Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

44 Cards in this Set

  • Front
  • Back
What are the two aspects of access control?
prevent unauthorized access and to control authorized access
What are the three objectives of data protection?
confidentiality, integrity, and availability
What are the three elements in protecting integrity?
authenticity, non-repudiation, and accountability
What are the three types of access control?
logical (technical), physical, and administrative
What are the three functional categories of access controls?
corrective, detective, and preventative
What are the four common access-control models?
token-based (e.g., SecureID), characteristic-based (biometrics), system-level, and account-level
What are the two types of system-level control?
Discretionary Access Control (DAC) and Mandatory Access Control (MAC)
What principle are both DAC and MAC based on?
the principle of least privilege
What three OS components are used to enforce system-level controls?
the Trusted Computer Base (TCB), the reference monitor, and the security kernel
What is the Trusted Computer Base?
the protected part of an OS
What is the reference monitor?
the part of the Trusted Computer Base that controls access by users to data objects
What is the security kernel?
the hardware, software, and firmware portions of the Trusted Computer Base that allow the reference monitor to operate
What are the six aspects of account-level access control?
privileged account management, individual identification and authentication (I&A) controls, password management and policy, role-based access controls (RBACs), session-level access controls, and data-level access controls
What two components are necessary to implement access control?
identification and authentication
What are three commonly-used authentication mechanisms?
passwords, biometrics, and security protocols
What are three types of user authentication passwords?
one-time passwords, dynamic passwords, and static passwords
What are the four types of tokens?
static password tokens, synchronous dynamic password tokens, aysnchronous dynamic password tokens, and challenge-response tokens
The performance of biometric authentication is affected by what three factors?
acceptibility, enrollment time, and throughput rate
In terms of biometric authentication, what is acceptibility?
the degree of infringement on privacy and comfort caused by a given biometric technique
In terms of biometric authentication, what is throughput rate?
the amount of time needed to identify and authenticate registered users
Biometric system performance is measured by what three metrics?
The False Rejection Rate (FRR), the False Acceptance Rate (FAR), and the Crossover Error Rate (CER)
What is the Crossover Error Rate?
the point where the False Rejection Rate equals the False Acceptance Rate
What metric is considered the best measure of a biometric system's optimum performance?
the Crossover Error Rate
What is the Failure to Eroll (FTE) rate?
the probability that a biometric system will reject a given user for enrollment
Why is the fact that biometric systems require large amounts of data to be stored significant?
the amount of data to be processed affects throughput rate
What is considered an acceptible average enrollment time?
less than 2 minutes
What is Single Sign-On (SSO)?
an authorization technique that allows users to access more than one system or application with a single set of authentication details
What is the most prominent Single Sign-On method?
Who designed Kerberos?
What entity is responsible in Kerberos for granting tickets?
the Key Distribution Center (KDC)
What is a Kerberos realm?
a set of authentication principals registered with a Kerberos server
What is contained in a Kerberos realm?
a Key Distribution center, one or more resource servers, and one or more client machines
What are the three steps in authenticating to a Kerberos realm?
the client passes the authentication details to the KDC; the KDC issues the client a Ticket-Granting Ticket (TGT); the client caches the TGT until logoff
What are the four steps in accessing a resource in a Kerberos realm?
the client presents the TGT to the KDC; the KDC issues a session ticket to the client; the client presents the session ticket to the resource server; the resource server establishes a user session
Why do the clocks in a Kerberos realm need to be synchronized?
Kerberos makes extensive use of timestamps to prevent spoofing
What is information assurance?
the protection of information and information systems (IS) from attack
What are the three objectives of information assurance?
confidentiality, integrity, and availability
What three steps are used to accomplish the CIA triad?
protect, detect, and react
What are the three main axes for Intrusion Detection Systems (IDS)?
network- or host-based; active or passive; and signature- or anomaly-based
What are the five phases in penetration testing?
identify weaknesses; create a test plan; prepare for testing; carry out testing; and follow-up
What should the first step in penetration testing ALWAYS be?
obtain appropriate permissions
What are the two main types of enterprise remote access control systems?
Terminal Access Controller Access Control System (TACACS) and Remote Access Dial-In User Service (RADIUS)
What is the primary difference between TACACS and TACACS+?
TACACS+ encrypts the user authentication data
Why is RADIUS considered more secure than TACACS?
authentication data is encrypted