Authentication Controls: Implementing Secure Access, Exams of Nursing

A comprehensive overview of authentication controls, covering key concepts like access control systems, identity and access management, and the different factors of authentication. It delves into various authentication methods, including knowledge-based, ownership-based, and biometric authentication, and explores the importance of multi-factor authentication. The document also examines authentication mechanisms in windows and linux operating systems, including password storage and authentication protocols. It concludes with a discussion of password attacks and security measures to mitigate them.

Typology: Exams

2023/2024

Available from 11/15/2024

mad-grades
mad-grades 🇺🇸

3.7

(3)

9.2K documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lesson 7: Implementing Authentication
Controls
access control system - correct answer an ____________________ is the set of technical controls that
govern how subjects may interact with objects
identity and access management - correct answer a security process that provides identification,
authentication, and authorization mechanisms for users, computers, and other entities to work with
organizational assets like networks, operating systems and applications
identification, authentication, authorization, accounting - correct answer an identity and access
management system is usually described in terms of four main processes:
identification - correct answer the process by which a user account and its credentials is issued to the
correct person, sometimes referred to as enrollment
authentication - correct answer a method of validating a particular entity's or individual's unique
credentials
authorization - correct answer the process of determining what rights and privileges a particular entity
has
accounting - correct answer tracking authorized usage of a resource or use of rights by a subject and
alerting when unauthorized use is detected or attempted
authentication, authorization, accounting - correct answer a security concept where a centralized
platform verifies subject identification, ensures the subject is assigned relevant permissions, and then
logs these actions to create an audit trail
factors - correct answer There are many different technologies for defining credentials and can be
categorized as ________________
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Authentication Controls: Implementing Secure Access and more Exams Nursing in PDF only on Docsity!

Lesson 7: Implementing Authentication

Controls

access control system - correct answer an ____________________ is the set of technical controls that govern how subjects may interact with objects identity and access management - correct answer a security process that provides identification, authentication, and authorization mechanisms for users, computers, and other entities to work with organizational assets like networks, operating systems and applications identification, authentication, authorization, accounting - correct answer an identity and access management system is usually described in terms of four main processes: identification - correct answer the process by which a user account and its credentials is issued to the correct person, sometimes referred to as enrollment authentication - correct answer a method of validating a particular entity's or individual's unique credentials authorization - correct answer the process of determining what rights and privileges a particular entity has accounting - correct answer tracking authorized usage of a resource or use of rights by a subject and alerting when unauthorized use is detected or attempted authentication, authorization, accounting - correct answer a security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail factors - correct answer There are many different technologies for defining credentials and can be categorized as ________________

logon - correct answer The typical knowledge factor is the ______________, composed of a username and password personal identification number - correct answer number used in conjunction with authentication devices such as a smart card know, have, are - correct answer Three factors of authentication are something you _____________, ________________ or _______________ ownership - correct answer an ________________ factor means that the account holder possesses something that no one else does, such as a smart card, fob, or wristband biometric - correct answer a ___________________ factor uses either physiological identifiers such as a fingerprint, or behavioral identifiers such as the way someone moves authentication design - correct answer refers to selecting a technology that meets requirements for confidentiality, integrity, and availability confidentiality - correct answer in terms of authentication, __________________ is critical because if account credentials are leaked, threat actors can impersonate the account owner integrity - correct answer in terms of authentication, ________________ means that the authentication mechanism is reliable and not easy for threat actors to bypass or trick without counterfeit credentials availability - correct answer in terms of authentication, _________________ means that the time taken to authenticate does not impede workflows and is easy enough for users to operate multifactor authentication - correct answer an authentication scheme that requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are

single sign on - correct answer an authentication technology that enables a user to authenticate once and receive authorizations for multiple services kerberos - correct answer in windows, SSO is provided by the ____________ framework kerberos - correct answer a single sign on authentication and authorization service that is based on a time sensitive ticket granting system key distribution center - correct answer clients request services from application servers, which both rely on an intermediary, a _____________________, to vouch for their identity key distribution center - correct answer a component of kerberos that authenticates users and issues tickets/tokens authentication service, ticket granting service - correct answer there are two services that make up the key distribution center: authentication - correct answer in kerberos, the _____________________ service is responsible for authenticating user logon requests principals - correct answer In kerberos, users and services can be authenticated and are collectively referred to as __________________ ticket granting ticket - correct answer in kerberos, a token issued to an authenticated account to allow access to authorized application servers ticket granting ticket - correct answer the request the client sends to the authentication service for a ____________________ is composed by encrypting the date and time on the local computer with the users password hash as the keyq

timestamped - correct answer the ticket granting ticket is ____________________, meaning that workstations and servers on the network must be synchronized or a ticket will be rejected, this helps prevent replay attacks ticket granting ticket, ticket granting session key - correct answer If the request for a ticket granting ticket is valid, the authentication service responds with the following data: ________________________,


ticket granting ticket - correct answer in kerberos, this contains information about the client, plus a timestamp and validity period, this is encrypted using the KDC's secret key TGS session key - correct answer in kerberos, this is used for communications between the client and the ticket granting service, this is encrypted using a hash of the user's password Ticket Granting Server (TGS) - correct answer Presuming the user entered the correct password, the client can decrypt the ___________________________ session key but not the TGT, this establishes that tge client and KDC know the same shared secret and that the client cannot interfere with the TGT Password Authentication Protocol (PAP) - correct answer obsolete authentication mechanism used with PPP, it transfers the password in plaintext and so it is vulnerable to eavesdropping challenge handshake authentication protocol - correct answer authentication scheme developed for dial up networks that uses an encrypted three way handshake to authenticate the client to the server, the challenge response is repeated throughout the connection to guard against replay attacks MS-CHAPv2 - correct answer Microsoft's implementation of CHAP plaintext - correct answer a ________________ attack exploits password storage or a network authentication protocol that does not use encryption, examples are PAP, basic HTTP/FTP authentication, and Telnet online - correct answer an ______________ password attack is where the threat actor interacts with the authentication service directly, a web login form or VPN gateway, for instance where the attacker

hashcat - correct answer a command line linux tool used to perform brute force and dictionary attacks against password hashes dictionary - correct answer hashcat used with a single word list is called _________________ mode combinator - correct answer hashcat mode that uses multiple wordlists is called ________________ mode authentication management - correct answer an _____________________ solution for passwords mitigates risk by using a device or services as a proxy for credential storage, the manager generates a unique, strong password for each web based account and the user authorizes the manager to authenticate with each site using a master password hardware token, software app - correct answer Password managers can be implemented with a __________________ or as a ______________________ password key - correct answer USB tokens for connecting to PCs and smartphones, some can use nearfield communications or bluetooth as well as physical connectivity password vault - correct answer software based password manager, typically using a cloud service to allow access from any device FIPS 140-2 - correct answer Authentication management products can be certified under the ___________________ which provides assurance that the cryptographic implementation meets a certain level of robustness smart card authentication - correct answer a device similar to a credit card that can store authentication information, such as a user's private key, on an embedded microchip smart card, USB key, TPM - correct answer Various technologies can be used to avoid the need for an administrator to generate a private key and transmit it to the user:

Trusted Platform Module (TPM) - correct answer a secure cryptoprocessor enclave implemented on a PC, laptop, smartphone, or network appliance, is usually a module within the CPU Hardware Security Module (HSM) - correct answer an appliance for generating and storing cryptographic keys, this sort of solution may be less susceptible to tampering and insider threats than software based storage extensible authentication protocol - correct answer framework for negotiating authentication methods that enables systems to use hardware based identifiers, such as fingerprint scanners or smart card readers, for authentication IEEE 802.1X - correct answer Where EAP provides the authentication mechanisms, the ______________________ port based network access control protocol provides the means of using an EAP method when a device connects to an ethernet switch port, WAP, or VPN gateway IEEE 802.1X - correct answer a standard for encapsulating EAP communications over a LAN to implement port based authentication supplicant - correct answer in EAP architecture, the device requesting access to the network network access server - correct answer in EAP, edge network appliances such as switches, access points and VPN gateways, these are also referred to as RADIUS clients or authenticators AAA server - correct answer in EAP, the authentication server, positioned within the local network RADIUS, TACACS+ - correct answer There are two main types of AAA servers: RADIUS - correct answer a standard protocol used to manage remote and wireless authentication infrastructures, an AAA server EAPoL - correct answer a port based network access control mechanism that allows the use of EAP authentication when a host connects to an ethernet switch

HMAC-based one-time password (HOTP) - correct answer an algorithm that generates a one time password using a hash based/token based authentication code to verify the authenticity of the message HOTP - correct answer in _______________, the authentication server and client token are configured with the same shared secret key, it should bean 8 byte value generated by a cryptographically strong random number generator time-based one-time password (TOTP) - correct answer an improvement on HOTP that forces one time passwords to expire after a short period of time HOTP - correct answer one issue with _____________ is that tokens can be allowed to persist unexpired, raising the risk that an attacker might be able to obtain one and decrypt data in the future 2 step verification - correct answer ________________ generate a software token on a server and send it to a resource assumed to be safely controlled by the user biometric authentication - correct answer physical characteristics stored as a digital data template can be used to authenticate a user, including facial pattern, iris, retina, or fingerprint pattern enrollment - correct answer the first step in setting up biometric authentication is


physical, behavioral - correct answer there are two categories of biometric authentication: false rejection rate - correct answer biometric assessment metric that measures the number of valid subjects who are denied access 1 - correct answer False rejections in a biometric system are also called a type ____________ error false acceptance rate - correct answer biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access

2 - correct answer false acceptance in biometrics is also referred to as a type _________ error crossover error rate - correct answer biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance throughput - correct answer biometric evaluation factor referring to the time required to create a template for each user and the time required to authenticate failure to enroll rate - correct answer biometric evaluation factor referring to incidents in which a template cannot be created and matched for a user during enrollment fingerprint scanners - correct answer biometric authentication device that can produce a template signature of a user's fingerprint then subsequently compare the template to the digit submitted for authentication fingerprint scanning - correct answer the main problem with ___________________ is that it is possible to obtain a copy of a user's fingerprint and create a mold of it that will fool the scanner facial recognition - correct answer involves the scanning of the face, and suffers from relatively high false acceptance and rejection rates and can be vulnerable to spoofing retinal scan - correct answer biometric control where an infrared light is shone into the eye to identify the pattern of blood vessels, is one of the most accurate forms of biometrics iris scan - correct answer a biometric control that matches patterns on the surface of the eye using near infrared imaging and so is less intrusive than retinal scanning and quicker voice recognition - correct answer a behavioral biometric control that is relatively cheap, but obtaining an accurate template can be difficult and time consuming as background noise and other factors can interfere, is subject to impersonation gait analysis - correct answer biometric mechanism that identifies a subject based on movement pattern