Chapter 8: Identity and Access Management

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/83

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 4:00 AM on 7/2/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

84 Terms

1
New cards

Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does her organization play when they authenticate their users and assert those users are valid to others?

Identity provider

3 multiple choice options

2
New cards

Which technology is the least effective means of preventing shared accounts?

Password complexity requirements

3 multiple choice options

3
New cards

What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?

The cloud service will provide account and identity management services

3 multiple choice options

4
New cards

Amitoj wants to prevent users from resetting passwords until they can reuse the same one. What setting is used?

Age

3 multiple choice options

5
New cards

Which type of multifactor authentication is considered the least secure?

SMS

3 multiple choice options

6
New cards

Geeta has been issued a USB security key. What type of MFA implementation is this?

Hard token

3 multiple choice options

7
New cards

Michelle enables Windows picture password. Which type of attribute is it?

Something you know

3 multiple choice options

8
New cards

What purpose do Linux permissions rw-r--r-- serve?

To allow the owner to read and write the file, and for the owner's group and others to be able to read it

3 multiple choice options

9
New cards

Theresa wants to set permissions based on job role. Which scheme fits best?

RBAC

3 multiple choice options

10
New cards

Which biometric technology is most broadly deployed?

Fingerprint scanner

3 multiple choice options

11
New cards

Which password setting has the largest impact if current passwords are 8 characters long?

Password length

3 multiple choice options

12
New cards

A PIN is an example of what factor?

Something you know

3 multiple choice options

13
New cards

Marie wants root passwords available during outages using PAM. Which tool helps?

Password vaulting

3 multiple choice options

14
New cards

Jill allows Fred access to her Windows file share. What access control type is this?

Discretionary access control

3 multiple choice options

15
New cards

Lisa logs in to a site using her Google account which provides a token without sharing her password. What technology is this?

OAuth

3 multiple choice options

16
New cards

Kyle is asked for government-issued ID when creating an account. What process is this?

Identity proofing

3 multiple choice options

17
New cards

What concept best describes only providing necessary permissions?

Least privilege

3 multiple choice options

18
New cards

Nina has left the organization. What should be done with her account?

Deprovision the account

3 multiple choice options

19
New cards

A person's name, age, location, or job title are examples of what?

Attributes

3 multiple choice options

20
New cards

What access control scheme best describes the Linux filesystem?

Discretionary access control (DAC)

3 multiple choice options

21
New cards

What is the term for the set of claims made about a subject, such as a person, application, or device?

An identity.

22
New cards

In identity management, what is the difference between an attribute and a trait?

Attributes are changeable (e.g; job title), whereas traits are inherent to the subject (e.g; height, place of birth).

23
New cards

What is the process of proving that an identity belongs to the user who is claiming it

Authentication.

24
New cards

After a user is authenticated, what process verifies what resources and systems they have access to?

Authorization.

25
New cards

What three functions make up the AAA framework in identity and access management?

Authentication, Authorization, and Accounting.

26
New cards

What does the 'Accounting' part of the AAA framework track?

It tracks resource utilization like time, bandwidth, or CPU usage.

27
New cards

The authentication framework commonly used for wireless networks, with implementations like EAP-TLS and LEAP, is known as _____.

Extensible Authentication Protocol (EAP).

28
New cards

Which authentication protocol uses an encrypted challenge and a three-way handshake to send credentials, improving on older protocols like PAP?

Challenge Handshake Authentication Protocol (CHAP).

29
New cards

What is the IEEE standard for network access control (NAC) that is used to authenticate devices wishing to connect to a network

802.1X.

30
New cards

In an 802.1X architecture, a device wanting to connect is called a _____, and it sends requests to an authenticator like a switch or access point.

supplicant

31
New cards

What common AAA system for network devices uses a shared secret and MD5 hash to obfuscate passwords, which is not considered very strong?

Remote Authentication Dial-In User Service (RADIUS).

32
New cards

What Cisco-designed AAA protocol uses TCP, provides full-packet encryption, and allows for granular command controls?

Terminal Access Controller Access Control System Plus (TACACS+).

33
New cards

Which protocol, designed for untrusted networks, authenticates service requests between trusted hosts using a ticket-granting system?

Kerberos.

34
New cards

In Kerberos, what is the initial ticket a client requests from the authentication server to prove its identity?

A ticket-granting ticket (TGT).

35
New cards

What system allows a user to log in with a single identity and then use multiple systems or services without reauthenticating

Single sign-on (SSO).

36
New cards

Which protocol, often used in SSO infrastructures, provides hierarchically organized information about an organization in a directory service?

Lightweight Directory Access Protocol (LDAP).

37
New cards

What XML-based open standard is used for exchanging authentication and authorization information between identity providers and service providers

Security Assertion Markup Language (SAML).

38
New cards

What open standard for authorization allows users to grant third-party applications access to their information without sharing credentials

OAuth.

39
New cards

In a federated identity model, what is the role of the organization that manages the digital identities and handles authentication?

Identity provider (IdP).

40
New cards

In federation, a _____ trusts an identity provider to handle authentication and grants access to services based on that trust.

relying party (RP) or service provider (SP)

41
New cards

What is the term for the formal verification by an IdP that a user is who they claim to be

Attestation.

42
New cards

According to NIST SP 800-63B, what is the recommended practice regarding password complexity requirements?

NIST recommends reducing complexity requirements and instead emphasizing password length.

43
New cards

What password policy setting is used to prevent users from immediately changing their new password back to a previous one

Password age (minimum).

44
New cards

What type of authentication relies on factors like security tokens or biometrics instead of passwords

Passwordless authentication.

45
New cards

FIDO2 is an open authentication standard that relies on _____ for authentication, with a public key sent to services and a private key remaining on the device.

key pairs

46
New cards

What security practice requires a user to provide two or more distinct types of credentials to log in

Multifactor authentication (MFA).

47
New cards

What are the four authentication factors defined in the CompTIA Security+ exam outline?

Something you know, something you have, something you are, and somewhere you are.

48
New cards

A password or PIN is an example of which authentication factor

Something you know.

49
New cards

A smartcard or a USB security key is an example of which authentication factor

Something you have.

50
New cards

A fingerprint or retina scan is an example of which authentication factor

Something you are.

51
New cards

Using a user's GPS coordinates for authentication is an example of which factor

Somewhere you are.

52
New cards

A(n) _____, which is usable only once, is an important defense against password theft and brute-force attacks.

one-time password (OTP)

53
New cards

Which type of OTP uses an algorithm with the current time as part of its code-generation process

Time-based one-time password (TOTP).

54
New cards

Which type of OTP uses a cryptographic hash (HMAC), a seed value, and a counter as a moving factor to generate a code?

HMAC-based one-time password (HOTP).

55
New cards

In biometrics, what is a Type I error, also known as the false rejection rate (FRR)?

When a legitimate biometric measure is presented and the system incorrectly rejects it.

56
New cards

In biometrics, what is a Type II error, also known as the false acceptance rate (FAR)?

When an incorrect biometric factor is presented and the system incorrectly accepts it.

57
New cards

What biometric metric compares the false rejection rate (FRR) against the false acceptance rate (FAR) of a system

The receiver operating characteristic (ROC).

58
New cards

What is the term for a user account associated with an application or service that should not be used for interactive logins

A service account.

59
New cards

What is the process of creating a user account and assigning it resources and permissions

Provisioning.

60
New cards

What is the process of terminating a user account and removing its permissions and related data

Deprovisioning.

61
New cards

The process of ensuring a person is who they claim to be when their account is first created, often by checking a government-issued ID, is called _____.

identity proofing

62
New cards

What security principle is at the core of permission management and dictates that users should only have the minimum rights necessary to perform their job

The principle of least privilege.

63
New cards

What is the term for the gradual accumulation of overly broad permissions by a user over time as their roles and tasks change

Permission creep.

64
New cards

What is the focus of Privileged Access Management (PAM) tools?

To manage, control, and audit administrative and other privileged accounts.

65
New cards

What PAM feature grants permissions to a user only for the duration they are needed and revokes them afterward

Just-in-time (JIT) permissions.

66
New cards

What PAM feature allows users to access privileged accounts without knowing the password, often by 'checking out' the credential for a logged, auditable event?

Password vaulting.

67
New cards

What are temporary accounts with limited lifespans, used for specific purposes where a user needs short-term access, called?

Ephemeral accounts.

68
New cards

Which access control scheme relies on the operating system to enforce a centrally managed security policy, where users cannot change permissions?

Mandatory access control (MAC).

69
New cards

Which access control scheme allows the owner of an object, like a file, to delegate rights and permissions to other users as they see fit?

Discretionary access control (DAC).

70
New cards

Which access control scheme assigns privileges to roles (e.g

'cashier', 'admin') and then assigns users to those roles?;Role-based access control (RBAC).

71
New cards

Which access control scheme uses a set of rules, such as an access control list (ACL) on a firewall, to determine if access is allowed?

Rule-based access control.

72
New cards

Which access control scheme makes decisions based on policies that evaluate attributes of the user, resource, and environment?

Attribute-based access control (ABAC).

73
New cards

What is the term for limiting user logons or system access to specific hours of the day

Time-of-day restrictions.

74
New cards

In Linux file permissions (e.g

`drwxrwxrwx`), what do the first three letters after the initial character represent?;Permissions for the user (owner) of the file.

75
New cards

In Linux file permissions, what does the numeric representation '7' signify?

Read, Write, and Execute permissions (4+2+1).

76
New cards

What would be the numeric representation for the Linux file permission `rw-r--r--`

644.

77
New cards

In Windows file permissions, what does the 'Modify' permission allow a user to do?

It allows viewing as well as changing files or folders.

78
New cards

A _____ is a physical device that may generate a code, plug in via USB, or connect via Bluetooth to present authentication information.

token

79
New cards

Which type of physical card uses an embedded chip and can often generate cryptographic key pairs directly on the card

A smartcard.

80
New cards

In the context of the Security+ exam, LDAP, OAuth, and SAML are all technologies related to what identity management concept?

Single sign-on (SSO).

81
New cards

Which type of account, often prohibited by security policies, is used by multiple individuals, making it difficult to track specific user actions?

A shared or generic account.

82
New cards

A USB security key is considered what type of authentication token implementation

A hard token.

83
New cards

An authenticator application on a smartphone is considered what type of authentication token implementation

A soft token.

84
New cards

Among SMS, HOTP, TOTP, and Biometrics, which multifactor authentication method is generally considered the least secure due to risks like SIM cloning?

SMS (text message).