Lesson 4 - Identity and Access Management Flashcards

1
Q

PIN

A

Personal Identification Number
- A number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MFA

A

Multifactor Authentication
- An authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as “2FA.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

FRR

A

False Rejection Rate
- A biometric assessment metric that measures the number of valid subjects who are denied access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FAR

A

False Acceptance Rate
- A biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CER

A

Crossover Error Rate
- A biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

FER

A

Failure to Enroll Rate
- the percentage of genuine users that cannot be enroll

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FIDO

A

Fast Identity Online
- a set of open, standardized authentication protocols intended to ultimately eliminate the use of passwords for authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

U2F

A

Universal 2nd Factor
- a cybersecurity standard that enhances two-factor authentication (2FA) using physical security keys, offering a more secure and phishing-resistant login process than traditional methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NFC

A

Near-Field Communication
- a short-range wireless technology that, while offering convenience and security, also presents vulnerabilities like data interception, unauthorized access, and malware injection, requiring careful consideration and mitigation strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

OTP

A

One-Time Password
- A password that is generated for use in one specific session and becomes invalid after the session ends.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SAT

A

Soft Authentication Token
- OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DAC

A

Discretionary Access Control
- An access control model where each resource is protected by an access control list (ACL) managed by the resource’s owner (or owners).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MAC

A

Mandatory Access Control
- An access control model where resources are protected by inflexible, system-defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

RBAC

A

Role-Based Access Control
- An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ABAC

A

Attribute-Based Access Control
- An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RBAC

A

Rule-Based Access Control
- A nondiscretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

17
Q

UAC

A

User Account Control
- a Windows security feature that limits application software to standard user privileges until an administrator authorizes an increase or elevation, helping to prevent unauthorized changes to the operating system

18
Q

SID

A

Security Identifier
- The value assigned to an account by Windows and that is used by the operating system to identify that account.

19
Q

GPOs

A

Group Policy Objects
- On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on.

20
Q

PAM

A

Privileged Access Management
- Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

21
Q

SAW

A

Secure Administrative Workstation
- a hardened, isolated workstation used specifically for performing administrative tasks that require elevated privileges, helping to mitigate credential theft and reuse risks

22
Q

ZSP

A

Zero Standing Privileges
- removing all persistent user privileges and granting access only when needed, on a just-in-time basis, to minimize the attack surface and enhance security

23
Q

LSASS

A

Local Security Authority Subsystem Service

24
Q

NTLM

A

NT LAN Manager
- A challenge-response authentication protocol created by Microsoft for use in its products.

25
Q

LDAP

A

Lightweight Directory Access Protocol
- Protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information.

26
Q

DN

A

Distinguished Name
- A collection of attributes that define a unique identifier for any given resource within an X.500-like directory.

27
Q

SSO

A

Single Sign-On
- Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

28
Q

KDC

A

Key Distribution Center
- A component of Kerberos that authenticates users and issues tickets (tokens).

29
Q

TGT

A

Ticket Granting Ticket
- In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.

30
Q

TGS

A

Ticket Granting Service
- a server that issues service tickets to clients after they have been authenticated and received a Ticket Granting Ticket (TGT) from the Key Distribution Center (KDC).

31
Q

IdP

A

Identity Provider
- In a federated network, the service that holds the user account and performs authentication.

32
Q

SAML

A

Security Assertion Markup Language
- An XML-based data format used to exchange authentication information between a client and a service.

33
Q

SOAP

A

Simple Object Access Protocol
- An XML-based web services protocol that is used to exchange messages.

34
Q

OAuth

A

Open Authorization
- A standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.