Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > 3.8 Implement authentication and authorization solutions > Flashcards

3.8 Implement authentication and authorization solutions Flashcards

1
Q

Authentication management: what is a password vault ?

A

Password manager that allow to store all password in one secure location: a database of credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication management: is password encrypt in a password vault ?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authentication management: what is a TPM ?

A

Trusted Platform Module is a feature on the motherboard that provide cryptography functions. It is a random nb generator and a key generator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Authentication management: what is a HSM ?

A

Hardware Security Module is high-end cryptographic hardware that provide a secure storage for keys. It is used in very large environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authentication management: what is KBA ?

A

Knowledge-based authentication use personal knowledge as an authentication factor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Authentication management: what is static KBA ?

A

Pre-configured shared secret that is often use with account recovery
Ex: “what was the colour of your 1st car?”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Authentication management: what is dynamic KBA ?

A

Questions are based on an identity verification service (from public record, private info)
Ex: “what was the street nb when you lived in Pembroke, Florida?”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

PAP & CHAP: what is a AAA server ?

A

A server that provide authentication, authorization and accountability. It checks username and password to see if it’s valid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

PAP & CHAP: what is a PAP ?

A

Password Authentication Protocol is a protocol for basic authentication and used in legacy (old) OS because credentials are send in clear

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

PAP & CHAP: what is a CHAP ?

A

Challenge-Handshake Authentication Protocol provide encrypted challenge for credentials.
It use a 3 ways handshake:
- After link is established, server sends a challenge message
- Clients responds with a password hash calculated from the challenge and password
- Server compares received hash with stored hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PAP & CHAP: what is a MSCHAP ?

A

Microsoft CHAP used on Microsoft’s Point-to- Point Tunneling Protocol (PPTP), however it is not secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Identity & access management: what is RADIUS ?

A

Remote Authentication Dial-in User Service is one of the more common networking protocol use with AAA server. It sends Access-Request packets for authentication and Accounting-Request packets for accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Identity & access management: what is TACACS?

A

Terminal Access Controller Access-Control System is a remote authentication protocol created to control access to dial-up lines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Identity & access management: what is Kerberos?

A

Kerberos has been introced by Microsoft and is a network authentication protocol able to use SSO.
It also provides mutual authentication, both the client & server authenticate to each other to avoid replay attack or on-path attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Identity & access management: what is SSO?

A

You authenticate one time and then you are trusted by the system and can access different file shares, print to different printers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Identity & access management: why Kerberos can be reffered as a ticketing system?

A

Because the cryptography that Kerberos use is referenced as a cryptographic ticket

17
Q

Identity & access management: how kerberos works?

A

Kerberos has three parts: a client, server, and trusted third party (KDC) to mediate between them. Clients obtain tickets from the Kerberos Key Distribution Center (KDC), and they present these tickets to servers when connections are established.

18
Q

Identity & access management: what are the != SSO methods ?

A

Kerberos, SAML, smart-card

19
Q

Identity & access management: which one of RADIUS, TACACS or Kerberos use ?

A
  • RADIUS: to use when you have a VPN concentrator because it can talk to a RADIUS server
  • TACACS: when you want to connect to a cisco device
  • Kerberos: use on a microsoft network
20
Q

Federated Identities: what is federation ?

A

A way to provide access network access to others
EX: Log in with Twitter/Google etc

21
Q

Federated Identities: what is SAML and why is it use in federation ?

A

SAML is an open standard for authentication and authentication for users to access 3rd party resources.

22
Q

Federated Identities: what is SAML authentication flow ?

A

1/ User try to access an application URL
2/ The application’s server sends encrypted SAML request and redirect the user to Authorization server
3/ User logs in
4/ Authentication successful and SAML token is generated
5/ User presents SAML token to the application server
6/ SAML token is verified & access are granted

23
Q

Federated Identities: what is OAuth ?

A

OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it’s OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password.
OAuth is about authorization and not authentication. Authorization is asking for permission to do stuff.

24
Q

Access control: what is access control for ?

A

It is use to determine what type of access a user can have

25
Q

Access control: what are the different access control ?

A
  • MAC
  • DAC
  • RBAC
  • ABAC
  • Rule-based access control
  • Conditional access
  • PAM
26
Q

Access control: what is MAC ?

A

Mandatory Access Control is a mean of restricting access to system resources based on the sensitivity (for confidential, secret doc )

27
Q

Access control: what is DAC ?

A

Discretionary Access Control: the owner control the access to the file he created
As the access is very flexible, it is not the best security option

28
Q

Access control: what is RBAC ?

A

Role-based access control: access are granted based on their roles

29
Q

Access control: what is ABAC ?

A

Attribute-based access control: provides access to users based on who they are rather than what they do: for example, the business unit they work in and how they were hired.

30
Q

Access control: what is rule-based access control ?

A

Access is determined through system-enforced rule
EX: lab network access only available between 9 to 5; only Chrome browsers may complete this web form

31
Q

Access control: what is conditional access ?

A

Access are granted based on certain condition: employee or partner, location, type of application. Then set up controls based on those conditions: allow or block, require MFA, provide limited access

32
Q

Access control: what is PAM ?

A

Superuser access

Security+ (35 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions