Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security+ > Authentication > Flashcards

Authentication Flashcards

1
Q

Multi-factor Authentication

A

Use of two or more authentication factors to prove a user’s identity
• Knowledge
• Ownership
• Characteristic
• Location
• Action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

One-Time Passwords

A

§ Time-based One Time Password (TOTP)
• A password is computed from a shared secret and current time
§ HMAC-based One Time Password (HOTP)
• A password is computed from a shared secret and is synchronized between the client and the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Authentication Models

A

Context-aware Authentication
Single Sign-On (SSO)
Federated Identity Management (FIdM)
OpenID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Context-aware Authentication

A

§ Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect
§ Restrict authentication based on the time of day or location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Single Sign-On (SSO)

A

A default user profile for each user is created and linked with all of the resources needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Federated Identity Management (FIdM)

A

A single identity is created for a user and shared with all of the organizations in a federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cross-Certification
Federated Identity Management (FIdM)

A

Utilizes a web of trust between organizations where each one certifies others in the federation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Trusted Third-Party
Federated Identity Management (FIdM)

A

• Organizations are able to place their trust in a single third-party (also called the bridge model)
• Trusted third-party model is more efficient than a cross certification or web of trust model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Assertion Markup Language (SAML)

A

Attestation model built upon XML used to share federated identity management information between systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

OpenID

A

• An open standard and decentralized protocol that is used to authenticate users in a federated identity management system
• User logs into an Identity Provider (IP) and uses their account at Relying Parties (RP)
• OpenID is easier to implement than SAML
• SAML is more efficient than OpenID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

802.1x

A

§ Standardized framework used for port-based authentication on wired and wireless networks
§ RADIUS
§ TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Extensible Authentication Protocol (EAP)

A

§ A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure
§ EAP-MD5 uses simple passwords for its challenge-authentication
§ EAP-TLS uses digital certificates for mutual authentication
§ EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

EAP-FAST

A

§ Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Protected EAP (PEAP)

A

Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

LEAP

A

LEAP is proprietary to Cisco-based networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lightweight Directory Access Protocol (LDAP)

A

§ A database used to centralize information about clients and objects on the network
§ Unencrypted
• Port 389
§ Encrypted
• Port 636
§ Active Directory is Microsoft’s version

17
Q

Kerberos

A

An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets
• Port 88
A domain controller can be a single point of failure for Kerberos

18
Q

Remote Desktop Protocol (RDP)

A

§ Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via a GUI
§ RDP doesn’t provide authentication natively
§ Port 3389

19
Q

Virtual Network Computing (VNC)

A

§ Cross-platform version of the Remote Desktop Protocol for remote user GUI access
§ VNC requires a client, server, and protocol be configured
§ Port 5900

20
Q

Remote Desktop Services

A

o Remote Desktop Protocol (RDP)
o Virtual Network Computing (VNC)

21
Q

Remote Access Services

A

o Password Authentication Protocol (PAP)
o Challenge Handshake Authentication Protocol (CHAP)

22
Q

Password Authentication Protocol (PAP)

A

Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)

23
Q

Challenge Handshake Authentication Protocol (CHAP)

A

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers

24
Q

Virtual Private Network (VPN)

A

§ Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network
§ Client-to-Site VPN or Remote Access VPN

25
Q

VPN Concentrator

A

Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers

26
Q

Split Tunneling

A

§ A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection
§ Prevent split tunneling through proper configuration and network segmentation

27
Q

Remote Authentication Dial-In User Service (RADIUS)

A

§ Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)
§ RADIUS operates at the application layer

Centralization administration system for dial-up, VPN, and wireless authentication that uses either ports 1812/1813 (UDP) or 1645/1646 (UDP)

28
Q

TACACS+

A

Cisco’s proprietary version of RADIUS that provides separate authentication and authorization functions over port 49 (TCP)

29
Q

Authentication Attacks

A

Spoofing
Man-in-the-Middle Attack
Password Spraying
Credential Stuffing
Broken Authentication

30
Q

Spoofing

A

A software-based attack where the goal is to assume the identity of a user, process, address, or other unique identifier

31
Q

Man-in-the-Middle Attack

A

§ An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts
§ Man-in-the-browser (MitB) is an attack that intercepts API calls between the browser process and its DLLs
§ Online password attacks involve entering guessing directly to a service
§ Restricting the number or rate of login attempts can prevent online password attacks

32
Q

Password Spraying

A

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

33
Q

Credential Stuffing

A

§ Brute force attack in which stolen user account names and passwords are tested against multiple websites
§ Credential stuffing can be prevented by not reusing passwords across different websites

34
Q

Broken Authentication

A

A software vulnerability where the authentication mechanism allows an attacker to gain entry
• Weak password credentials
• Weak password reset methods
• Credential exposure
• Session hijacking

Security+ (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions