Section 2.4 Authentication and Authorization Design concepts Flashcards
What authentication concept is the process of presenting valid credentials to the system?
Identification/Identity Proofing
What authentication concept is the process of validating the user’s identification?
Authentication
What authentication concept is the act of granting permission to an object?
Authorization
What authentication concept is the process of logging a users’ activities and behaviors, the amount of data they use, and the resources they consume?
Accounting
What does the AAA in the AAA framework stand for?
Authentication, Authorization, and Accounting
What authentication refers to requiring only one factor (such as a password) to authenticate a user?
Single-factor authentication
What authentication typically combines two single-factor authentication types, such as something the user knows and something the user possesses?
Two-factor authentication
What is the strongest form of user authentication?
Multifactor authentication
What authentication involves a combination of physical item, such as a smart card, token, or biometric factor, and a non-physical item, such as a password, passphrase, or PIN?
Multifactor authentication
What do you call a repository of information regarding the users and resources of a network?
Directory services
What service is the underlying protocol that is found in most modern directory service implementations?
LDAP
What does LDAP stand for?
Lightweight Directory Access Protocol
What protocol uses TCP port 389?
LDAP (unencrypted)
What protocol uses TCP port 689?
LDAP over SSL
What protocol uses TCP port 636?
LDAP over TLS
What concept allows the user to be authenticated only once on the network to access the resources on it?
Single Sign-on
What concept allows a users identity and associated attributes to be carried with them across enterprise boundaries?
Federation
Federated identities center on the concept of _________, where the trust relationship between the two domains allows authentication of trusted users across both domains?
Transitive Trust
What do you call an algorithm that generates one-time use passwords, referred to as 2 step authentication?
HMAC-based One Time Password (HOTP)
What is it called when you add the element of time to the general HOTP concept?
Time-based one-time password (TOTP)
What is a physical device that is inserted into a system to validate your identity through the “something you have” factor?
Token Key
What uses a unique physical attribute to identify a user?
Biometrics
What measurement is how well an authentication method performed correcty?
Efficacy rate
What measurement is where the False Acceptance and False Rejection rates are equal?
Crossover Error Rate
What is critical for protecting the cloud because authentication services for cloud based services are centralized, at times with a combination of cloud and on premises solutions?
Device Security
CSP’s must ensure that users only receive access to their resources by practicing what two things?
Due Diligence
Defense in Depth
What kind of server provides a centralized directory that can be used to securely authenticate a user to multiple services on the same network?
LDAP Server
What kind of authentication method uses a keyed-hash message authentication code (HMAC) and relies on two pieces of info: the seed (a secret known only by the token and validating server) and a moving factor (a counter)?
HMAC-based One Time Password
What kind of authentication method is based on HOTP but where the moving factor is time instead of the counter?
Time-based One Time Password
What do you call a one-time password provided on a hardware or software token generator?
Token key
Authenticator applications are common software solutions for?
Token keys
What is a static set of numbers and letters to provide for authentication? A common example is a password or passphrase.
Static Code
What is a credit card sized token that contains a certificate and is used for authentication in conjunction with a PIN? Generally requires physical proximity to or insertion into a reader.
Smart card
What is a software-based authenticator that implements two-step verification services using the Time-based One Time Password Algorithm and HMAC-based One Time Password Algorithm for authenticating users of software applications?
Authentication Applications
What is the process where the server is pushing down the authenticator information to your mobile device?
Push Notifications
What is the process o confirming the device (laptop, mobile device, etc…) is an approved device compliant with company policies?
Attestation
What authentication method involves checks that occur on a local device and are reported to a verification server?
Remote Attestation
What is a common protocol for a Directory service?
LDAP
What is commonly coupled with an authentication service to authenticate entities (users, computers, etc…) attempting to access resources?
Directory services
What is a common protocol used for authentication?
Kerberos
What do you call a collection of domains that have established trust?
Federation
What kind of server is a client to a RADIUS server?
Network Access Server
What kind of server provides AAA services?
RADIUS
What AAA protocol uses UDP and encrypts the password only?
RADIUS
What AAA protocol uses TCP and encrypts the entire session?
TACACS+
What AAA protocol is based on RADIUS and improves many of the weaknesses of RADIUS, but is not compatible with RADIUS?
Diameter