Chapter 2 first half

Question 1

Occurs when users claim (or profess) their identity with identifiers such as usernames or e-mail addresses.

Answer 1

Identification

Question 2

Users provide their identity with this

IE password.

Answer 2

Authentication

Question 3

AAA

Answer 3

Authentication, Authorizations, and Accounting

Work together with identification to provide a comprehensive access management system.

Question 4

Grants users access to resources based on their proven identity.

Answer 4

Authorization

Question 5

Tracks user activity and record it in logs.

Answer 5

Accounting

Question 6

Allows security professionals to recreate the events that preceded and security incident.

Answer 6

Audit Trail

Question 7

An authentication factor that typically refers to a shared secret, such as a password or PIN. This is the least secure form of Authentication.

Answer 7

Something You Know

Question 8

GPO

Answer 8

Group Policy Object

Question 9

Enforce Password History

Answer 9

Remembers past passwords and prevents the user from using previously used passwords. IE if set to 24, prevents user from using previous 24 passwords.

Question 10

Maximum Password Age

Answer 10

Defines when users must change their password. IE if set to 45 days, their password will expire in 45 days.

Question 11

Minimum Password Age

Answer 11

Defines how long users must wait before they change their password.

Question 12

Minimum Password LEngth

Answer 12

Enforces character length of password.

Question 13

Store Passwords using Reversible Encryption

Answer 13

Reversible encryption stores the password in such a way that the original password can be discovered.

Question 14

Authentication factor that refers to something you can physically hold.

Answer 14

Something You Have

Question 15

Credit-card sized cards that have an embedded microchip and a certificate.

Answer 15

Smart Card

Question 16

Embedded Certificate

Answer 16

Holds a users private key (only accessible by the users) and is matched with a public key (available to others).

Question 17

PKI

Answer 17

Public Key Infrastructure

Supports issuing and managing certificates.

Question 18

Common Access Cards

Answer 18

Specialized type of smart card used by the DOD.

Question 19

Personal Identity Verification Card

Answer 19

PIV

Specialized type of smart card used by the US Federal Agencies.

Question 20

Token (or Key Fob)

Answer 20

An electronic device the size of a remote key for a car, including a LCD that displays a number, which changes periodically. This password is a rolling password, for one time use.

Question 21

HMAC

Answer 21

Hashing-based Message Authentication Code

Uses a hashing function and cryptographic key for many different cryptographic functions.

Question 22

HOTP

Answer 22

HMAC One-Time Password
An open standard used for creating one-time passwords, algorithm combines a secret key and an incrementing counter, and used HMAC to create a hash of the result. Then it converts the result into an HOTP value of 6-8 digits.

Question 23

TOTP

Answer 23

Time-based One-Time Password

Similar to HOTP, but uses a timestamp instead of a counter, they typically expire after 30 seconds.

Question 24

Authentication factor that uses biometrics for authentication.

Answer 24

Something You Are

Question 25

Retina Scanner

Answer 25

Scans the retina of one or both eyes and uses pattern of blood vessels at the back of the eye for recognition.

Question 26

Iris Scanner

Answer 26

Scan the retina of one or both eyes and uses pattern of blood vessels at the back of the eye for recognition.

Question 27

Voice Recognition

Answer 27

Use speech recognition methods to identify different acoustic features.

Question 28

False Acceptance

Answer 28

When a biometric system incorrectly identifies an unauthorized user as an authorized user.

Question 29

FAR

Answer 29

False Acceptance Rate | Identifies the percentage of times false acceptance occurs.

Question 30

False Rejection

Answer 30

When a biometric system incorrectly rejects an authorized user.

Question 31

FRR

Answer 31

False Rejection Rate | Identifies the amount of times false rejections occur.

Question 32

CER

Answer 32

Crossover Error Rate | The point where the FAR crosses over with the FRR.

Question 33

Authentication factor that identifies a users location.

Answer 33

Somewhere You Are

Question 34

Authentication factor that refers to actions that you can take such as gestures on a touch screen. IE tapping a head in a picture

Answer 34

Something You Do

Question 35

Dual-Factor Authentication

Answer 35

Uses two different factors of authentication.

Question 36

Multifactor Authentication

Answer 36

Uses two or more factors of authentication, which be by two different methods.

Question 37

Kerberos

Answer 37

A network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms. It provides mutual authentication that can help prevent man-in-the-middle attacks and uses tickets to help prevent replay attacks.

Question 38

Kerberos requires several requirements for it to work:

Answer 38

A method of issuing tickets used for authentication. Time synchronization. A database of subjects and users.

Question 39

KDC

Answer 39

Key Distribution Center Packages user credentials with in a ticket and uses a complex process of issuing ticket-granting tickets (TGTs) and other tickets.

Question 40

NLTM

Answer 40

New Technology LAN Manager

Question 41

NLTM is a suite of protocols that provide what three things within Windows Systems?

Answer 41

Authentication, integrity, and confidentiality.

Question 42

At their most basic, what do NLTMs use to challenge users and check their credentials?

Answer 42

A message Digest hashing algorithm.

Question 43

What are the 3 versions of NLTMs and what are they?

Answer 43

NTLM - simple MD4 hash of a users password. NTLMv2 - a challenge -response authentication protocol. NTLM2 - same as v2 but adds a mutual authentication.

Question 44

LDAP

Answer 44

Lightweight Directory Access Protocol Specifies formats and methods to query directories. It is an extension of the X.500