Chapter 4

Question 1

Access Control

Answer 1

allowing the correct users onto the system.

131

Question 2

Identification versus Authentication

Answer 2

Authentication is a step beyond identification. It requires verifying who that person is… for example a login and a password.
131

Question 3

5 Factors of authentication

Answer 3

Something you know (PIN, password, etc)
Something you have (smart card, token, etc)
Something you are (biometrics)
Something you do (finger pattern in phone)
Somewhere you are (in the correct country)

Question 4

Mutual Authentication

Answer 4

When two or more parties authenticate each other

Question 5

Layered Security vs Defense in Depth

Answer 5

They’re the same thing!

it means don’t rely to heavily on one form of authentication. Instead implement multiple layers of security. IE Multiple locked doors to get to the server
133

Question 6

Operational Security

Answer 6

How an organization achieves its goals. Includes network access control, authentication, and security topologies after the network installation is complete
134

Question 7

Security Tokens

Answer 7

ID and authenticate a user. They contain certain rights and access priviledges of the token bearer.

in other words a small piece of data that holds info about the user

Question 8

Federation

Answer 8

A collection of computer networks that agree on standards of operation including security standards.

Outside of computers: Dominos and papa johns both let you order online and deliver the pizza to you
135

Question 9

Federated Identity

Answer 9

Linking a user’s ID with their privileges in a manner that can be used across business boundaries
135

Question 10

Transitive Access

Answer 10

If A = B and B = C then A = C
Basically one group trusts you because another group that they trust trusts you.

It’s easier but all of this trusting makes the trusters suceptable to hacking
136

Question 11

PAP

Answer 11

Password Authentication Protocol

Sends the username and password to the authentication server in plain text
139

Question 12

SPAP

Answer 12

Shiva Password Authentication Protocol

Replaced PAP. Encrypts the username and password
139

Question 13

CHAP

Answer 13

Challenge Handshake Authentication Protocol

designed to stop man-in-the-middle attacks. During the initial authentication, the connecting machine is asked to generate a random number (usually a hash) and send it to the server
139

Question 14

TOTP

Answer 14

Time-Based One-Time Password

algorithm uses a time-based factor to create unique passwords
139

Question 15

HOTP

Answer 15

HMAC-Based One-Time Password

algorithm based on using a Hash Message Authentication Code algorithm.
139

Question 16

SAML

Answer 16

Security Assertion Markup Language

Open standard based on XML. Often used to identify someone coming through an ISP
147

Question 17

TACACS

Answer 17

Terminal Access Controller Access Control System

client/server-oriented environment and it operates in a manner similar to RADIUS
146

Question 18

XTACACS versus TACACS+

Answer 18

Extended Terminal Access Controller Access Control System

Added combined authentication and authorization with logging to enable auditing

TACACS+

allows credentials to be accepted from multiple methods including Kerberos.
146

Question 19

Kerberos

Answer 19

Authentication protocol named after three headed dog in hades

Allows a single sign on to a distributed network. Uses a Key distribution center
148

Question 20

MAC

Answer 20

Mandatory Access Control

relatively inflexible method for how information access is permitted. All access capabilities are predefined. Users can’t share data unless given the right to by administrators

Question 21

DAC

Answer 21

Discretionary Access Control

Some flexibility regarding how information is accessed. Shares information dynamically with other users. Runs the risk of unauthorized disclosure

Question 22

RBAC

hint has an “o”

Answer 22

Role-Based Access Control

models must access based on established role in an organization. Instead of granting users rights, it grants groups rights. 150

Question 23

RBAC

hint has a “u”

Answer 23

Rule-Based Access Control

Uses preconfigured security security policies to make all decisions

• Deny all but those who specifically appear in a list (allow list)
• Deny only those who specifically appear in the list (deny list) 150

Question 24

Smart Cards

Answer 24

Generally used for access control and security purposes. Card usually contains a small amount of memory that can be used to store permissions and access information

Question 25

Flood Guard

Answer 25

protective feature built into many firewalls that allows the administrator to tweak the tolerance for unanswered login attacks.

Reduces likelihood of a DoS attacks

Question 26

Loop protection

Answer 26

is a similar to flood guard but works in layer 2

Question 27

Network Bridging

Answer 27

When a device has more than one network adapter card installed and the opportunity presents itself for a user on one of the networks to which the device is attached to jump to each other

Question 28

Log Analysis

Answer 28

crucial to identifying problems that occur related to security. As an administrator you have the ability to turn logging at many different locations and levels

Question 29

TOS

Answer 29

Trusted Operating System

Any operating system that meets the government’s requirements for security. The most common set of standards for security is Common Criteria