Udemy-Domain 5 Flashcards
___ allow a user to try again after an incorrect password has been entered a certain number of times, but only after a time delay, and is a measure to ___
clipping levels; reduce administrative overhead
DOD and Microsoft recommend passwords expire after ___ days, with a minimum age of ___ days and a history or ___ passwords
90; 2; 24
DOD and Microsoft recommend passwords be at least ___ characters long and meet complexity requirements
8
single-use passwords (including TAN - Transaction Authentication Numbers) are type ___ authentication
2 (something you have)
“realistic” authentication is another word for type ___
3 (something you are/biometric)
from a legal perspective, one issue with biometric scans is that they might ___
invade a users privacy by revealing medical conditions
one issue with biometric authorization is that if it is compromised ___
it can’t be changed
authentication control models tend to emphasize different legs of the CIA triad:
Mandatory Access Control emphasizes ___
Discretionary Access emphasizes ___
Role/Attribute-Based Access emphasizes ___
Confidentiality;
Availability;
Integrity
the most commonly used access control (esp. in the business world) is ___, which is usually combined with a “need to know” qualification
Role-Based
the Attributes in ABAC can belong to the ___, ___ or ___
subject, object/content, environment (context/circumstances)
the ___ in AAA access management requires non-repudiation
Accountability/Auditing
Entities (people or organizations) can have multiple ___, which in turn have multiple ___
Identities; attributes
___ an account creates a problem with audit trails, so generally better to ___ it
deleting; lock
Single Sign-On is a subset of ___ Identity Management
Federated
the most important application of SAML is ___
web browser single sign-on