Prof Messer CompTIA Security+ SY0-701 - 4.6

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/21

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:50 AM on 5/29/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

22 Terms

1
New cards

Identity and Access Management (IAM)

The security discipline that enables the right people to access the right resources at the right times

prevent unauthorized access

access control

authentication and authorization

identity governance

- track an entity's resource access

2
New cards

permission assignments (IAM)

least privilege

files that a user creates are private to them by default

- even if someone else is using that comp

3
New cards

identity proofing (IAM)

resolution = the system confirming your identity

validating

- passwords, security questions, etc

verification/attestaion

- additional info from the user to confirm identity (passport, etc)

4
New cards

Single sign-on (SSO)

provide credentials once; get access to what you need

usually for a limited time

underlying auth process and infrastructure has to support SSO

5
New cards

LDAP (Lightweight Directory Access Protocol)

protocol for reading and writing directories over a network

used to query and update a x.500 directory

- used in Windows Active Directory, Apple OpenDirectory, etc

6
New cards

X.500 Distinguished names

attribute=value pairs

7
New cards

X.500 Directory Information Tree

Hierarchical structure

Builds a tree

Container objects

• Country, organization, organizational units

Leaf objects

• Users, computers, printers, files

<p>Hierarchical structure</p><p>Builds a tree</p><p>Container objects</p><p>• Country, organization, organizational units</p><p>Leaf objects</p><p>• Users, computers, printers, files</p>
8
New cards

SAML (Security Assertion Markup Language)

open standard for authentication and authorization

- auth through a 3rd party

not designed for mobile apps

9
New cards

SAML authentication flow

knowt flashcard image
10
New cards

OAuth

created by Twitter, Google and many others

- big industry support

not an auth protocol

auth framework

allows auth between apps

11
New cards

federation

authnticate and authorize between 2 orgs

("log in with facebook")

3rd parties must establish a trust relationshup

12
New cards

Mandatory Access Control (MAC)

OS limits user access to objects by labeling them

admin decides who gets access to what security level

13
New cards

Discretionary Access Control (DAC)

owner of object controls who has access

can modify access at any time

very flexible; but also very weak

14
New cards

Role-Based Access Control (RBAC)

admins provide access based on the role of the user

rights are gained implicitly instead of explicitly

15
New cards

rule based access control

access is determined through system enforced rules

16
New cards

Attribute-based access control (ABAC)

"next gen" authorization model

combine and evaluate multiple parameters

- IP address

- time of day

- desired action

etc

17
New cards

multifactor authentication

use diff methods to prove who you are

factors

- something you know

- something you have

- something you are (biometrics)

- somewhere you are

18
New cards

password strength

minimum of 8 chars

- this will change as computers get faster

uppercase, lowercase, #s and special chars

19
New cards

password age

how long since a password was modified

20
New cards

password manager

store all passwords in a database

- encrypted and protected

built into many OS's and browsers

21
New cards

passwordless authentication

authenticate without a password

can be used with a password or additional factors

22
New cards

just in time permissions

grant admin access for a limited time

just in time accounts are temporary

- with temp password