Chapter 4 - Access Control, Authentication & Authorization Flashcards Preview

Security + > Chapter 4 - Access Control, Authentication & Authorization > Flashcards

Flashcards in Chapter 4 - Access Control, Authentication & Authorization Deck (38)
Loading flashcards...
1

What's the concept behind "access control"?

4-131

Let the right ones in, keep the wrong ones out.

2

Tell me the difference between identification and authentication.

4-131

identification - finding out who someone is

authentication - verifying the identification

3

You have two or more parties authenticating each other. What is this called?

4-132

mutual authentication

4

You have an authentication process, and in that process, two or more access methods are included. What kind of authentication system is this?

4-133

multifactor authentication

5

Tell me the 5 "factors" you have to work with when building your authentication system.

4-131

something you know, have, are, or do
somewhere you are

6

What does NAC stand for?

4-134

network access control

7

True/False: Security tokens are used to identify and authenticate the user, and because of this, they are similar to certificates.

4-135

True

8

You have a group of computer networks that all agree on standards of operation. What do you call this?

hint: Star Wars

4-135

a federation

9

Your identity, linked with your priveleges, allows you to cross business units and business boundaries. What kind of identity is this?

4-135

a federated identity

10

You are a user on a client PC communicating with an authentication server. Tell me the steps involved in the security token authentication.

4-136

server presents a challenge to the pc
pc provides a response
server sends a token device challenge
pc sends back a valid certificate
server grants authentication

11

You have an Active Directory and the domains of your forest trust each other. By default, these trusts are _______ and _______.

4-136

two-way, transitive

12

Tell me the difference between PAP and SPAP.

4-139

PAP sent stuff in plain text. SPAP encrypts stuff, THEN sends it.

13

A protocol was designed to stop man-in-the-middle attacks. What is that protocol?

There is another protocol that uses the aforementioned protocol to provide authentication. which protocol is that?

4-139

CHAP

PPP

14

Which protocol uses a time based factor for the creation of new passwords?

4-139

TOTP

15

Which protocol is based on a hash message algorithm?

4-139

HOTP

16

Tell me the lockout policies at the local level. There are three of them

4-141

account lockout duration
account lockout threshold
reset account lockout counter after

17

Explain to me what SLIP is.

4-143

Serial Line Internet Protocol. It's an older protocol, was used in early remote access situations, was not secure, and could only be used to pass TCP/IP traffic.

18

Tell me 4 options that are common for remote authentication.

hint: tacks in a circle

4-143

TACACS, TACACS+, XTACACS, RADIUS

19

We've talked about tunneling protocols like PPTP, L2TP and SSH. How is IPSec different from these?

4-145

It isn't a tunneling protocol, but is used alongside a tunneling protocol. It is primarily used in LAN to LAN connections, but can also be used with some remote connections.

20

Tell me the major difficulty with a single-server RADIUS environment.

4-145

If the server malfunctions, the entire network may refuse connections.

21

What is SAML for?

4-147

authentication and authorization, based on XML

22

You are using a KDC to get authentication to receive services from a server. What's the problem with this?

4-148

the KDC is a single point of failure

23

Tell me the 4 primary methods of access control.

4-150

mandatory access control - predefined
discretionary access control - some flexibility
role-based access control - user's role dictates access capabilities
rule-based access control - limits the user to settings in preconfigured policies

24

What is the SA account?

4-153

the system administrator

25

Why would you perform an access review?

4-154

To determine if someone's access level is still appropriate.

26

There is a smart card used by the Department of Defense. What type of card is this?

4-155

Common Access Card

27

You are tweaking the tolerance for unanswered login attacks on your firewall. Which feature are you adjusting?

4-158

the flood guard

28

You want to prevent broadcast loops. Which feature will you use?

4-158

Loop protection

29

You have a trusted operating system that meets a set of requirements for security. Whose requirements are those?

4-159

the government's

30

You have Evaluation Assurance Levels 1-7. Tell me very briefly about each one of them.

4-159

1-threats to security aren't viewed as serious
2-good design practices for products
3-moderate levels of security
4-common benchmark for commercial security
5-high level security, security engineering has been implemented
6-specialized security engineering
7-extremely high level security