Lesson 4 - Identity and Access Management

Question 1

PIN

Answer 1

Personal Identification Number
- A number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.

Question 2

MFA

Answer 2

Multifactor Authentication
- An authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as “2FA.”

Question 3

FRR

Answer 3

False Rejection Rate
- A biometric assessment metric that measures the number of valid subjects who are denied access.

Question 4

FAR

Answer 4

False Acceptance Rate
- A biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

Question 5

CER

Answer 5

Crossover Error Rate
- A biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

Question 6

FER

Answer 6

Failure to Enroll Rate
- the percentage of genuine users that cannot be enroll

Question 7

FIDO

Answer 7

Fast Identity Online
- a set of open, standardized authentication protocols intended to ultimately eliminate the use of passwords for authentication

Question 8

U2F

Answer 8

Universal 2nd Factor
- a cybersecurity standard that enhances two-factor authentication (2FA) using physical security keys, offering a more secure and phishing-resistant login process than traditional methods.

Question 9

NFC

Answer 9

Near-Field Communication
- a short-range wireless technology that, while offering convenience and security, also presents vulnerabilities like data interception, unauthorized access, and malware injection, requiring careful consideration and mitigation strategies.

Question 10

OTP

Answer 10

One-Time Password
- A password that is generated for use in one specific session and becomes invalid after the session ends.

Question 11

SAT

Answer 11

Soft Authentication Token
- OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.

Question 12

DAC

Answer 12

Discretionary Access Control
- An access control model where each resource is protected by an access control list (ACL) managed by the resource’s owner (or owners).

Question 13

MAC

Answer 13

Mandatory Access Control
- An access control model where resources are protected by inflexible, system-defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Question 14

RBAC

Answer 14

Role-Based Access Control
- An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Question 15

ABAC

Answer 15

Attribute-Based Access Control
- An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

Question 16

RBAC

Answer 16

Rule-Based Access Control
- A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Question 17

UAC

Answer 17

User Account Control
- a Windows security feature that limits application software to standard user privileges until an administrator authorizes an increase or elevation, helping to prevent unauthorized changes to the operating system

Question 18

SID

Answer 18

Security Identifier
- The value assigned to an account by Windows and that is used by the operating system to identify that account.

Question 19

GPOs

Answer 19

Group Policy Objects
- On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

Question 20

PAM

Answer 20

Privileged Access Management
- Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

Question 21

SAW

Answer 21

Secure Administrative Workstation
- a hardened, isolated workstation used specifically for performing administrative tasks that require elevated privileges, helping to mitigate credential theft and reuse risks

Question 22

ZSP

Answer 22

Zero Standing Privileges
- removing all persistent user privileges and granting access only when needed, on a just-in-time basis, to minimize the attack surface and enhance security

Question 23

LSASS

Answer 23

Local Security Authority Subsystem Service

Question 24

NTLM

Answer 24

NT LAN Manager
- A challenge-response authentication protocol created by Microsoft for use in its products.

Question 25

LDAP

Answer 25

Lightweight Directory Access Protocol - Protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

Question 26

DN

Answer 26

Distinguished Name - A collection of attributes that define a unique identifier for any given resource within an X.500-like directory.

Question 27

SSO

Answer 27

Single Sign-On - Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

Question 28

KDC

Answer 28

Key Distribution Center - A component of Kerberos that authenticates users and issues tickets (tokens).

Question 29

TGT

Answer 29

Ticket Granting Ticket - In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.

Question 30

TGS

Answer 30

Ticket Granting Service - a server that issues service tickets to clients after they have been authenticated and received a Ticket Granting Ticket (TGT) from the Key Distribution Center (KDC).

Question 31

IdP

Answer 31

Identity Provider - In a federated network, the service that holds the user account and performs authentication.

Question 32

SAML

Answer 32

Security Assertion Markup Language - An XML-based data format used to exchange authentication information between a client and a service.

Question 33

SOAP

Answer 33

Simple Object Access Protocol - An XML-based web services protocol that is used to exchange messages.

Question 34

OAuth

Answer 34

Open Authorization - A standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.