Identity and Access Management Flashcards
Determines what users can do with contents based on his credentials.
Authentication
Keep a historical record of what users do to shared resources.
Accounting
Means that the organization trusts another entity simply because they are trusted by someone else.
Transitive Trust
A system that involves the use of a common authentication system and credentials database that multiple entities use and share.
Federated system
Which access control applies to highly secure environnments, where a user is granted access to a system or data based upon his security level ?
Mandatory Access Control (MAC)
Which access control provides access based on which user has created or owns an object ?
Discretionary Access Control (DAC)
Which access control uses predefined roles to define access ?
Role-Based Access Control
Which access control grantes access based upon predefined rules that may apply to users or groups of users and also more advanced firewalls ?
Rule-Based Access Control
____ typically are generated by tokens or mobile devices to facilitate multifactor authentication
OTPs
Rate of errros from incorrectly rejecting authorized users :
FRR
Rate of errors from incorrectly authenticating unauthorized users :
FAR
Point of which the system must be tuned to reduce FRR and FAR :
Crossover error rate
A storage chip to a stantard credit-card-sized plastic card creates a :
Smart Card
Type of account that sits between a user account and an admin/root account :
Privileged Account
Term used when users privileges are not reviwed on periodic basis and users move around within the organization retaining privileges even when they no longer need them
Privilege Creep
Form of auditing that involves examining audit rails, such as logs and other documentation, to ensure accountability for actions any user performs.
Continuous Monitoring
Microsoft Windows Active Directory is an example of a _____ accounts and credentials database.
Centralized
Oldest non secure authentication protocol used to pass user names and passwords to a central authentication server.
PAP
Authentication protocol that relies on challenge and response messages and hashed passwords, as do other modern protocols. Ensures that passwords or user credentials are never sent over the network in clear text.
CHAP
Protocol that provides AAA services, uses ports 1812 and 1813
Radius
Authentication protocol Ciso-designed encrypts all traffic between all connection points, most used on network devices.
TACACS+
Default authentication protocol for Windows Domains, uses authentication tickets and timestamps to help prevent replay attacks.
Kerberos