Domain 5: Identity and Access Management Flashcards
What has both a public and private key, and is usually issued by a CA in a PKI?
Digital Certificates
What is a client to a RADIUS server, and the RADIUS server provides AAA services?
Network Access Server
What uses UDP and encrypts the password only and is common in remote access systems?
RADIUS
What uses TCP and encrypts the entire session and is common in admin access to network devices?
TACACS+
What is based on RADIUS and improves many of the weaknesses of RADIUS, but is not compatible to RADIUS?
Diameter
What feature forces on authentication, confidentiality, and integrity using symmetric key encryption but does not include logging capabilities.
Kerberos
What are some common Kerberos attacks?
Replay
Pass-the-ticket
Golden ticket
Kerberoasting
What is a more granular approach to least privilege and allows temporary elevation of privilege, and is sometimes implemented through ephemeral accounts or a broker and remove access strategy?
Just-in-Time
JIT
What does FAR stand for?
False acceptance rate
What does FRR stand for?
False rejection rate
What are some common single sign on methods/standards?
SAML
SESAME
Kryptoknight
OAuth
OpenID
What is an XML-based open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider?
Security Assertion Markup Language
SAML
What is an open standard for authorization and is commonly used for user to log into third party sites like Google and Facebook without exposing their password.
OAuth 2.0
What is an open standard that provides a decentralized authentication, allowing users to log into multiple unrelated sites with one set of credentials maintained by a third-party.
OpenID
What model works where every object has an owner, and the owner can grant or deny access to any other objects?
Discretionary Access Control
DAC