Section 2.4 Authentication and Authorization Design concepts

Question 1

What authentication concept is the process of presenting valid credentials to the system?

Answer 1

Identification/Identity Proofing

Question 2

What authentication concept is the process of validating the user’s identification?

Answer 2

Authentication

Question 3

What authentication concept is the act of granting permission to an object?

Answer 3

Authorization

Question 4

What authentication concept is the process of logging a users’ activities and behaviors, the amount of data they use, and the resources they consume?

Answer 4

Accounting

Question 5

What does the AAA in the AAA framework stand for?

Answer 5

Authentication, Authorization, and Accounting

Question 6

What authentication refers to requiring only one factor (such as a password) to authenticate a user?

Answer 6

Single-factor authentication

Question 7

What authentication typically combines two single-factor authentication types, such as something the user knows and something the user possesses?

Answer 7

Two-factor authentication

Question 8

What is the strongest form of user authentication?

Answer 8

Multifactor authentication

Question 9

What authentication involves a combination of physical item, such as a smart card, token, or biometric factor, and a non-physical item, such as a password, passphrase, or PIN?

Answer 9

Multifactor authentication

Question 10

What do you call a repository of information regarding the users and resources of a network?

Answer 10

Directory services

Question 11

What service is the underlying protocol that is found in most modern directory service implementations?

Answer 11

LDAP

Question 12

What does LDAP stand for?

Answer 12

Lightweight Directory Access Protocol

Question 13

What protocol uses TCP port 389?

Answer 13

LDAP (unencrypted)

Question 14

What protocol uses TCP port 689?

Answer 14

LDAP over SSL

Question 15

What protocol uses TCP port 636?

Answer 15

LDAP over TLS

Question 16

What concept allows the user to be authenticated only once on the network to access the resources on it?

Answer 16

Single Sign-on

Question 17

What concept allows a users identity and associated attributes to be carried with them across enterprise boundaries?

Answer 17

Federation

Question 18

Federated identities center on the concept of _________, where the trust relationship between the two domains allows authentication of trusted users across both domains?

Answer 18

Transitive Trust

Question 19

What do you call an algorithm that generates one-time use passwords, referred to as 2 step authentication?

Answer 19

HMAC-based One Time Password (HOTP)

Question 20

What is it called when you add the element of time to the general HOTP concept?

Answer 20

Time-based one-time password (TOTP)

Question 21

What is a physical device that is inserted into a system to validate your identity through the “something you have” factor?

Answer 21

Token Key

Question 22

What uses a unique physical attribute to identify a user?

Answer 22

Biometrics

Question 23

What measurement is how well an authentication method performed correcty?

Answer 23

Efficacy rate

Question 24

What measurement is where the False Acceptance and False Rejection rates are equal?

Answer 24

Crossover Error Rate

Question 25

What is critical for protecting the cloud because authentication services for cloud based services are centralized, at times with a combination of cloud and on premises solutions?

Answer 25

Device Security

Question 26

CSP’s must ensure that users only receive access to their resources by practicing what two things?

Answer 26

Due Diligence
Defense in Depth

Question 27

What kind of server provides a centralized directory that can be used to securely authenticate a user to multiple services on the same network?

Answer 27

LDAP Server

Question 28

What kind of authentication method uses a keyed-hash message authentication code (HMAC) and relies on two pieces of info: the seed (a secret known only by the token and validating server) and a moving factor (a counter)?

Answer 28

HMAC-based One Time Password

Question 29

What kind of authentication method is based on HOTP but where the moving factor is time instead of the counter?

Answer 29

Time-based One Time Password

Question 30

What do you call a one-time password provided on a hardware or software token generator?

Answer 30

Token key

Question 31

Authenticator applications are common software solutions for?

Answer 31

Token keys

Question 32

What is a static set of numbers and letters to provide for authentication? A common example is a password or passphrase.

Answer 32

Static Code

Question 33

What is a credit card sized token that contains a certificate and is used for authentication in conjunction with a PIN? Generally requires physical proximity to or insertion into a reader.

Answer 33

Smart card

Question 34

What is a software-based authenticator that implements two-step verification services using the Time-based One Time Password Algorithm and HMAC-based One Time Password Algorithm for authenticating users of software applications?

Answer 34

Authentication Applications

Question 35

What is the process where the server is pushing down the authenticator information to your mobile device?

Answer 35

Push Notifications

Question 36

What is the process o confirming the device (laptop, mobile device, etc…) is an approved device compliant with company policies?

Answer 36

Attestation

Question 37

What authentication method involves checks that occur on a local device and are reported to a verification server?

Answer 37

Remote Attestation

Question 38

What is a common protocol for a Directory service?

Answer 38

LDAP

Question 39

What is commonly coupled with an authentication service to authenticate entities (users, computers, etc…) attempting to access resources?

Answer 39

Directory services

Question 40

What is a common protocol used for authentication?

Answer 40

Kerberos

Question 41

What do you call a collection of domains that have established trust?

Answer 41

Federation

Question 42

What kind of server is a client to a RADIUS server?

Answer 42

Network Access Server

Question 43

What kind of server provides AAA services?

Answer 43

RADIUS

Question 44

What AAA protocol uses UDP and encrypts the password only?

Answer 44

RADIUS

Question 45

What AAA protocol uses TCP and encrypts the entire session?

Answer 45

TACACS+

Question 46

What AAA protocol is based on RADIUS and improves many of the weaknesses of RADIUS, but is not compatible with RADIUS?

Answer 46

Diameter