Basics
Verifying the identity of the person or device attempting to access the system, which includes entering a password or presenting a smart card.
Authentication
Security system that allows users to access resources based on their permissions. Uses access control lists (ACLs) to specific company resources.
Discretionary Access Control (DAC)
Which is better for passwords? Length or complexity?
Length
Basic authentication is simple and involves just ...
username & password
The MFA tool used at the University of Denver to allow access to resources.
DUO
Allows access to distinct resources post-authentication.
Authorization
Security approach that restricts access to users based on roles within the organization.
Role Based Access Control (RBAC)
Type 1 authentication is something that you...
KNOW
Authentication type that includes fingerprints, retina and iris patterns, voice patterns and faces.
Biometric
A system-generated password that is used to authenticate for one session only.
One Time Password
Sentence-like string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.
Passphrase
Authorization model that evaluates attributes (or characteristics), rather than roles, to determine access.
Attribute-based access control (ABAC)
Trial-and-error method to try and crack passwords, submitting multiple requests with the hope of guessing the correct password.
Brute-Forcing
Type 3 authentication is something you
ARE
Jen Easterly of CISA says that implementation of MFA can reduce risk by what percentage?
99%
Enables security professionals to keep track of the accesses that take place on any given resource over time.
Accounting
System-controlled access to objects based on the level of clearance assigned to each user. Relies on security labels for resources.
Mandatory Access Control (MAC)
Which NIST publication specifies the guidance to use passphrases versus passwords
NIST 800-63
With this approach, a user only has to enter their login credentials one time on a single page to access all of their SaaS applications.
Single Sign-On (SSO)
Type 2 authentication is something that you....
HAVE