Identify & Access Management . Flashcards Preview

CompTIA Sec+ SY0-501 > Identify & Access Management . > Flashcards

Flashcards in Identify & Access Management . Deck (35)
Loading flashcards...
1

What are the core activities of identity and access management?

- Identification
- Authentication
- Authorization

2

In an access control system, we seek to limit the access that _____ have to _____.

- Subjects
- Objects

3

Access Controls work in three different fashions, what are they?

- Technical (or logical) Controls
- Physical Controls
- Administrative Controls

4

This type of access control...

Uses hardware and software mechanisms, such as firewalls and intrusion prevention systems, to limit access.

Technical (logical) Controls

5

This type of access control...

Such as locks and keys, limit physical access to controlled spaces.

Physical Controls

6

This type of access control...

Such as account reviews, provide management of personnel and business practices.

Administrative Controls

7

Multifactor authentication systems combine authentication technologies from two or more of the following categories: Something you know, Something you have, Something you are (T/F)?

True!

8

What type of factor is...
- Something you know?
- Something you have?
- Something you are?

- Something you know (Type 1 factors)
- Something you have (Type 2 factors)
- Something you are (Type 3 factors)

9

This type of authentication system...

Relies upon secret information, such as a password.

Something you know

10

This type of authentication system...

Relies upon physical possession of an object, such as a smartphone.

Something you have

11

This type of authentication system...

Relies on biometric characteristics of a person, such as a face scan or fingerprint.

Something you are

12

Authentication technologies may experience two types of errors, what are they?

- False Positive
- False Negative

13

How does a False Positive error occur?

Errors occur when a system accepts an invalid user as correct.

14

How does a False Negative error occur?

Errors occur when a system rejects a valid user, measured using the false rejection rate (FRR).

15

The effectiveness of an authentication technology uses what?

Crossover Error Rate (CER)
- This is where False Acceptance Rate (FAR) and False Rejection Rate (FRR) equal each other.

16

Organizations often use centralized access control systems to streamline authentication and authorization and to provide users with a single sign on (SSO) experience (T/F)?

True!

17

SSO/ Single Sign On, works with what kind of authentication method?

Kerberos

18

______ is an authentication protocol commonly used for backend services.

RADIUS

Remote Authentication Dial-In User Service

19

TACACS+ is the only protocol from the TACACS family that is still commonly used (T/F)?

True!

20

What is the strongest AAA support for remote users?

TACACS+

21

TACACS+ uses UDP and encrypts the entire body for the access request packet, making it more secure than RADIUS (T/F)?

True!

22

RADIUS uses UDP and encrypts the entire body for the access request packet (T/F)?

False!

- RADIUS uses UDP, but encrypts only the password for the access request packet.

23

The _____ _____ principle says that any action that is not explicitly authorized for a subject should be denied.

implicit deny

24

What forms the basis of many access management systems and provides a listing of subjects and their permissions on objects and groups of objects?

Access Control Lists (ACLs)

25

_______ access control systems allow the owners of objects to modify the permissions that other users have on those objects.

Discretionary

(DAC)

26

_______ access control systems enforce predefined policies that users may not modify.

Mandatory

(MAC)

27

______-______ access control assigns permissions to individual users based upon their assigned role(s) in the organization.

Role-based

(RBAC)

28

What is the goal of a Brute Force Attack against passwords?

Brute Force Attacks against password systems try to guess all possible passwords.

29

This type of attack refines a Brute Force Attack approach by testing combinations and permutations of dictionary words.

Dictionary Attacks

30

This type of attack precomputes hash values for use in comparison.

Rainbow Table Attacks