What is Certificate authority (CA) and they verify your public key as reputable

What is the Extensible Authentication Protocol (EAP)
The authenticator (switch or wireless access point) periodically sends EAP requests to a MAC address on the network.  The supplicant listens for this address and sends an EAP response that might include a user ID or other similar information.  The authenticator encapsulates this response and sends it to the authentication server.

What is RBAC Role Based Access Control.  Rule Based Access Control.  What role do you do.  Roles are for people and Rules are for objects

To track people or cars

Sideloading is for Android users that install apps from other sources in addition to the Google Play store (a process known as sideloading). These apps may come from independent app developers or enterprise-specific app stores created to develop applications specifically for the mobile users of a particular organization. Sideloading can also refer to the loading of apps through a nonstandard process, such as via USB drive or other mechanism, rather than through the more traditional download process.

What is Federated identities center around the foundational concept of transitive trust, where the trust relationship between two domains allows authentication of trusted users across both domains. Transitive trust requires the two (or more) organizations to agree on standards for sharing identity attributes and for the organizations to accept and authenticate identities based on attributes received from external organizations.

EAP-TTLS goes beyond the TLS protocol, adding a tunnel to provide better security.  EAP-TTLS only requires a server-side certificate.  EAP-TTLS is considered to be functionally equivalent to PEAP

What is a way to allow or deny access bassed on location

What is Registration Authority (RA) and Used to verify requests for certificates.  The RA informs the CA to issue the certificate. An RA might also be used if the organization deals with several CAs.  The RA is at the top of a hierarchical structure and verifies the identity of the user.

What is Trusted platform module (TPM) A chip residing on the motherboard that stores the encrypted keys.

What is Discretionary access control (DAC).  Remember Read, Write, and Execute, the owned of the data has full control of whom is given what access to what

As a protection against stolen or lost device access, many mobile devices have the capability to remotely delete their contents, commonly called remote wipe.  Your mobile device can be tracked by its hardware address, and you can use a management application or a web browser application to initiate a remote wipe of the device so that all your data is deleted.

Tethering is the ability to connect to wireless ad hoc networks, tethering (use of the data plan to create a wireless access point)

What is Counter-mode (CTR) Cipher Block Chaining Message Authentication Code Protocol (CMC-MAC) or, adding it all together, CCMP. CCMP uses a 128-bit key and 128-bit block size (since it is a block symmetric cipher.

What is 802.11

 What is:

Password complexity
Password history
Password reuse

What is Certificate revocation list (CRL), is a list of certificates that are no longer valid or that have been revoked by the issuer.
 

What is a Hardware security modules (HSMs).  They are physical devices that act as secure cryptoprocessors. They are used for encryption during secure login/authentication processes, during digital signings of data, and for payment security systems. Hardware-based encryption device such as an HSM (or a TPM) is that it is faster than software encryption.

What is Attribute-based access control (ABAC).  Access rights are granted through multiple policies that can combine user, group, and resource attributes together.
Or if Alice works in human resources, she would have attributes associated with her as a subject (Alice, HR Specialist, HR Department).  An object example, the HR database, with attributes covering its personally identifiable information (PII) data on employees.

In context-aware authentication MFA is taken a bit further by requiring different authentication based on the context in which access to a data asset is attempted.  For example, a user attempting access within the geofenced proximity of the organization might require less stringent authentication than a user who is not within that location.  The data to be accessed can also be a factor used to make a context-aware authentication decision.

USB On-The-Go (USB OTG): USB On-The-Go (OTG) was developed as a mechanism to plug devices such as external drives, cameras, keyboards, and mice into smartphones or tablets. For example, when an external storage drive is connected via USB OTG, it then presents on the compatible mobile device as a drive that can be read from and written to. It’s a very cool way to add functionality to a mobile device but presents security concerns just as any USB drive would if plugged into a desktop system, including the ability to transmit malware.

What is it compares the user’s authentication credentials against those of the server’s database. If the credentials match, the user is granted access to the rest of the network. The client’s credentials that are sent to the RADIUS server are encrypted to prevent someone from capturing the transmission. RADIUS servers also include accounting and reporting functions that can monitor and log data on each connection, such as packet and protocol types, as well as the length of time connected.

What is IEEE 802.1X

What is  Identity provider (IdP):  XML-based SAML Security Assertion Markup Language and OpenID Connect protocol

Web-based SSO can be problematic due to disparate proprietary technologies. To help the XML-based Security Assertion Markup Language (SAML) and the OpenID Connect protocol were developed. OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 family. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible.” Both OpenID Connect and SAML specify separate roles for the user, the service provider, and the identity provider. Shibboleth is also based on SAML.

What is Online Certificate Status Protocol (OCSP)

(OCSP). It contains less information than a CRL does, and the client side of the communication is less complex. However, OCSP does not require encryption, making it less secure than CRL.

What is and PAP Password Authentication Protocol, which sends usernames and passwords in clear text obviously insecure and to be avoided.

What is Kerberos and Tickets 

Geolocation can be used to retive item or track an item, and Many mobile devices, primarily smartphones, contain Global Positioning System (GPS) chips so that they can be tracked by and use the services of GPS satellites.

What is (HSM)Hardware Security Modules.  Many processes take advantage of asymmetric key storage, authentication, encryption/decryption, and other functions can often swamp CPUs and operating systems. For Web servers, ATMs, or other applications that perform high amounts of key handling, it’s beneficial to offload this work to a hardware security module (HSM).

What is hardware are placed on the network and software are on a host

What is LEAP was replaced with EAP-FAST (for Flexible Authentication via Secure Tunneling), which addresses LEAP’s security issues. EAP-FAST is lightweight but uses TLS tunnels to add security during authentication

What is Impossible travel time: location hopping that is not possible

risky login: using behavior analytics of a number of inputs, including login location, previous user behavior, and activities that have been flagged for known attack behaviors. If the risk is calculated to be high, policy can be enforced to block access completely, allow access, or only allow access with successful multifactor authentication.