ISC2 - Study Notes 4

Question 1

provides SSO to different operating systems or networks. A ??? database provides central SSO authentication.

Answer 1

Federated access

Question 2

The ??? is typically the user that logs on to the system. If necessary, the user might request a ??? identity from the identity provider.

The ??? creates, maintains, and manages the identity information for principals.

A ??? is the entity that provides services to principals. For example, a banking institution that hosts different banking services is the ???. ??? is XML based data format used for SSO on the internet.

Answer 2

principal / identity provider / service provider / SAML

Question 3

provides SSO for web-based application servers on the Internet. It is an XML-based standard used to exchange authentication and authorization information between different parties.

Answer 3

SAML

Question 4

is an authentication layer that can be used with OAuth 2.0 to extend its capabilities. Combined, OAuth and ??? allow websites and online web applications to verify the identity of end users without managing the users’ credentials.

Answer 4

OpenID Connect

Question 5

each provide SSO capabilities. With SSO, users only have to log on once and then use the same credentials to access multiple resources.

Answer 5

Kerberos, SAML, OAuth, and OpenIDConnect

Question 6

Every computer has a separate database that stores credentials. If Sally needed to log on to all four computers in this network, she would need to have four separate sets of credentials—one for each system.

Answer 6

Decentralized Environment

Question 7

Credentials for the users are stored on a central server. Any user can log on to the network once and then access any computer in the network (as long as the user has permissions).

Answer 7

Centralized Authentication

Question 8

a user is still able to log on while they’re offline. In a Windows environment, the system uses cached credentials. In other words, when Steve logged on to his laptop, encrypted data about his credentials were stored (cached) on his system. If he’s disconnected when he logs on, these cached credentials are compared to the credentials he’s entering, and if they match, he is authenticated.

Answer 8

Offline Authentication

Question 9

is used for single sign-on networks. It’s not possible to use SSO without some type of centralized authentication.

Answer 9

Centralized Authentication

Question 10

methods focus on hardware instead of the user. The goal is to prevent unauthorized devices from accessing the network.

Answer 10

Device Authentication