Domain 5 part 2

Question 1

Occurs as individuals users gain more access to more systems. Can happen intentionally (SSO) and unintentionally (because users often gain new entitlements (access rights)as they take on roles or duties.

Answer 1

Access aggregation

Question 2

Users gain more entitlements without shedding the old ones

Answer 2

Authorization creeping

Question 3

Need to share common information Also refers to the policies, processes, and tech that establish user identities and enforce rules about access to digital resources.

Answer 3

Federated Identity Management

Question 4

Contains a sample of the biometric factor used for comparison during authentication.

Answer 4

reference template

Question 5

Process that issues service tickets

Answer 5

TGS

Question 6

Parties that are authencticating

Answer 6

principal

Question 7

Equivalant of MS domain

Answer 7

Realm

Question 8

Process the initial request

Answer 8

Authentication server

Question 9

Equivalent of a domain controller

Answer 9

KDC

Question 10

MAC defines subjects as —- and objects as ——

Answer 10

active and passive entities upon which subjects act

Question 11

Access protocol that may be used for authentication wherein X500 tree is present

Answer 11

LDAP

Question 12

Proposed successor to a very popular prot that uses TCP 3868 and encrypts authorization info. Provides better password protection by allowing a 2-factor strong authentication. Uses port 49 TCP bi-directional

Answer 12

TACACS+

Question 13

cisco-based prot runs over TCP 49 bi-directional. Requires users to send an ID and static password for authentication. Using reusable password is vulnerability

Answer 13

TACACS

Question 14

Ticket based authentication proto

Answer 14

kerberos

Question 15

Generic term for centrally controlled authentication to multiple disparate systems

Answer 15

SSO

Question 16

AAA proto runs over UPD 1812 and encrypts inbound info but not all of the authorization info. Authenticates a subject’s credentials against an authentication db. Authorizes users by allowing specific users to access specific data objects.

Answer 16

Radius

Question 17

Concerned about certificates. Authorization, Authentication, and accounting. proto runs over UPD 1812 and encrypts inbound info but not all of the authorization info. Authenticates a subject’s credentials against an authentication db. Authorizes users by allowing specific users to access specific data objects.

Answer 17

Radius

Question 18

Adds to kerberos. Scaliablity of public key systems, better manageabilitiy and audit and delegation. Adds public key assymmetric encryption. Addresses a big weakness in successor which is plaintext storage of symmetric keys

Answer 18

SESAME

Question 19

Adds to Kerberos. Scalability of public key systems, better manageability and audit and delegation. Adds public key asymmetric encryption. Addresses a big weakness in successor which is plaintext storage of symmetric keys

Answer 19

SESAME