Part-2 Acronyms

Question 1

IAM

Answer 1

Identity and access management

Security process that provides identity, the authentication and authorization mechanisms for users, computers and other entities to work with organizational assets like net works, operating systems and applications.

Question 2

MAC

Answer 2

Mandatory access control

Subjects are assigned a security level or Clarence when they try to access an object their, clearance level must correspond to the object security level. If there is a match, the subject can access the objects; if there is no match, the subject is denied access. Mac security labels can generally be changed to only by system administrator.

Question 3

DAC

Answer 3

Discretionary access control

When you were trying to access the file that is protected, all you need to do is Austin minute straighter to grant you access and then you can start using the file.

Question 4

ACL

Answer 4

Access control list

List of subjects who are allowed access

Question 5

RBAC

Answer 5

Role-based access control

Subjects are assigned to pre-defined roles, and network objects are configured to allow access only to specific roles. Access control based on the subjects assigned. An administrator assigns to a role only those privileges subjects in the role need to complete their work.

Question 6

Rulebased access control

Answer 6

This is an access control technique that is based on a set of operational rules or restrictions.

Question 7

ABAC

Attribute base access control

Answer 7

If x, then y
If a subject has both the type = database and department = customer service attributes then they are granted access to the computer database.
Since you, as a general administrator, do not possess these attributes, you’re denied access. Attributes are created ahead of time and must aptly Describe the important factors that distinguish one subject from another. Administrators can I sign these attributes during identity creation, or they can be assigned dynamically, depending on what the attributes are.

Question 8

Physical access control devices

Answer 8

These are common in IAM architectures where organizations cannot rely solely on software based authentication and authorization solutions.

Example smart cards

Smart Cards are used as a “something you have “ for user to gain physical injury to location; to gain access to computer system or to initiate the transfer transaction with another entity.

Question 9

Biometric devices

Answer 9

Fingerprint scanners
Voice recognition devices
Retinal scanners
Iris scanners
Facial recognition devices

Question 10

Biometric factors

Answer 10

FAR false acceptance rate
FRR false rejection rate
CER Crossover error rate

Question 11

Certificate based authentication

Answer 11

A technique used in a “something you have“authentication

Question 12

CAC

Answer 12

Common access card

Question 13

Directory service

Answer 13

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, clients, printers, and network services.

Question 14

LDAP

Answer 14

Lightweight directory access protocol

LDAP clients Authenticate to the LDAP service, and the service schema defines The tasks that clients can and cannot perform while accessing a directory database, the form the directory query must take, and how the directory server will respond.

Question 15

Schema

Answer 15

The structure of the directory is controlled by a blank blank blank that defines rules for how objects are created and what their characters can be most blanks are extensible, so they can be modified to support the specific needs of an organization.

Question 16

Active directory

Answer 16

This allows administrators to centrally manage and control access to resources using axis control us or ACL.

Question 17

Tunneling

Answer 17

This is a data transport technique that can be used to provide remote access in which a data package is encrypted and encapsulated in another day to pack it in order to conceal the information of the packet inside.

Typically employed as a security measure in VPN connections

Question 18

Remote access protocols

Answer 18

Point to point protocol (PPP)
Point to point tunneling protocol (PPTP)
Layer two tunneling protocol L2TP
Secure socket tunneling protocol SSTP

Question 19

Point to point protocol

PPP

Answer 19

This is a legacy Internet standard for sending IP datagram packets over serial point to point links. It can be used in synchronous and asynchronous connections.

Question 20

Point to point tunneling protocol

Answer 20

This is a Microsoft VPN layer 2 protocol that increases the security of PPP by providing tunneling and data encryption for PPP packets.

PPTP is no longer recommend by Microsoft.

Question 21

Layer 2 Tunneling protocol

Answer 21

L2TP

L2 TP employees IP security transport mode for authentication

Question 22

Secure socket tunneling protocol

Answer 22

SSTP

This protocol uses SSL/TLS and encapsulates an IP packet with a PPP header and then with an SSTP header.

Question 23

HOTP

Answer 23

HM AC based one time password

An algorithm that generates one time passwords OTP using a hash based authentication code HM AC to ensure the authenticity of a message

Question 24

Time based OTP

Answer 24

TimedHM AC best one time password TOTP improves upon the HOTP algorithm by introducing a time based factor to the one time password Authentication.

Question 25

PAP

Answer 25

Password authentication protocol

It is a protocol that sends user IDs and passwords as plain text

Question 26

MD5

Answer 26

Message digest 5

Question 27

CHAP handshake process

Answer 27

Step one the remote client request a connection to the RAS
Step two the remote server sends a challenge sequence, which is usually a random value
Step three Remote client uses its password as an encryption key to encrypt the challenge sequence and sends a modified sequence to the server.
Step four The server encrypts the original challenge sequence with The password stored and it’s local credentials list and compare the results with the modified sequence received from the client:
If the two sequences do not match, the server closes the connection.
If the two sequences match, the server allows the client to access resources.

Question 28

NTLM

Answer 28

NT LAN Manager is a challenge response authentication protocol created by Microsoft

Weaknesses include outdated encryption algorithms, which are susceptible to brute force cracking attempts.

Question 29

AAA

Answer 29

Authentication, authorization and accounting
Security concepts and which is centralized platform verifies object identification, and choose the object is assigned relevant commissions, and then logs these actions to create an audit trail..

Question 30

Diameter

Answer 30

This is an authentication protocol that improves upon RADIUS By strengthening some of its weaknesses

Question 31

NPS

Answer 31

Network policy server

Is a window server implementation of a radius server it helps and administrating VPNs and wireless network

Question 32

TACACS & TACACS plus

Answer 32

Terminal access controller access Control system

Protocols provide AAA services for remote users.
TACAS plus includes process wide encryption for I think Acacian, from authorization packets, where as radius combines these functions in the same packet.

TACAS plus also supports multi factor authentication.

Question 33

Kerbos

Answer 33

And authentication service that is based on a time sensitive ticket granting system. It’s use for a single sign-on process.

This is used with active directory to authenticate users and computers any domain. This also employees mutual authentication to the both the client and server can verify each other’s identity. It also uses modern encryption standards like AES.

Question 34

Kerbos Process

Answer 34

Number one. User logs onto the domain
Number two to the user request a ticket granting ticket TGT from the offense kidding service
Number three. But authenticating server response with a timestamp TGT
Number four. The user presents the TGT back to the authenticating server and requests a service Ticket to access a specific resource.
Number five. The authenticating server responds with a service ticket.
Number six. The user presents the service ticket to the resource they wish to access.
Number seven. The resource authenticates and allows access.

Question 35

Account management

Answer 35

A common term used to refer to the processes, functions, and policies used to effectively manage user accounts within an organization

Question 36

Account types

Answer 36

User account
Privileged account
Guest account
Computer and service account

Question 37

Account policy

Answer 37

A document that includes and organizations requirements for account creation,account monitoring, and account removal.

Question 38

Security control (account management)

Answer 38

Standard naming conventions
On boarding and off boarding
Access recertification 
Usage auditing
Group based acces control
Location based policies
Time of day restrictions

Question 39

Credential managers

Answer 39

This was created to help users and organizations to more easily store and organize user names and password da.

Defend against keystroke-logging malware

Question 40

Credential management software

Answer 40

LastPass
KeePads
Apples Keychain

Question 41

Identity federation

Answer 41

This is the practice of linking a single identity across multiple disparate identity systems.

Google account

Question 42

Transitive Trust

Answer 42

A user account that is trusted by one system may be implicitly trusted by another system of those systems trust each other.

Question 43

Identity federation methods

Answer 43

SAML
OPENid
OAuth
Shinboleth

Question 44

SAML

Answer 44

Security assertion markup language

Question 45

OPENID

Answer 45

A method for authenticating users.

Google and amazon uses their own.

Question 46

OAuth

Answer 46

An authorization protocol that can be used to complement OPenID

Question 47

Shinboleth

Answer 47

Based on SAML

Federated identity method