11430573
Description
Flashcards by DJ Perrone, updated more than 1 year ago
|
|
Created by DJ Perrone
about 7 years ago
|
|
| Question | Answer |
| What are two parts of authentication? | - Identification - Authentication |
| In reference to the parts of Authentication, what is identification? | When the user provides an identity to an access control system. |
| In reference to the parts of Authentication, what is authentication? | When the control systems validates user credentials. |
| What are some important elements of account management? | - Establish a process for accounts - Review user accounts - Have a process to track access authorization - Rescreen personnel in sensitive positions |
| What is a standard word password? | A single word with a mixture of upper and lower case letters. |
| What is a combination password? | - Also called composition passwords. - Uses a mix of unrelated dictionary words. |
| What is a static password? | - Same for each login. - Minimum security. |
| What is a complex password? | A password that forces users to include a mixture of upper and lower, numbers and special characters. |
| What is a passphrase password? | - Requires a long phrase to be used. |
| What is a cognitive password? | - A piece of information that can be used to verify an indivitual's identity. - User answers a series of questions. |
| What is a one-time password (OTP's) | - Also called a dynamic password. - Only used once to log into the system. - Discarded after one use. |
| What is a graphical password? | - Also called a Completly Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) |
| What is characteristic factor authentication? | - Type III - Based on something that a person is |
| What are physiological characteristics? | Using a biometric scanning device to measure certain information about a physiological characteristic. |
| What are behavioral characteristics? | A system using a biometric scanning device to measure a person's actions |
| What are 3 types of behavioral biometric systems? | - Signature dynamics - Keystroke dynamics - Voice pattern or print |
| In reference to behavioral biometric systems, what is signature dynamics? | - Measures stroke speed, pen pressure, acceleration and deceleration while user writes signature. |
| In reference to behavioral biometric systems, what is keystroke dynamics? | - Measures typing pattern that a user uses when inputting a password or phrase. - Measures flight and dwell time. |
| In reference to behavioral biometric systems, what is voice pattern or print dynamics? | Measures the sound pattern of a user saying certain words. |
| What is enrollment time? | The process of obtaining a sample used by the biometric system. |
| What is feature extraction? | The approach to obtaining biometric information from a sample. |
| What is FRR? | - False Rejection Rate - Measure of valid users that will be falsely rejected by the system. - Type I error |
| What is FAR? | - False Acceptance Rate - Measurement of the percentage of invalid users falsely accepted by the system. - Type II error |
| What is CER? | - Crossover Error Rate - The point in which the FRR equals FAR |
| What are 5 of the most effective biometric methods? | - Iris scan - Retina scan - Fingerprint - Hand print - Hand geometry |
| What are 5 of the most popular biometric methods? | - Voice pattern - Keystroke pattern - Signature dynamic - Hand geometry - Hand print |
| What is SSO? | - Single Sign On - Login credentials are entered once and can access all network resources. |
| What is authorization? | Granting rights and permissions to resources. |
| What is an access control model? | - A formal description of an organization's security policy |
| What are some access control models? | - Discretionary Access Control (DAC) - Mandatory Access Control (MAC) - Role-based Access Control (RBAC) - Rule-based Access Control - Content-Dependent Access Control - Context-Dependent Access Control |
| What is DAC? | - Discretionary Access Control - Object owner specifies which subjects can access the resource. - Data custodian makes access decisions. - Need to know control |
| What is MAC? | - Mandatory Access Control - Subject authorization is based on security labels. System makes decisions, not data custodian. - More secure, but less flexible and scalable than DAC. |
| What is RBAC? | - Role-based Access Control - Each subject is assigned to one or more roles. - Enforces minimum privileges for subjects. |
| What is Rule-Based Access Control? | - Facilitates frequent changes to data permissions - Security policy is based on global rules for all users. - Access is based on profiles. |
| What is Content-Dependent Access Control? | - Makes access control decisions based on an objects data. |
| What is Context-Dependent Access Control? | - Access is based on subject, attribute or environmental characteristics. - Could be used for time constraint access. |
| What is an access control matrix? | - A table that contains a list of objects, and a list of actions that a subject can take on each object. |
| What is an access control policy? | - Defining the method for identifying and authenticating users and the level of access granted. |
| What is Default to No Access? | If access is not granted, access defaults to no. |
| What is OAUTH? | - Open Authorization - Allows users to share private resources on site to another site without credentials. - Uses tokens to allow restricted access to data when an application requires access. |
| What is XACML? | - Extensible Access Control Markup Language - Access control policy language using XML - Fine grained control of activities |
| What are 2 components of XACML? | - Policy enforcement point (PEP) - Policy decision point (PDP) |
| In reference to XACML, what is PEP? | - Policy Enforcement Point - Protects the resources that the user is attempting to access. |
| In reference to XACML, what is PDP? | - Policy Decision Point - Retrieves all applicable policies in XACML and compares the request with the policies. Then transmits the answer back to PEP. |
| What is SPML? | Service Provisioning Markup Language |
| What are the 3 components of SPML? | - Request Authority (RA) - Provisioning Service Provider (PSP) - Provisioning Service Target (PST) |
| In reference to SPML, what is RA? | - Request Authority - The entity that makes the provisioning request |
| In reference to SPML, what is PSP? | - Provisioning Service Provider - The entity that responds to the RA request. |
| In reference to SPML, what is PST? | - Provisioning Service Target - The entity that performs the provisioning. |
| What is SAML? | Security Assertion Markup Language |
| What is attestation? | Allowing changes to a user's computer to be detected by authorized parties. |
| What is federation? | Identity that is portable and can be used across businesses and domains. |
| What are two models for federation? | - Cross-certification model - Trusted third-party (bridge) model |
| In reference to federation, what is the cross-certification model? | Each organization certifies that every other organization is trusted. |
| In reference to federation, what is the trusted third-party or bridge model? | Each organization subscribes to the standards of a third party. That third party manages verification, certification and due diligence for all organizations. |
| What is Shibboleth? | OSS providing SSO capabilities, allowing sites to make authorization decisions for individual access of resources. |
| What are 2 components of Shibboleth? | - Identity Providers (IP) - Service Providers (SP) |
| In reference to Shibboleth, what is IP? | - Identity Providers - Supply the user information |
| In reference to Shibboleth, what is SP? | - Service Providers - Consume information provided by IP before providing a service. |
Want to create your own Flashcards for free with GoConqr? Learn more.