Section 2.4 Authentication and Authorization Design concepts Flashcards

1
Q

What authentication concept is the process of presenting valid credentials to the system?

A

Identification/Identity Proofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What authentication concept is the process of validating the user’s identification?

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What authentication concept is the act of granting permission to an object?

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What authentication concept is the process of logging a users’ activities and behaviors, the amount of data they use, and the resources they consume?

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the AAA in the AAA framework stand for?

A

Authentication, Authorization, and Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What authentication refers to requiring only one factor (such as a password) to authenticate a user?

A

Single-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What authentication typically combines two single-factor authentication types, such as something the user knows and something the user possesses?

A

Two-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the strongest form of user authentication?

A

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What authentication involves a combination of physical item, such as a smart card, token, or biometric factor, and a non-physical item, such as a password, passphrase, or PIN?

A

Multifactor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What do you call a repository of information regarding the users and resources of a network?

A

Directory services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What service is the underlying protocol that is found in most modern directory service implementations?

A

LDAP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does LDAP stand for?

A

Lightweight Directory Access Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What protocol uses TCP port 389?

A

LDAP (unencrypted)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What protocol uses TCP port 689?

A

LDAP over SSL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What protocol uses TCP port 636?

A

LDAP over TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What concept allows the user to be authenticated only once on the network to access the resources on it?

A

Single Sign-on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What concept allows a users identity and associated attributes to be carried with them across enterprise boundaries?

A

Federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Federated identities center on the concept of _________, where the trust relationship between the two domains allows authentication of trusted users across both domains?

A

Transitive Trust

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What do you call an algorithm that generates one-time use passwords, referred to as 2 step authentication?

A

HMAC-based One Time Password (HOTP)

20
Q

What is it called when you add the element of time to the general HOTP concept?

A

Time-based one-time password (TOTP)

21
Q

What is a physical device that is inserted into a system to validate your identity through the “something you have” factor?

A

Token Key

22
Q

What uses a unique physical attribute to identify a user?

A

Biometrics

23
Q

What measurement is how well an authentication method performed correcty?

A

Efficacy rate

24
Q

What measurement is where the False Acceptance and False Rejection rates are equal?

A

Crossover Error Rate

25
Q

What is critical for protecting the cloud because authentication services for cloud based services are centralized, at times with a combination of cloud and on premises solutions?

A

Device Security

26
Q

CSP’s must ensure that users only receive access to their resources by practicing what two things?

A

Due Diligence
Defense in Depth

27
Q

What kind of server provides a centralized directory that can be used to securely authenticate a user to multiple services on the same network?

A

LDAP Server

28
Q

What kind of authentication method uses a keyed-hash message authentication code (HMAC) and relies on two pieces of info: the seed (a secret known only by the token and validating server) and a moving factor (a counter)?

A

HMAC-based One Time Password

29
Q

What kind of authentication method is based on HOTP but where the moving factor is time instead of the counter?

A

Time-based One Time Password

30
Q

What do you call a one-time password provided on a hardware or software token generator?

A

Token key

31
Q

Authenticator applications are common software solutions for?

A

Token keys

32
Q

What is a static set of numbers and letters to provide for authentication? A common example is a password or passphrase.

A

Static Code

33
Q

What is a credit card sized token that contains a certificate and is used for authentication in conjunction with a PIN? Generally requires physical proximity to or insertion into a reader.

A

Smart card

34
Q

What is a software-based authenticator that implements two-step verification services using the Time-based One Time Password Algorithm and HMAC-based One Time Password Algorithm for authenticating users of software applications?

A

Authentication Applications

35
Q

What is the process where the server is pushing down the authenticator information to your mobile device?

A

Push Notifications

36
Q

What is the process o confirming the device (laptop, mobile device, etc…) is an approved device compliant with company policies?

A

Attestation

37
Q

What authentication method involves checks that occur on a local device and are reported to a verification server?

A

Remote Attestation

38
Q

What is a common protocol for a Directory service?

A

LDAP

39
Q

What is commonly coupled with an authentication service to authenticate entities (users, computers, etc…) attempting to access resources?

A

Directory services

40
Q

What is a common protocol used for authentication?

A

Kerberos

41
Q

What do you call a collection of domains that have established trust?

A

Federation

42
Q

What kind of server is a client to a RADIUS server?

A

Network Access Server

43
Q

What kind of server provides AAA services?

A

RADIUS

44
Q

What AAA protocol uses UDP and encrypts the password only?

A

RADIUS

45
Q

What AAA protocol uses TCP and encrypts the entire session?

A

TACACS+

46
Q

What AAA protocol is based on RADIUS and improves many of the weaknesses of RADIUS, but is not compatible with RADIUS?

A

Diameter