






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive overview of access controls, authentication, and authorization within the context of the sscp (systems security certified practitioner) certification. It explores various authentication methods, including single-factor and multi-factor authentication, sso (single sign-on), and certificate-based authentication. The document also delves into authorization concepts, including access control models like mac (mandatory access control), dac (discretionary access control), and rbac (role-based access control). It further examines identity management lifecycle phases, provisioning, and entitlement management. This resource is valuable for individuals preparing for the sscp exam or seeking to enhance their understanding of security best practices.
Typology: Exams
1 / 11
This page cannot be seen from the preview
Don't miss anything!







Authentication applies to - Answer-Users, applications and devices Authentication is the process of - Answer-proving identity in order to gain access to a resource Authentication proves what - Answer-entity attempting to log on is who / what they claim to be Authentication limits - Answer-access to only those who should have it Authentication lets administrators do what - Answer-set limitations on what users gain access to Most common type of authentication - Answer-something you know, something you have, something you are Something you know - Answer-passwords and pins
Password best practice - Answer-strong, do not write down, never share, audit for strength and changed at set intervals Something you have - Answer-proximity cards, smart cards, hardware tokens, ID bodges Something you are - Answer-Biometrics Biometrics challenges - Answer-error rates Single factor authentication is - Answer-using only one factor of authentication Single factor authentication can use what type of authentication? - Answer-either something you know, something you have, something you are Multifactor Authentication is the use of what - Answer-more than one factor of authentication SSO - Answer-Single Sign-On SSO allows what? - Answer-user to access multiple systems, resources and applications by one login SSO advantage - Answer-simplifies identity management and no multiple logins required SSO uses what? - Answer-Central DB or Directory to store users ID and credentials A token can be used for what? - Answer-granting user access to all relevant resources
A one way trust relationship has what? - Answer-the user or computer or device accounts that are to be trusted by the resource domains. A trusted domain is also called the what? - Answer-RP the relying party The IP in the trusted domain is called what? - Answer-Identity Provider The Trusted domain has the what? - Answer-the accounts The Trusting domain has the what? - Answer-The Resources The Trusting domain is also called the - Answer-RP Relying Party RP means what when talking about trusting domains? - Answer-Relaying Party ACL also means what? - Answer-Access control List ACL does what? - Answer-Controls account access to the resources Elements of a one way trust - Answer-1. Users in one domain may access resources in a 2nd domain. 2. Users in a the 2nd domain my not access resources in the 1st domain. Where might a one way trust relationship be found? - Answer-cloud provider and its clients Elements of a two way trust relationship? - Answer-1. Each domain is an identity Provider 2. Both domains trust each other.
In a two way trust relationship trust is established how? - Answer-1. with a configured password or by exchanging Public keys. When a digital certificate is issued to a user or a server it contains what? - Answer-unique mathematically public and private key pair what must be done about the private key? - Answer-must be kept safe What can be do with the public key? - Answer-can be shared How does the organization use the private key? - Answer-when they some kind of transmission sent the would sign with their private key the 2nd organization would use the public to verify that it is authentic. AD uses what type of domain trust? - Answer-2 way trust Identity Federation treats each entity as what? - Answer-Identity Provider and as a Relying Party Transitive Trust means what? - Answer-Implicit or indirect rust relationship How are transitive trusts established? - Answer-New domains inherit existing bidirectional trust relationships Transitive trust types include? - Answer-Shortcut trust, Forest trust, Realm trust What is a Forest trust used for? - Answer-Link different AD forests together You might find a forest trust where? - Answer-Two business working together
A 2nd use of proofing is what? - Answer-verifying that an account belongs to the stated user Identity proofing can be linked to what? - Answer-Authentication system risk profiles Methods of identity proofing? - Answer-1. Authentication tests 2. Security questions 3. out of band 4. Screen captcha 5. In person What is out of band identity proofing? - Answer-Send validation codes Provisioning is related to what? - Answer-creating accounts for users and granting the appropriate permissions to resources A permission is what? - Answer-level or a degree of access to a resource such as read or write A system right is what? - Answer-if we can do something or we can not Groups can help provisioning how? - Answer-assign permissions and rights based upon a role Provisioning can also include what? - Answer-ID badges, digital security certificates, devices What control plays an important role in maintenance? - Answer-policies and procedures Account lockout policies are designed why? - Answer-prevent brute force attacks Entitlement refers to what? - Answer-privileges granted to users, the access enabled or available
Entitlement must conform to what? - Answer-Principle of least privilege Two types of entitlement - Answer-user and account MAC - Answer-Mandatory Access Control MAC is a security control model that does what? - Answer-Uses labels to id subjects and objects What might be a subject? - Answer-user that authenticates What might be an object? - Answer-file that the subject needs access to How does MAC control access? - Answer-by comparing the subject security clearance with object security level SELinux - Answer-Security Enhanced Linux Does Windows operating system support MAC? - Answer-no Examples of classifications for a MAC systems? - Answer-Top Secret, Secret, Confidential and Unclassified Bell-LaPadula model provides what? - Answer-confidentiality Biba model provides what? - Answer-integrity
DAC relies on what? - Answer-User, App, Device authentication and ACL's DAC uses the ACL how? - Answer-determine what type of privilege should be granted to an authenticated entity In DAC who determines who has access to the information? - Answer-The creator or owner of an object RBAC - Answer-Role based Access Control RBAC is designed to do what? - Answer-Control the information that is available to authorized users, controls applications that can be run and data modifications that should b e allowed. In a RBAC model the users become what? - Answer-occupants of roles How does the object owner control the roles that grant access to an object? - Answer-through ACL What the RBAC access control attributes? - Answer-Role, Specific actions permitted, order of permitted actions, location based, and time of day based. ABAC - Answer-Attribute base access control How are permissions granted with ABAC? - Answer-use of policies that evaluate object attributes What time of attributes might ABAC conceder? - Answer-location, users manger Resources in a ABAC might included what? - Answer-files, folders, DB records, Applications and network connections
Subjects in an ABAC might include? - Answer-users, devices and applications What is an example of something that is a ABAC? - Answer-Microsoft Windows Server 2012 R What are conditional expressions? - Answer-expression that can refer to AD attributes to determine access