Sample Test Questions Domain 5 Flashcards
Most directories follow a hierarchical database format, based on the ___ standard and a type of protocol, as in Lightweight Directory Access Protocol (LDAP), that allows subjects and applications to interact with the directory
X.500
___ technology can allow users to maintain a single password across multiple systems by transparently synchronizing the password to other systems and applications
Password synchronization
___ specifies the U.S. government standards for Personal Identity Verification (PIV), giving varying requirements of assurance
FIPS 201-2
A ___ gathers information about all the users and resources within an enterprise and stores them in a central virtual container
virtual directory
Providers of ___ allow their clients to have a form of SSO that works across various otherwise independent accounts for independent vendors. A common example is the ability to use a Google account to create a Facebook page
Identity as a Service (IDaaS)
controls should be ___ so that users and intruders do not know enough to be able to disable or bypass them
transparent
___ allows two or more organizations to share application security policies based upon their trust model
Extensible Access Control Markup Language (XACML)
A ___ specifies the access rights a certain subject possesses pertaining to specific objects
capability table
___ is a markup language that exchanges information about which users should get access to what resources and services
Service Provisioning Markup Language (SPML)
___ are commonly used to detect software faults, such as a process ending abnormally or hanging
watchdog timers
Neither TACACS+ nor RADIUS can carry out ___ functionality for devices that need to communicate over VoIP, mobile IP, or other similar types of protocols
authentication and authorization
when you open an application, a network portal might package your request and your authentication data in Security Assertion Markup Language (SAML) format and encapsulate that data into a ___ message
Simple Object Access Protocol (SOAP)
The ___ model looks at the shared resources that the different users of a system will use and tries to identify how information can be passed from a process working at a higher security clearance to a process working at a lower security clearance
Noninterference
Examples of ___ attacks against smart cards are fault generation, differential power analysis, electromagnetic analysis, timing, and software attacks. These types of attacks are used to uncover sensitive information about how a component works without trying to compromise any type of flaw or weakness, otherwise known as ___ attacks
side-channel; noninvasive
pharming uses ___ to redirect victims to a fake website
DNS poisoning
A common security issue with RFID is that ___. While encryption can be integrated as a countermeasure, it is not common because ___
the data can be captured as it moves from the tag to the reader and modified;
RFID is a technology that has low processing capabilities and encryption is very processor intensive
___ is a common solution to credential and identity management
Kerberos
Regardless of how well a biometric system can be tuned with respect to FAR, FRR, or CER, unless it can ___, it will become a costly bottleneck
process a sufficient throughput of individuals in actual deployment
The correct sequence in the Kerberos is as follows: The user provides a username/password to the workstation, the workstation obtains a ___ from the ___, then subsequently obtains a service ticket from the ___, which it presents to the service
ticket granting ticket (TGT);
Key Distribution Center (KDC);
ticket granting server (TGS)
The user must first authenticate to the workstation with a username and password. These credentials are then forwarded by the workstation to the authentication service (AS) on the KDC, which then returns a TGT encrypted with the TGS’s secret key. Later, when a service is required, the TGT is presented back to the TGS that can authenticate it, and which then returns a service ticket encrypted with the service’s secret key. When the service ticket is presented to the service, mutual authentication can occur: the service knows the user must be authentic, because the user couldn’t have a valid service ticket without having authenticated to the KDC and TGS, and the user knows the service is authentic, because it can decrypt the service ticket.
___ is an open standard for website-to-website authorization (not authentication). It is used to allow an account that a user is authenticated to on one site to access resources on another third-party site
OAuth
___ supports three flows to supply an ID token: authorization code flow, implicit flow, and hybrid flow
OAuth