Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 5 - Identity and Access Management > Flashcards

Domain 5 - Identity and Access Management Flashcards

1
Q

Type 3 Authentication Method

A

Something you are

  • Enrollment in biometric system should take 2 minutes or less
  • Throughput of biometric system should take 6-10 seconds or less
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

FRR

A

False Reject Rate

Type 1 Error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Type 1 Error

A

False Reject Rate, FRR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FAR

A

False Accept Rate

Type 2 Error

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Type 2 Error

A

False Accept Rate, FAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CER

A

Crossover Error Rate

- The point where the FRR and FAR are equal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fingerprint Scans

A
  • Data is called ‘finger print minutiae’

- Includes whorls, ridges, bifurcation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Retina Scan

A
  • Laser scan of the capillaries that feed the retina of the back of the eye
  • Laser must actually enter the eye
  • PRIVACY CONCERNS
    • Exchange of bodily fluid
    • Can determine health information (pregnancy, diabetes, etc)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Iris Scan

A
  • Passive biometric control
  • Camera takes a picture of the iris, authentication system compares the photo when authenticating
  • Works through contact lenses/glasses
  • High accuracy
  • No exchange of bodily fluids
  • Iris pattern is LIFE-LONG and never changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Hand Geometry (authentication)

A
  • Measures specific points taken on the subject’s hands

- Takes up very little space to store in database (~9 bytes per entry)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Type 1 Authentication Method

A

Something you know

- Passwords, passphases, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Type 2 Authentication Method

A

Something you have

- Synchronous/asynchronous token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Synchronous Dynamic Token

A
  • Displays dynamic tokens on set time intervals

- Synchronized with a central server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Asynchronous Dynamic Token

A
  • Not synchronized with a central server

- Smart cards, etc…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Centralized Access Control

A
  • One logical access control database
  • Can be used to provide SSO
  • Centrally provided AAA
  • Systems authenticate via third-party auth servers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Decentralized Access Control

A
  • Allows IT administration to occur closer to the mission/ops of the organization
  • Useful when organization spans multiple locations
  • Local sites support and maintain independent systems, access control databases, and data
  • Also called DISTRIBUTED ACCESS CONTROL
17
Q

KERBEROS (components)

A
  • Principal
  • Realm
  • Ticket
  • Credentials
  • KDC (key distribution center)
  • TGS (ticket granting server)
  • TGT (ticket granting ticket)
  • C/S (client/server)
18
Q

KERBEROS strengths

A
  • Mutual authentication of client/server
  • Mitigates replay attacks via the use of TIMESTAMPS
  • Stateless (credentials issued by KDC or TGS are good for the credential’s lifetime)
19
Q

KERBEROS weaknesses

A
  • KDC stores the keys of ALL principals
  • KDC and TGS are single points of failure
  • In KERBEROS 4, any user may request a session key for another user
  • Plaintexts still exist on the local host
20
Q

SESAME

A

Secure European System for Applications in a Multi-vendor Environment

  • SSO system that supports heterogeneous environments
  • A “sequel” to KERBEROS
  • Adds PKI
  • Uses PACs in place of tickets
21
Q

PAP

A

Password Authentication Protocol

  • RFC 1334
  • NOT a strong authentication method
  • Clear-text
  • Vulnerable to sniffing
22
Q

CHAP

A

Challenge Handshake Authentication Protocol

  • RFC 1994
  • Provides protection against PLAYBACK attacks
  • Uses a central location that challenges remote users
  • Depends on a “secret” known only to the authenticator and the peer
23
Q

Discretionary Access Control

A
  • Subjects have FULL CONTROL of objects they have created or been given access to, including SHARING the objects with other subjects
  • Subjects are empowered and control their data
  • UNIX/Windows use DAC for their file systems
    • Subjects grant other subjects access to their files, change their attributes, alter them, delete them, etc
24
Q

Mandatory Access Control

A
  • CONFIDENTIALITY
  • Bell-LaPadula
  • Difficult and expensive to implement
  • System-enforced access control based on a subject’s CLEARANCE level and an object’s label
  • Subjects and objects have CLEARANCES and LABELS (top secret, secret, confidential, etc)
  • Subject may access an object ONLY if the subject’s clearance level is equal to or greater than the object’s label
25
Q

Non-Discretionary Access Control

A
  • RBAC

- Access based on the ROLE of a subject

CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions