Domain 5: Identity and Access Management Flashcards
What has both a public and private key, and is usually issued by a CA in a PKI?
Digital Certificates
What is a client to a RADIUS server, and the RADIUS server provides AAA services?
Network Access Server
What uses UDP and encrypts the password only and is common in remote access systems?
RADIUS
What uses TCP and encrypts the entire session and is common in admin access to network devices?
TACACS+
What is based on RADIUS and improves many of the weaknesses of RADIUS, but is not compatible to RADIUS?
Diameter
What feature forces on authentication, confidentiality, and integrity using symmetric key encryption but does not include logging capabilities.
Kerberos
What are some common Kerberos attacks?
Replay
Pass-the-ticket
Golden ticket
Kerberoasting
What is a more granular approach to least privilege and allows temporary elevation of privilege, and is sometimes implemented through ephemeral accounts or a broker and remove access strategy?
Just-in-Time
JIT
What does FAR stand for?
False acceptance rate
What does FRR stand for?
False rejection rate
What are some common single sign on methods/standards?
SAML
SESAME
Kryptoknight
OAuth
OpenID
What is an XML-based open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider?
Security Assertion Markup Language
SAML
What is an open standard for authorization and is commonly used for user to log into third party sites like Google and Facebook without exposing their password.
OAuth 2.0
What is an open standard that provides a decentralized authentication, allowing users to log into multiple unrelated sites with one set of credentials maintained by a third-party.
OpenID
What model works where every object has an owner, and the owner can grant or deny access to any other objects?
Discretionary Access Control
DAC
What access control model uses roles or groups to assign permissions to multiple users in roles, usually mapped to job roles.
Role Based Access Control
RBAC
What access control model applies global rules that apply to all subjects and rules within the model are sometimes referred to as restrictions or filters?
Rule-based Access Control
What access control model uses rules that can include multiple attributes and allows it to be much more flexible than a rule-based access control model.
Attribute Based Access Control
What access control model uses labels applied to both subjects and objects and is referred to as a lattice-based model?
Mandatory Access Control
What are some examples of preventative controls?
Job rotation, data classification, penetration testing, and access control methods
What are some examples of detective controls?
Job rotation, mandatory vacations, audit trails, violation reports, honey pots, and incident investigations
What are some examples of corrective controls?
Intrusion detective systems, antivirus solutions, alarms, business continuity planning, security policies
What type of access control attack uses all dictionary words to find the correct password?
Dictionary Attack
What type of attack is attempting to break the password by trying all possible words?
Brute Force Attack
What attack implements a fake logon screen, and when a user attempts to login, the logon screen will send the username and password to the hacker?
Spoofed logon Screen
What type of attack is where an attacker uses a packet-capturing tool to capture, analyze, and read data sent over a network?
Sniffer Attacks
What stops sniffer attacks?
Encrypting data in transit
What attack is pretending to be something or someone else, and it is used in many types of attacks?
Spoofing Attacks
What is the best defense against social engineering?
Security Awareness Training
What attack targets specific groups of users?
Spear Phishing
What techniques can prevent access control attacks?
Ensuring passwords are long, complex, and changed periodically
Strong password policy
Enforcing account lockouts, # of logon attempts, etc
How to prevent spoofed logon screen attacks?
Secure endpoints
What attack allows the electronic emanations that every monitors produces to be read from a distance and is effective on CRT monitors?
Tempest
What attack broadcasts false traffic at all times to mask and hide the presence of real emanations?
White Noise