ID & Access Management

Question 1

Define Identification

Answer 1

An assertion or claim to an identity

Question 2

Define Authentication

Answer 2

Offered proof of identification

Question 3

Define Authorization

Answer 3

Verified identity against access or permissions

Question 4

Define AAA

Answer 4

Authentication
Authorization
Accounting

Question 5

Authentication Factors

Answer 5

Something you know (Type 1)
Something you have (Type 2)
Something you are (Type 3)
Something you do
Somewhere you are

Question 6

Define FAR

Answer 6

False Acceptance Rate

Question 7

Define FRR

Answer 7

False Rejection Rate

Question 8

Define CER

Answer 8

Crossover Error Rate; balance between FRR and FAR

Question 9

Define MFA

Answer 9

Multi-Factor Authentication; must combine two separate factor categories

Question 10

Token Types

Answer 10

Physical
Software
Hardware

Question 11

Define HOTP

Answer 11

Single use password;

uses shared secret and a counter

Question 12

Define TOTP

Answer 12

Time based password utilizing synchronized clocks

Question 13

Authentication Protocols

Answer 13

PAP (insecure)
CHAP
MS-CHAP (insecure)
MS-CHAP2
PPP

Question 14

Authentication Protocol Process

Answer 14

Challenge
Response Hash
Compare Hash
Authorize

Question 15

Define SSO

Answer 15

Federated ID management for multiple system accounts

Question 16

Trust Authentication Factors

Answer 16

One-way verses Two-way

Transitive verses Intransitive

Question 17

Define Transitive Trust

Answer 17

If organization A trust organization B, then organization A trust any other organization which B trusts

Question 18

Define One-Way Authentication

Answer 18

Organization A can authenticate for organization B, but organization B cannot authenticate for organization A

Question 19

Define RADIUS

Answer 19

Remote Access Dialed in User Service:
UDP
Encrypts only the password
Combines authentication and authorization

Question 20

Define TACACS

Answer 20

Terminal Access Controller Access Control System;
TCP
Encrypt whole session

Question 21

KERBEROS Process

Answer 21

Client authentication request
KDC checks the client's credentials
KDC creates a ticket granting ticket (TGT)
Client uses TGT to request access
KDC creates a file server ticket
Client uses file ticket to authenticate

Question 22

KERBEROS Benefits

Answer 22

Ease and Quality
Scalability
Policy Enforcement and Audit-ability
*not peer-to-peer

Question 23

KERBEROS Port Number

Answer 23

88

Question 24

LDAP Port Number

Answer 24

389

Question 25

SLDAP Port Number

Answer 25

636

Question 26

NTLM Issues

Answer 26

Weak encryption | Pass the hash

Question 27

Define NTLM

Answer 27

New Technology LAN Manager

Question 28

Define SAML

Answer 28

Secure Assertion Markup Language; SSO web browsing service

Question 29

SAML Actors

Answer 29

``` Principle ID Provider (IDP) Service Provider (SP) ```

Question 30

Define OAuth

Answer 30

SSO Authorization service

Question 31

Define OpenID

Answer 31

Authentication provider for OAuth

Question 32

Asymmetric Authentication Process

Answer 32

Encrypt with private key, decrypt with public key

Question 33

Authorization Key Principles

Answer 33

Least Privilege | Separation of Duties

Question 34

Define Privilege Creep

Answer 34

User gaining excess privileges as a result of shifting roles within an organization

Question 35

Define MBAC

Answer 35

Mandatory Based Access Controls; required controls by regulations

Question 36

Define DBAC

Answer 36

Discretionary Based Access Controls; administrator assigned privileges

Question 37

Define ACL

Answer 37

Access Control List; database of personal or group privileges

Question 38

ACL Categories

Answer 38

Full Read Write Modify

Question 39

Define RBAC

Answer 39

Role Based Access Control; user assigned permissions based on position

Question 40

Define ABAC

Answer 40

Attribute Based Access Control; situation based privileges such as location or time

Question 41

Account Types

Answer 41

``` User Privileged Guest Shared Service/systems Executive ```

Question 42

Octal Value of No Permissions

Answer 42

0

Question 43

Octal Value of Execute Permissions

Answer 43

1

Question 44

Octal Value of Write Permissions

Answer 44

2

Question 45

Octal Value of Read Permissions

Answer 45

4

Question 46

Federated RADIUS Features

Answer 46

Common authentication and credentials Individual members retain administrative control Share same level of trust

Question 47

Define DIAMETER

Answer 47

Upgrade to RADIUS, supports EAP AAA Protocol over LTE and IMS Networks Reliable messages over TCP or SCTP Secure messages using TLS or IPSec

Question 48

Guest Account Settings

Answer 48

Prevent network usage Secure password enabled Prevent from system shutdown Prevent viewing log information

Question 49

Active Directory SSO Concerns

Answer 49

8 character limit on legacy systems Easy to guess usernames Duplicate usernames

Question 50

When are GPO Updated

Answer 50

User log in

Question 51

Define Decentralized Privilege Management

Answer 51

User accounts are defined on individual systems (i.e. work group) rather then centralized access control servers

Question 52

GPO Copy Transfers

Answer 52

Individual permissions do not transfer | Group permissions do transfer

Question 53

Define Security Configuration and Analysis Snap-in

Answer 53

Apply or compare a template to existing security settings on a computer, used for auditing

Question 54

Default Permissions Priority

Answer 54

Deny trumps allow permissions

Question 55

Define Active Directory

Answer 55

A centralized database that contains user account and security information

Question 56

Define an Active Directory Domain Controller

Answer 56

Server that holds a copy of the database

Question 57

Define an Active Directory Organizational Unit

Answer 57

Folder that subdivides and organizes network resources within the domain

Question 58

Define an Active Directory Domain

Answer 58

An admin defined collection of network resources sharing a common directory database and security policy

Question 59

Define an Active Directory Object

Answer 59

A computing element which identifies resources in the database

Question 60

Hierarchical Database Benefits

Answer 60

Organization Delegation Replication Scalability

Question 61

usermod/userdel flags

Answer 61

- I: change user name - u: change UID number - L: lock user password - d: change account's home directory - r: remove user and delete home directory

Question 62

Account Locked Indicator

Answer 62

! or !!

Question 63

passwd -S gshant

Answer 63

Display status of user account

Question 64

gpasswd X

Answer 64

Prompt new password for group X

Question 65

chage command flags

Answer 65

- M: password expiration max - W: days before expiration warning - m: minimum age

Question 66

/etc/security/limits.conf File Contents

Answer 66

Limit of concurrent logins for a specific user

Question 67

TACACS+ Features

Answer 67

AAA Uses TCP Encrypts entire packet Supports more protocol suites then RADIUS

Question 68

TACAS Port Number

Answer 68

49

Question 69

Define Remote Access

Answer 69

Private and remote host connection to server or network resources

Question 70

Difference between MS-CHAPv2 and CHAP

Answer 70

Mutual Authentication

Question 71

SASL Authentication Mode Solutions

Answer 71

TLS Kerberos IPsec Certificates

Question 72

Explain LANMAN

Answer 72

Divides password by units of seven and creates separate hashes for each portion (insecure)

Question 73

Define Biometric Template Original

Answer 73

Components of the human body

Question 74

Disadvantages of Biometrics

Answer 74

False negatives | No stronger then a strong password when used alone

Question 75

Purpose of Granular Password Policies

Answer 75

Individualize password policy for different users or groups in ADSI

Question 76

Granular Password Policy Steps

Answer 76

Create PSO with necessary settings, Edit the msDS-PSOAppliesTo property to ID the groups or users applicable, If policy was applied to a group, add users to the group

Question 77

Smart Card Benefits

Answer 77

Own processor Store digital signatures, keys, and ID codes Generally tamper proof

Question 78

Define an Object in the Context of Access Control

Answer 78

``` Data, Applications, Systems, Networks, Physical Space ```