Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
44 Cards in this Set
- Front
- Back
What are the two aspects of access control?
|
prevent unauthorized access and to control authorized access
|
|
What are the three objectives of data protection?
|
confidentiality, integrity, and availability
|
|
What are the three elements in protecting integrity?
|
authenticity, non-repudiation, and accountability
|
|
What are the three types of access control?
|
logical (technical), physical, and administrative
|
|
What are the three functional categories of access controls?
|
corrective, detective, and preventative
|
|
What are the four common access-control models?
|
token-based (e.g., SecureID), characteristic-based (biometrics), system-level, and account-level
|
|
What are the two types of system-level control?
|
Discretionary Access Control (DAC) and Mandatory Access Control (MAC)
|
|
What principle are both DAC and MAC based on?
|
the principle of least privilege
|
|
What three OS components are used to enforce system-level controls?
|
the Trusted Computer Base (TCB), the reference monitor, and the security kernel
|
|
What is the Trusted Computer Base?
|
the protected part of an OS
|
|
What is the reference monitor?
|
the part of the Trusted Computer Base that controls access by users to data objects
|
|
What is the security kernel?
|
the hardware, software, and firmware portions of the Trusted Computer Base that allow the reference monitor to operate
|
|
What are the six aspects of account-level access control?
|
privileged account management, individual identification and authentication (I&A) controls, password management and policy, role-based access controls (RBACs), session-level access controls, and data-level access controls
|
|
What two components are necessary to implement access control?
|
identification and authentication
|
|
What are three commonly-used authentication mechanisms?
|
passwords, biometrics, and security protocols
|
|
What are three types of user authentication passwords?
|
one-time passwords, dynamic passwords, and static passwords
|
|
What are the four types of tokens?
|
static password tokens, synchronous dynamic password tokens, aysnchronous dynamic password tokens, and challenge-response tokens
|
|
The performance of biometric authentication is affected by what three factors?
|
acceptibility, enrollment time, and throughput rate
|
|
In terms of biometric authentication, what is acceptibility?
|
the degree of infringement on privacy and comfort caused by a given biometric technique
|
|
In terms of biometric authentication, what is throughput rate?
|
the amount of time needed to identify and authenticate registered users
|
|
Biometric system performance is measured by what three metrics?
|
The False Rejection Rate (FRR), the False Acceptance Rate (FAR), and the Crossover Error Rate (CER)
|
|
What is the Crossover Error Rate?
|
the point where the False Rejection Rate equals the False Acceptance Rate
|
|
What metric is considered the best measure of a biometric system's optimum performance?
|
the Crossover Error Rate
|
|
What is the Failure to Eroll (FTE) rate?
|
the probability that a biometric system will reject a given user for enrollment
|
|
Why is the fact that biometric systems require large amounts of data to be stored significant?
|
the amount of data to be processed affects throughput rate
|
|
What is considered an acceptible average enrollment time?
|
less than 2 minutes
|
|
What is Single Sign-On (SSO)?
|
an authorization technique that allows users to access more than one system or application with a single set of authentication details
|
|
What is the most prominent Single Sign-On method?
|
Kerberos
|
|
Who designed Kerberos?
|
MIT
|
|
What entity is responsible in Kerberos for granting tickets?
|
the Key Distribution Center (KDC)
|
|
What is a Kerberos realm?
|
a set of authentication principals registered with a Kerberos server
|
|
What is contained in a Kerberos realm?
|
a Key Distribution center, one or more resource servers, and one or more client machines
|
|
What are the three steps in authenticating to a Kerberos realm?
|
the client passes the authentication details to the KDC; the KDC issues the client a Ticket-Granting Ticket (TGT); the client caches the TGT until logoff
|
|
What are the four steps in accessing a resource in a Kerberos realm?
|
the client presents the TGT to the KDC; the KDC issues a session ticket to the client; the client presents the session ticket to the resource server; the resource server establishes a user session
|
|
Why do the clocks in a Kerberos realm need to be synchronized?
|
Kerberos makes extensive use of timestamps to prevent spoofing
|
|
What is information assurance?
|
the protection of information and information systems (IS) from attack
|
|
What are the three objectives of information assurance?
|
confidentiality, integrity, and availability
|
|
What three steps are used to accomplish the CIA triad?
|
protect, detect, and react
|
|
What are the three main axes for Intrusion Detection Systems (IDS)?
|
network- or host-based; active or passive; and signature- or anomaly-based
|
|
What are the five phases in penetration testing?
|
identify weaknesses; create a test plan; prepare for testing; carry out testing; and follow-up
|
|
What should the first step in penetration testing ALWAYS be?
|
obtain appropriate permissions
|
|
What are the two main types of enterprise remote access control systems?
|
Terminal Access Controller Access Control System (TACACS) and Remote Access Dial-In User Service (RADIUS)
|
|
What is the primary difference between TACACS and TACACS+?
|
TACACS+ encrypts the user authentication data
|
|
Why is RADIUS considered more secure than TACACS?
|
authentication data is encrypted
|