ID & Access Management Flashcards

Question 1

Q

Define Identification

Answer

A

An assertion or claim to an identity

Question 2

Q

Define Authentication

Answer

A

Offered proof of identification

Question 3

Q

Define Authorization

Answer

A

Verified identity against access or permissions

Question 4

Q

Define AAA

Answer

A

Authentication
Authorization
Accounting

Question 5

Q

Authentication Factors

Answer

A

Something you know (Type 1)
Something you have (Type 2)
Something you are (Type 3)
Something you do
Somewhere you are

Question 6

Q

Define FAR

Answer

A

False Acceptance Rate

Question 7

Q

Define FRR

Answer

A

False Rejection Rate

Question 8

Q

Define CER

Answer

A

Crossover Error Rate; balance between FRR and FAR

Question 9

Q

Define MFA

Answer

A

Multi-Factor Authentication; must combine two separate factor categories

Question 10

Q

Token Types

Answer

A

Physical
Software
Hardware

Question 11

Q

Define HOTP

Answer

A

Single use password;

uses shared secret and a counter

Question 12

Q

Define TOTP

Answer

A

Time based password utilizing synchronized clocks

Question 13

Q

Authentication Protocols

Answer

A

PAP (insecure)
CHAP
MS-CHAP (insecure)
MS-CHAP2
PPP

Question 14

Q

Authentication Protocol Process

Answer

A

Challenge
Response Hash
Compare Hash
Authorize

Question 15

Q

Define SSO

Answer

A

Federated ID management for multiple system accounts

Question 16

Q

Trust Authentication Factors

Answer

A

One-way verses Two-way

Transitive verses Intransitive

Question 17

Q

Define Transitive Trust

Answer

A

If organization A trust organization B, then organization A trust any other organization which B trusts

Question 18

Q

Define One-Way Authentication

Answer

A

Organization A can authenticate for organization B, but organization B cannot authenticate for organization A

Question 19

Q

Define RADIUS

Answer

A

Remote Access Dialed in User Service:
UDP
Encrypts only the password
Combines authentication and authorization

Question 20

Q

Define TACACS

Answer

A

Terminal Access Controller Access Control System;
TCP
Encrypt whole session

Question 21

Q

KERBEROS Process

Answer

A

Client authentication request
KDC checks the client's credentials
KDC creates a ticket granting ticket (TGT)
Client uses TGT to request access
KDC creates a file server ticket
Client uses file ticket to authenticate

Question 22

Q

KERBEROS Benefits

Answer

A

Ease and Quality
Scalability
Policy Enforcement and Audit-ability
*not peer-to-peer

Question 23

Q

KERBEROS Port Number

Question 24

Q

LDAP Port Number

Question 25

Q

SLDAP Port Number

Question 26

Q

NTLM Issues

Answer

A

Weak encryption

Pass the hash

Question 27

Q

Define NTLM

Answer

A

New Technology LAN Manager

Question 28

Q

Define SAML

Answer

A

Secure Assertion Markup Language; SSO web browsing service

Question 29

Q

SAML Actors

Answer

A

Principle
ID Provider (IDP)
Service Provider (SP)

Question 30

Q

Define OAuth

Answer

A

SSO Authorization service

Question 31

Q

Define OpenID

Answer

A

Authentication provider for OAuth

Question 32

Q

Asymmetric Authentication Process

Answer

A

Encrypt with private key, decrypt with public key

Question 33

Q

Authorization Key Principles

Answer

A

Least Privilege

Separation of Duties

Question 34

Q

Define Privilege Creep

Answer

A

User gaining excess privileges as a result of shifting roles within an organization

Question 35

Q

Define MBAC

Answer

A

Mandatory Based Access Controls; required controls by regulations

Question 36

Q

Define DBAC

Answer

A

Discretionary Based Access Controls; administrator assigned privileges

Question 37

Q

Define ACL

Answer

A

Access Control List; database of personal or group privileges

Question 38

Q

ACL Categories

Answer

A

Full
Read
Write
Modify

Question 39

Q

Define RBAC

Answer

A

Role Based Access Control; user assigned permissions based on position

Question 40

Q

Define ABAC

Answer

A

Attribute Based Access Control; situation based privileges such as location or time

Question 41

Q

Account Types

Answer

A

User
Privileged
Guest
Shared
Service/systems
Executive

Question 42

Q

Octal Value of No Permissions

Question 43

Q

Octal Value of Execute Permissions

Question 44

Q

Octal Value of Write Permissions

Question 45

Q

Octal Value of Read Permissions

Question 46

Q

Federated RADIUS Features

Answer

A

Common authentication and credentials
Individual members retain administrative control
Share same level of trust

Question 47

Q

Define DIAMETER

Answer

A

Upgrade to RADIUS, supports EAP
AAA Protocol over LTE and IMS Networks
Reliable messages over TCP or SCTP
Secure messages using TLS or IPSec

Question 48

Q

Guest Account Settings

Answer

A

Prevent network usage
Secure password enabled
Prevent from system shutdown
Prevent viewing log information

Question 49

Q

Active Directory SSO Concerns

Answer

A

8 character limit on legacy systems
Easy to guess usernames
Duplicate usernames

Question 50

Q

When are GPO Updated

Answer

A

User log in

Question 51

Q

Define Decentralized Privilege Management

Answer

A

User accounts are defined on individual systems (i.e. work group) rather then centralized access control servers

Question 52

Q

GPO Copy Transfers

Answer

A

Individual permissions do not transfer

Group permissions do transfer

Question 53

Q

Define Security Configuration and Analysis Snap-in

Answer

A

Apply or compare a template to existing security settings on a computer, used for auditing

Question 54

Q

Default Permissions Priority

Answer

A

Deny trumps allow permissions

Question 55

Q

Define Active Directory

Answer

A

A centralized database that contains user account and security information

Question 56

Q

Define an Active Directory Domain Controller

Answer

A

Server that holds a copy of the database

Question 57

Q

Define an Active Directory Organizational Unit

Answer

A

Folder that subdivides and organizes network resources within the domain

Question 58

Q

Define an Active Directory Domain

Answer

A

An admin defined collection of network resources sharing a common directory database and security policy

Question 59

Q

Define an Active Directory Object

Answer

A

A computing element which identifies resources in the database

Question 60

Q

Hierarchical Database Benefits

Answer

A

Organization
Delegation
Replication
Scalability

Question 61

Q

usermod/userdel flags

Answer

A

I: change user name
u: change UID number
L: lock user password
d: change account’s home directory
r: remove user and delete home directory

Question 62

Q

Account Locked Indicator

Question 63

Q

passwd -S gshant

Answer

A

Display status of user account

Question 64

Q

gpasswd X

Answer

A

Prompt new password for group X

Answer 57

A

M: password expiration max
W: days before expiration warning
m: minimum age

Answer 58

A

Limit of concurrent logins for a specific user

Answer 59

A

AAA
Uses TCP
Encrypts entire packet
Supports more protocol suites then RADIUS

Answer 60

A

Private and remote host connection to server or network resources

Answer 61

A

Mutual Authentication

Answer 62

A

TLS
Kerberos
IPsec
Certificates

Answer 63

A

Divides password by units of seven and creates separate hashes for each portion (insecure)

Answer 64

A

Components of the human body

Answer 65

A

False negatives

No stronger then a strong password when used alone

Answer 66

A

Individualize password policy for different users or groups in ADSI

Answer 67

A

Create PSO with necessary settings,
Edit the msDS-PSOAppliesTo property to ID the groups or users applicable,
If policy was applied to a group, add users to the group

Answer 68

A

Own processor
Store digital signatures, keys, and ID codes
Generally tamper proof

Answer 69

A

Data,
Applications,
Systems,
Networks,
Physical Space

Brainscape's Knowledge GenomeTM

ID & Access Management Flashcards

Brainscape's Knowledge Genome^TM