Identity access Management Flashcards

1
Q

AAA

A
  • Authentication is the process of verifying an identity that has already been established in a computer system.
  • Authorization is the process of permitting or denying access to specific resource.
  • Accounting is the process of “ascribing resource usage by account for the purpose of tracking resource utilization.” It’s also very handy for forensics after a security incident has occurred.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Identity Federation

A

All of the policies, protocols and practices to manage this identity information across systems, or even across organizations, is called identity federation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Single sign-on

A

When you can use a set of credentials for authentication between systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Transitive trust

A

When given domains trust each other, authentication for one domain can be trusted by the other domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Lightweight Directory Access Protocol (LDAP)

A

Used to handle user authentication, authorization, and to control access to Active Directory objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Directory

A

Directories are a form of data storage. They’re like databases, but not quite. Unlike a database, directories are designed to provide efficient data-retrieval services (reads).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Kerberos

A

Kerberos is a network authentication protocol meant for client/server environments. It’s able to securely exchange symmetric keys over an insecure network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

TACACS+

A

Client/server protocol that operates using TCP (port 49). It separates out authentication, authorization, and accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Chap/MSCHAP

A

Challenge Handshake Authentication Protocol. MSCHAP is for Microsoft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Password Authentication Protocol (PAP)

A

Two-way handshake that establishes authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RADIUS

A

Remote Authentication Dial-In User Service. Another protocol that handles authentication, authorization and accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MAC - Access Control Model

A

The Mandatory Access Control model is used in environments with different levels of security classifications. Least Privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DAC - Access Control Model

A

Discretionary access control. A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ABAC - Access Control Model

A

Attribute-based access control. What is an attribute? It’s things like user attributes (specific to a job), object attributes, and environmental attributes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Role-based access control Model (RBAC)

A

This can be used in conjunction with other methods. For example, you might want to use a MAC method, but also restrict access after a certain time of day.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

False-Acceptance Rate

A

The likelihood of an authentication system incorrectly granting access to unauthorized individuals.

17
Q

False rejection rate

A

The likelihood of an authentication system incorrectly not granting access to authorized individuals.

18
Q

Tokens

A

These are another example of “something you have.” It’s a physical object that identifies certain access rights. A common example is a house key.

19
Q

HOTP/TOTP

A

MAC-based One-Time Passwords (HTOP) is an algorithm for authenticating a user via an authentication server. This password is time-stamped and is a one-time use.

20
Q

IEEE 802.1x Certificate Model

A

The IEEE 802.1X standard is used on a number of networks to authenticate a user to an authorization device.