Chapter 2: Understanding Identity and Access Management

Question 1

What is Authentication?

Answer 1

The method(s) an individual uses to prove an identity.

Question 2

What is Identification?

Answer 2

An action that occurs whenever a user makes a claim about their identity.

Question 3

What does AAA stand for?

Answer 3

Authentication, Authorization, and Accounting.

Question 4

What is the AAA process?

Answer 4

If a user can authenticate their identity, then the user is granted authorization to access resources based on their identity. Then their accounts are accounted for by tracking their activities in logs. AAA works together with identification.

Question 5

What is an Audit Trail?

Answer 5

Created by collecting logs on activities and events which allow security professionals to recreate the events that preceded a security incident.

Question 6

What are Authentication Factors?

Answer 6

The different methods used to authenticate a user.

Question 7

What is “Something you know”?

Answer 7

It is an authentication factor that refers to a shared secret. Considered the least secure because secrets can be stolen.

Question 8

What are examples of “Something you know”?

Answer 8

Passwords (length, expiration/age, history, manage/ etc).

Question 9

What is Static Knowledge-based Authentication?

Answer 9

Typically used to verify identity when you’ve forgotten your password with questions you would know the answers to (e.g. mother’s maiden name).

Question 10

What is Dynamic Knowledge-based Authentication?

Answer 10

Typically used to verify an individual’s identity without an account. Organizations query public and private data sources to ask questions (e.g. which high school did you attend)?

Question 11

What is Identity Proofing?

Answer 11

It’s a security measure to confirm a new user’s identity when they are creating an account for the first time (e.g. collecting PII, checking official docs, etc).

Question 12

What is an Account Lockout Threshold?

Answer 12

The maximum amount of times a user can enter their password incorrectly. Once the threshold is reached, the system locks the user’s account.

Question 13

What is an Account Lockout Duration?

Answer 13

Indicates how long an account remains locked (could be a minute, could be indefinite until an admin unlocks the account).

Question 14

What is “Something you have”?

Answer 14

An authentication factor that refers to something that you can physically hold.

Question 15

What is a Smart Card?

Answer 15

Credit card-sized card that have an embedded microchip and a certificate. They are often used with two-factor authentication.

Question 16

What are Embedded Certificates?

Answer 16

They hold a user’s private key (only accessible to the user) and is matched with a public key (available to others). The private key is used each time the user log on to a network.

Question 17

What is a Security Key?

Answer 17

A small electronic device used to authenticate in to systems.

Question 18

What is a Hard Token (Hardware token)?

Answer 18

A small electronic device that displays a number on the screen which is used to authenticate a user.

Question 19

What is a One-Time Password (OTP)?

Answer 19

A temporary, single-use code that’s used to verify your identity (proves you’re in possession of the token).

Question 20

What is a Soft Token (Software Token)?

Answer 20

An application that runs on a user’s smartphone and generates an OTP.

Question 21

What is HMAC-OTP?

Answer 21

An algorithm that changes the numeric code based on a moving counter. The server and token use the algorithm with a shared private key to generate the next code.

Question 22

What is Time-based-OTP (TOTP)?

Answer 22

An algorithm that changes their code based upon the current time. The OTP they generate usually lasts only 30-60secs.

Question 23

What is “Something you are”?

Answer 23

It is an authentication factor that refers to the use of biometrics for authentication.

Question 24

What are Fingerprints?

Answer 24

Systems that use fingerprint scanners to read a person’s fingerprints to authenticate their identity.

Question 25

What is Vein Matching?

Answer 25

Systems that authenticate a user using near-infrared light to view their vein patterns (usually on the palm).

Question 26

What is Retina Imaging?

Answer 26

Systems that authenticate a user using retina scanners of one or both eyes. Unpopular because they are physically and medically intrusive.

Question 27

What are Iris Scanners?

Answer 27

Systems that authenticate a user using infrared technology to capture the unique pattern of the iris around the pupil. They can take pictures from 3-10in away, avoiding physical contact.

Question 28

What is Facial Recognition?

Answer 28

Systems that authenticate users based on their facial features which include the size, shape, and position of their eyes, nose, mouth, cheekbones, and jaw.

Question 29

What is Voice Recognition?

Answer 29

Systems that authenticate users based on their speech. People's voices differ from others due to the varying sizes of everyone's mouth and throat.

Question 30

What is a Gait Analysis?

Answer 30

Systems that authenticate users based on the way they walk/run.

Question 31

What is considered the best biometric method of authentication?

Answer 31

Both retina and iris. However, iris is preferred because it's less intrusive.

Question 32

What is a system's Efficacy Rate?

Answer 32

Refers to the performance of the system under ideal conditions.

Question 33

What is False Acceptance?

Answer 33

Whenever a biometric system incorrectly identifies a user as a register user.

Question 34

What is False Acceptance Rate (FAR)?

Answer 34

The percentage of time false acceptances occur.

Question 35

What is False Rejection?

Answer 35

Whenever a biometric system incorrectly rejects a registered user.

Question 36

What is False Rejection Rate (FRR)?

Answer 36

Identifies the percentage of times a false rejection occurs.

Question 37

What is True Acceptance?

Answer 37

Whenever a biometric system correctly identifies a registered user.

Question 38

What is True Rejection?

Answer 38

Whenever a biometric system correctly rejects an unknown user.

Question 39

What is the Crossover Error Rate (CER)?

Answer 39

The point where the FAR crosses over with the FRR. A lower CER indicates that the biometric system is more accurate.

Question 40

What happens if you tighten the biometrics system to avoid false accepts (security focus)?

Answer 40

You risk more false rejections, frustrating users.

Question 41

What happens if you loosen the biometrics system (convenience)?

Answer 41

You risk more false accepts, increasing security risks.

Question 42

What is "Somewhere you are"?

Answer 42

An authentication factor that refers to a user's location for authentication.

Question 43

What is Impossible Travel Time?

Answer 43

A method that identifies when a user's account is accessed from locations within a time frame that's not possible for normal travel.

Question 44

What is Two/Dual-Factor Authentication?

Answer 44

An authentication method that uses a combination of two of the following authentication factors: something you know, have, are, or somewhere you are.

Question 45

What is Multifactor Authentication?

Answer 45

An authentication method that uses two or more authentication factors (something you are, have, know, or somewhere you are).

Question 46

What is Passwordless Authentication?

Answer 46

Eliminates passwords altogether and replaces them with another authentication factor (no something you know methods).

Question 47

What are Authentication Logs?

Answer 47

Used to track successful/unsuccessful login attempts and contain what happened, when it happened, where it happened, and who or what did it.

Question 48

What is Account Management?

Answer 48

The process of creating, managing, disabling, and terminating accounts.

Question 49

What are Credential Policies?

Answer 49

Define the login policies for different personnel, devices, and accounts.

Question 50

What is Privileged Access Management (PAM)?

Answer 50

Allows organizations to apply more stringent security controls over elevated accounts to reduce the risk of insider threats, protect against external cyberattacks, meet compliancy requirements, and enhance visibility and control over critical systems.

Question 51

What are some of the capabilities of PAM?

Answer 51

Allowing users to access the privilege account without knowing the password. Automatically changing the privilege account passwords periodically. Limiting the time users can use the privilege account. Allow users to check out credentials. Log all access of credentials.

Question 52

What are Temporal Accounts?

Answer 52

Temporary administrative accounts that are issued for a limited period of time.

Question 53

What is Just-in-time permissions?

Answer 53

A practice that limits user access to resources and systems to predetermined time periods.

Question 54

Why isn't it a good idea to have shared and generic accounts?

Answer 54

If multiple users share a single account, you cannot implement authorization controls (AAA).

Question 55

What is Deprovisioning?

Answer 55

The process used to disable a user's account when they leave the organization.

Question 56

What are some examples of a good disablement policy?

Answer 56

Disabling the accounts of terminated employees (both resigned and fired), those on leave of absence, and eventual account deletion once the account is no longer necessary.

Question 57

What is a Time-based login?

Answer 57

Ensures that users can only log on to computers during specific times. AKA time-of-day restrictions.

Question 58

What are Account Audits?

Answer 58

The analysis of permissions and rights assigned to users to help enforce the least privilege principle.

Question 59

What is Privilege Creep?

Answer 59

When users gradually accumulate more access rights than they need to perform their jobs.

Question 60

What is Attestation?

Answer 60

The formal process for reviewing user permissions.

Question 61

What is Single Sign-on (SSO)?

Answer 61

An authentication service where a user can log-in once and access multiple systems without logging on again.

Question 62

What is a Federation?

Answer 62

A system where multiple organizations agree to trust each other's authentication, allowing users to access multiple services with a single set of credentials.

Question 63

What is the Security Assertion Markup Language (SAML)

Answer 63

An open standard that enables secure, single sign-on (SSO) by allowing identity providers to share authentication and authorization data with service providers.

Question 64

What doesn't SSO provide?

Answer 64

SSO does not provide authorization.

Question 65

What is OAuth?

Answer 65

An open standard that allows users to grant websites or apps limited access to their resources without sharing their password.

Question 66

What doesn't OAuth provide?

Answer 66

OAuth does not provide authentication.

Question 67

In the context of authorization models, what are Subjects?

Answer 67

Typically users, groups, or services that access an object.

Question 68

In the context of authorization models, what are Objects?

Answer 68

They are items such as files, folders, shares, and printers that subjects access.

Question 69

What is Role-based Access Control (role-BAC)?

Answer 69

A security model where user access is determined by their role, assigning permissions based on job responsibilities.

Question 70

What is Rule-based Access Control (rule-BAC)?

Answer 70

A security model where access decisions are based on predefined rules or conditions; such as time, location, or specific actions.

Question 71

What is Discretionary Access Control (DAC)?

Answer 71

A security model where the resource owner decides who can access or modify their resources.

Question 72

What is a Security Identifier (SID)?

Answer 72

A long string of numbers beginning with the letter S and separated by a series of dashes. They are used as identifiers for a user, user group, or other security principal.

Question 73

What is Mandatory Access Control?

Answer 73

A strict security model where access is controlled by a central authority based on classifications and security policies (uses labels to determine access).

Question 74

Name an OS that uses the MAC Scheme.

Answer 74

Security-enhanced Linux (SELinux).

Question 75

What is Attribute-based Access Control?

Answer 75

A security model where access decisions are based on the attributes of users, resources, and the environment rather than roles or rules.

Question 76

When analyzing authentication logs, what are some things you should be looking for?

Answer 76

Account lockouts, concurrent session usage, impossible travel time, blocked content, resource inaccessibility, and log anomalies.