Udemy-Domain 5 Flashcards

1
Q

___ allow a user to try again after an incorrect password has been entered a certain number of times, but only after a time delay, and is a measure to ___

A

clipping levels; reduce administrative overhead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DOD and Microsoft recommend passwords expire after ___ days, with a minimum age of ___ days and a history or ___ passwords

A

90; 2; 24

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DOD and Microsoft recommend passwords be at least ___ characters long and meet complexity requirements

A

8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

single-use passwords (including TAN - Transaction Authentication Numbers) are type ___ authentication

A

2 (something you have)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

“realistic” authentication is another word for type ___

A

3 (something you are/biometric)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

from a legal perspective, one issue with biometric scans is that they might ___

A

invade a users privacy by revealing medical conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

one issue with biometric authorization is that if it is compromised ___

A

it can’t be changed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

authentication control models tend to emphasize different legs of the CIA triad:
Mandatory Access Control emphasizes ___
Discretionary Access emphasizes ___
Role/Attribute-Based Access emphasizes ___

A

Confidentiality;
Availability;
Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

the most commonly used access control (esp. in the business world) is ___, which is usually combined with a “need to know” qualification

A

Role-Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the Attributes in ABAC can belong to the ___, ___ or ___

A

subject, object/content, environment (context/circumstances)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

the ___ in AAA access management requires non-repudiation

A

Accountability/Auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Entities (people or organizations) can have multiple ___, which in turn have multiple ___

A

Identities; attributes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

___ an account creates a problem with audit trails, so generally better to ___ it

A

deleting; lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Single Sign-On is a subset of ___ Identity Management

A

Federated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

the most important application of SAML is ___

A

web browser single sign-on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

___ sign-on is a form of single sign-on, like websites allowing you to use your Facebook account to login - good for the website (which now has all your FB data) but bad for you and your privacy

A

Super

17
Q

___ is considered a successor to Kerberos for authentication, it is not widely used yet, but solves the problem of ___ by using ___

A

SESAME (Secure European System for Applications in a Multi-vendor Environment); plaintext storage of shared keys; PKI

18
Q

the SESAME authentication system issues ___ instead of the tickets issued by Kerberos

A

PAC (Privilege Attribute Certificates)

19
Q

RADIUS uses UDP ___ for authentication and UDP ___ for accounting

A

1812; 1813

20
Q

Diameter is an authentication intended to replace RADIUS, but mainly used now for ___

A

3G and 4G applications

21
Q

the advantage of TACACS+ over RADIUS is that it ___

A

encrypts the entire credential package, not just the password

22
Q

CHAP defends against replay attacks by periodically verifying the client with a 3-way handshake, but has the weakness of ___

A

storing plaintext passwords on the server