Identity access Management

Question 1

AAA

Answer 1

• Authentication is the process of verifying an identity that has already been established in a computer system.
• Authorization is the process of permitting or denying access to specific resource.
• Accounting is the process of “ascribing resource usage by account for the purpose of tracking resource utilization.” It’s also very handy for forensics after a security incident has occurred.

Question 2

Identity Federation

Answer 2

All of the policies, protocols and practices to manage this identity information across systems, or even across organizations, is called identity federation.

Question 3

Single sign-on

Answer 3

When you can use a set of credentials for authentication between systems.

Question 4

Transitive trust

Answer 4

When given domains trust each other, authentication for one domain can be trusted by the other domain.

Question 5

Lightweight Directory Access Protocol (LDAP)

Answer 5

Used to handle user authentication, authorization, and to control access to Active Directory objects.

Question 6

Directory

Answer 6

Directories are a form of data storage. They’re like databases, but not quite. Unlike a database, directories are designed to provide efficient data-retrieval services (reads).

Question 7

Kerberos

Answer 7

Kerberos is a network authentication protocol meant for client/server environments. It’s able to securely exchange symmetric keys over an insecure network.

Question 8

TACACS+

Answer 8

Client/server protocol that operates using TCP (port 49). It separates out authentication, authorization, and accounting.

Question 9

Chap/MSCHAP

Answer 9

Challenge Handshake Authentication Protocol. MSCHAP is for Microsoft.

Question 10

Password Authentication Protocol (PAP)

Answer 10

Two-way handshake that establishes authentication.

Question 11

RADIUS

Answer 11

Remote Authentication Dial-In User Service. Another protocol that handles authentication, authorization and accounting.

Question 12

MAC - Access Control Model

Answer 12

The Mandatory Access Control model is used in environments with different levels of security classifications. Least Privilege.

Question 13

DAC - Access Control Model

Answer 13

Discretionary access control. A means of restricting access to objects based on the identity of subjects and/or groups to which they belong.

Question 14

ABAC - Access Control Model

Answer 14

Attribute-based access control. What is an attribute? It’s things like user attributes (specific to a job), object attributes, and environmental attributes.

Question 15

Role-based access control Model (RBAC)

Answer 15

This can be used in conjunction with other methods. For example, you might want to use a MAC method, but also restrict access after a certain time of day.

Question 16

False-Acceptance Rate

Answer 16

The likelihood of an authentication system incorrectly granting access to unauthorized individuals.

Question 17

False rejection rate

Answer 17

The likelihood of an authentication system incorrectly not granting access to authorized individuals.

Question 18

Tokens

Answer 18

These are another example of “something you have.” It’s a physical object that identifies certain access rights. A common example is a house key.

Question 19

HOTP/TOTP

Answer 19

MAC-based One-Time Passwords (HTOP) is an algorithm for authenticating a user via an authentication server. This password is time-stamped and is a one-time use.

Question 20

IEEE 802.1x Certificate Model

Answer 20

The IEEE 802.1X standard is used on a number of networks to authenticate a user to an authorization device.