse

Answer 20

Using the same password on multiple accounts

Question 21

Expiration

Answer 21

The point in time when a password is no longer valid.

Question 22

Age

Answer 22

The period of time that a password must be used before a user can change it.

Question 23

Provisioning

Answer 23

Initially, setting up user accounts

Question 24

De-provisioning

Answer 24

Removing user accounts

Question 25

Complexity

Answer 25

A disadvantage of automation that introduces complications. Also, the variation of a password's composition.

Question 26

Length

Answer 26

The number of characters that make up a password.

Question 27

Interoperability

Answer 27

The ability of systems to exchange information

Question 28

Federation

Answer 28

Single sign-on for networks owned by different organizations, also called federated identity management (FIM)

Question 29

Single sign-on (SSO)

Answer 29

Using one authentication credential to access multiple accounts or applications

Question 30

Security Assertion Markup Language (SAML)

Answer 30

An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data

Question 31

Lightweight Directory Access Protocol (LDAP)

Answer 31

A protocol or communication process that enables users to access a network resource through a directory service

Question 32

OAuth (Open Authorization)

Answer 32

An open-source federation framework

Question 33

Passwordless

Answer 33

A new technique for accessing a system without using passwords.

Question 34

Least privilege

Answer 34

Granting access that is limited to what is only necessary for a user to complete their work.

Question 35

Access control

Answer 35

Granting or denying approval to use specific resources once authenticated.

Question 36

Just-in-time permissions

Answer 36

Access control permissions that are immediately elevated to higher-level permissions to perform a specific function before dropping back to normal levels.

Question 37

Time-of-day restrictions

Answer 37

Access levels that are bound to a specific window of time.

Question 38

Temporal accounts

Answer 38

One-time access to an account.

Question 39

Permission assignments and implications

Answer 39

Determining why permissions are given, to whom, and what the impact may be

Question 40

Discretionary Access Control (DAC)

Answer 40

An access control scheme that is the least restrictive, giving an owner total control over objects

Question 41

Mandatory Access Control (MAC)

Answer 41

An access control scheme that is the most restrictive by assigning users' access controls strictly according to the custodian's desires.

Question 42

Role-Based Access Control (RBAC)

Answer 42

An access control scheme that is considered a more "real-world" access control that is based on a user's job function within an organization

Question 43

Rule-Based Access Control

Answer 43

An access control scheme that can dynamically assign roles to subjects based on a set of rules defined by a custodian

Question 44

Attribute-Based Access Control (ABAC)

Answer 44

An access control scheme that uses flexible policies that can combine attributes

Question 45

Access control list (ACL)

Answer 45

A set of permission set is attached to an object

Question 46

Permissions

Answer 46

Authorizations for access control