Domain 5 - Identity and Access Management

Question 1

Digital Certificates

Answer 1

• may be used as an authN technique for user, service and device identities. Similar to those used to secure websites. Have both a public and private key. Usually issued by certificate authority in a PKI

Question 2

Network access server

Answer 2

• client to a RADIUS server, RADIUS server provides AAA services

Question 3

RADIUS

Answer 3

• uses UDP 1812/1813 and encrypts the password only, remote access

Question 4

TACACS+

Answer 4

uses TCP 49 and encrypts entire session, admin access to network devices

Question 5

Diameter

Answer 5

based on RADIUS and improves its weaknesses, NOT COMPATIBLE with RADIUS, used in LTE/4G networks

Question 6

Kerberos

Answer 6

• authN protocol (UDP/TCP 88) for active directory (on prem and hybrid), provides confidentiality and integrity using SYMMETRIC key encryption, does not provide logging for accountability, common attacks include replay, pass the ticket, golden ticket, and kerberoasting

Question 7

Need to know

Answer 7

• ensures subjects are only granted access to what they NEED for work tasks, subjects with clearance to access is only granted if they need to know

Question 8

Least privilege

Answer 8

• subjects are granted only the privs they NEED to perform their job functions, includes rights to take action on a system

Question 9

Separation of Duties/ responsibilities

Answer 9

• ensures that sensitive functions are split into tasks performed by 2 or more employees, helps prevent fraud and errors by adding checks and balances

Question 10

Just in Time (JIT)

Answer 10

• modern/granular approach to least privilege, allows temp elevation of privilege as its needed and revoking at the end of the window, ie priviliged identiy management (PIM)/ priviliged access management (PAM), implemented through ephemeral accounts or broker and remove access strategy

Question 11

Identification

Answer 11

• subject claims an identity ie provides a username

Question 12

Authentication

Answer 12

• subject PROVES identity ie provides a password or MFA

Question 13

Authorization

Answer 13

• after authentication, determines ACCESS based on proven identity

Question 14

Accountability

Answer 14

• auditing logs/ trails record events including identity, provides PROOF

Question 15

MFA

Answer 15

• something you know (PIN, password), something you have (trusted device), something you are (biometric), includes 2 or more authN factors, passwords are the WEAKEST form of authN,

Question 16

Smartcards

Answer 16

• include microprocessors and cryptographic certificates,

Question 17

Tokens (MFA)

Answer 17

• create one time passwords

Question 18

Biometrics (MFA)

Answer 18

• identify based on physical characteristics like fingerprints/ retina scan. Know CROSSOVER ERROR RATE and how to calculate.

Question 19

Facial recognition

Answer 19

• looks at shape of face, light and angle can affect it, windows Hello uses special infrared camera and is better than others,

Question 20

Veins (MFA biometrics)

Answer 20

• uses blood vessels in palm for authentication

Question 21

Gait analysis

Answer 21

• looks at how you walk for authN, works with low resolution

Question 22

Crossover error rate (CER) (biometrics)

Answer 22

• identifies the accuracy of biometrice method, shows where false rejection and false rates are equal, to change this you increase/decrease sensitivity of the biometric device

Question 23

FAR

Answer 23

• false acceptance rate, biometric authN, TYPE 2 ERROR

Question 24

FRR

Answer 24

• false rejection rate, biometric authN, TYPE 1 ERROR

Question 25

Single sign on (SSO)

Answer 25

• authN once and then access multiple objects with reauthentication, commons standards include: SAML, SESAME, KryptoKnight, Oauth, OpenID. KNOW SAML/ OAUTH 2.0/ OPENID

Question 26

Security Assertion Markup Language (SAML)

Answer 26

XML based open standard data format for exchanging authN and authZ data between parties, mainly between an identity provider and service provider, Used often in Active Directory Federation services

Question 27

Oauth 2.0

Answer 27

• open standard for authorization, commonly used for internet users to log into 3rd party websites using their Microsoft, Google, Facebook, etc. accounts without exposing their password

Question 28

OpenID

Answer 28

• open standard, decentralized authN, allows users to log into multiple unrelated websites with one set of creds, creds are maintained by a 3rd party service referred to as an OpenID provider

Question 29

Discretionary Access Control (DAC)

Answer 29

• EVERY OBJECT HAS AN OWNER, and the owner can grant or deny access to any other subjects ie new technology file system (NTFS)

Question 30

Role based access control

Answer 30

• uses roles or groups, instead of assigning permissions directly to users they are placed in roles and admins assign privs to the roles. Ie cloud platforms like Azure, typically maps to JOB ROLES and cloning template user accounts

Question 31

Rule based access control

Answer 31

• applies global rules to ALL SUBJECTS, rules are sometimes called restrictions or filters, ie FIREWALLS use rules that allow or block traffic to all users equally

Question 32

Attribute based access control

Answer 32

• can include multiple attributes, more flexible than rule-based that applies to all subjects equally, often used by software defined networks (SDNs)

Question 33

Mandatory access control (MAC)

Answer 33

• uses labels applied to subjects and objects, ie top secret user can access top secret document, called LATTICE BASED

Question 34

Logical/ Technical controls

Answer 34

• hardware/ software used to manage access to resources and provide protection, ie encryption, smart cards, passwords, biometrics, ACLs, protocols, firewalls, IDS

Question 35

Physical controls

Answer 35

• provide protection to facility and real world objects, ie guards, fences, motion detectors, locks, windows, lights, cable protections, swipe cards, dogs, cameras, mantraps, alarms

Question 36

Administrative controls

Answer 36

-policies and procedures defined by organization sec policy, focuses on personnel and business practices, ie policy, hiring practices, background checks, data classification, security training, vacation history, reviews, work supervision

Question 37

Preventative (sec control)

Answer 37

• stop unwanted/ unauthZ activity from occuring, ie fences, locks, biometrics, mantraps, alarms, job rotation, data classification, pentesting, ACL

Question 38

Detective Controls

Answer 38

• discover unwanted/ unauthZ activity, often after the fact NOT realtime, ie security guards, dogs, trails, IDS, honeypots, job rotation, mandatory vacation

Question 39

Corrective controls

Answer 39

• restore systems to normal after an unwanted/ unauthZ activity has occurred, ie antivirus, IDS, BCP, Sec policy

Question 40

Compensating controls

Answer 40

• provide options to other existing controls to aid in enforcement of sec policy, ie DRP with alternate office location in case building is damaged in fire

Question 41

Directive controls

Answer 41

• direct/ confine/ control actions of a subject to force/ encourage compliance with sec policy, ie guards, dogs, policy, posted notification, exit signs, supervising work tasks, awareness training

Question 42

Recovery controls

Answer 42

• repair or restore resources/ functions after a violation of sec policy, more advanced/ complex than a corrective control, ie backups/ restores, fault tolerant drives, server clustering, AV software, database shadowing

Question 43

Deterrent control

Answer 43

• discourage violation of sec policy, picks up where preventative policy leaves off, ie locks, fences, badges, guards, cameras, alarms, seperation of duties, awareness training, encyrption, auditing, firewalls

Question 44

Risk

Answer 44

• possibility that a threat can exploit a vulnerability and cause damage to assets

Question 45

Asset valuation

Answer 45

• identifies value of assets, threat modeling identifies threats against these assets

Question 46

Vulnerability analysis

Answer 46

• identifies weaknesses in an orgs valuable assets

Question 47

Dictionary attacks

Answer 47

• use all dictionary words to guess the correct password

Question 48

Brute force

Answer 48

• tries all possible strings, password complexity and length and attacker tools determine efficacy

Question 49

Spoofed logon screen

Answer 49

• fake login screen, sends username and password to attacker

Question 50

Sniffer attack

Answer 50

• aka snooping, attacker uses packet capturing tool to capture, analyze, and read data sent over a network, encrypting data in transit is going to stop this kind of attack

Question 51

Spoofing attacks

Answer 51

• attacker is pretending to be someone else, tries to obtain creds, includes email spoofing, phone number spoofing, IP spoofing

Question 52

Social engineering

Answer 52

• attempt by attacker to convince someone to provide information or perform an action they wouldn’t normally perform

Question 53

Phishing

Answer 53

• trick users into giving up personal information, clicking a malicious link, or opening a malicious attachment, #1 cyber attack in the world

Question 54

Spear phishing

Answer 54

• targets specific users

Question 55

Whaling

Answer 55

• spear phishing against execs or other high level targets

Question 56

Vishing

Answer 56

• phishing with VoIP

Question 57

Access aggregation

Answer 57

• attacker combines nonsensitive information to learn sensitive information, used in recon

Question 58

Prevention (access control attacks)

Answer 58

• long/ complex passwords and changed periodically, account lockout after X attempts, strong password policy, secure endpoints so that spoofed logon screens are not able to be implemented, phishing protections

Question 59

Tempest

Answer 59

• allows reading of monitors from a distance, effective on CRT monitors, Legacy attack, Shoulder surfing is the modern variant

Question 60

White noise

Answer 60

• broadcasting false traffic at all times to mask presence of real emanations, distracting signal

Question 61

Theft prevention

Answer 61

• RFID, barcoding, and inventory. Risk reduction around asset theft

Question 62

shadowed passwords

Answer 62

/etc/password would show an X

Question 63

synchronous token

Answer 63

ie google authenticator

Question 64

asynchronous token

Answer 64

require a challenge to be entered on the token to provide a response

Question 65

static tokens

Answer 65

physical devices that can contain creds

Question 66

federation

Answer 66

federation server processes authentication requests from users and issues security tokens

ie user logs into a third-party website by using their Gmail or AD login credentials

Question 67

enrollment

Answer 67

initial creation of user accounts