CompTIA Security+ Cert Prep 4 IAM
(Answered) 100% Correct. Updated Fall
2024/2025.
identification
uniquely identify each user by usernames, access cards, biometrics
usernames
usually a first initial and last name
should not be considered secret
access cards
often serve as a proof of employment
may perform both authentication and identification
biometrics
uses "something you are" authentication approaches
low false acceptance/rejection rates
low intrusiveness
EX. fingerprint scans, eye scans, voiceprint matching, facial recognition
something you know, something you have, something you are
authentication factors - proof of identity
false acceptance
system misidentifies an individual as an authorized user
measured by FAR
very serious
false rejection
system fails to recognize an authorized user
measured by FRR
less serious, effects availability
cross over error rate (CER)
efficacy rate that occurs when administrators tune the system to have equal FAR's and FRR's
multifactor authentication
A combination of two or more authentications a user must pass to access an information system, such as
a fingerprint scan combined with a password. (Something you know, something you are)
, Password Authentication Protocol (PAP)
The oldest and most basic form of authentication and also the least safe because it sends all passwords
in cleartext.
-requires the use of external encryption to protect passwords
Challenge Handshake Authentication Protocol (CHAP)
performs one-way authentication. However, authentication is performed through a three-way handshake
(challenge, response, and acceptance messages) between a server and a client. The three-way
handshake allows a client to be authenticated and secure without sending credential information across
a network.
federated identity management (FIM)
When a user's identity is shared across multiple identity management systems.
-reduces the number of individual identities a user must have
single sign-on (SSO)
authentication systems that shares a single authentication session across multiple systems, avoiding
asking users to log in multiple times.
one-way trust
Domain 1 trusts Domain 2, but Domain 2 does not trust Domain 1
two-way trust
domain 1 and 2 trust each other
transitive trust
trust relationships transfer across domains without administrator creating trust
non-transitive trust
trust relationships do not transfer across domains unless administrator creates trust
RADIUS and TACACS
provide centralized approaches for authentication, authorization, and accounting
Remote Access Dial-In User Service (RADIUS)
An authentication framework that allows for centralized authentication functions for all network access
devices.
application server
a RADIUS client is usually an ____
uses unreliable User Datagram Protocol (UDP)
does not encrypt entire authentication sequence
(Answered) 100% Correct. Updated Fall
2024/2025.
identification
uniquely identify each user by usernames, access cards, biometrics
usernames
usually a first initial and last name
should not be considered secret
access cards
often serve as a proof of employment
may perform both authentication and identification
biometrics
uses "something you are" authentication approaches
low false acceptance/rejection rates
low intrusiveness
EX. fingerprint scans, eye scans, voiceprint matching, facial recognition
something you know, something you have, something you are
authentication factors - proof of identity
false acceptance
system misidentifies an individual as an authorized user
measured by FAR
very serious
false rejection
system fails to recognize an authorized user
measured by FRR
less serious, effects availability
cross over error rate (CER)
efficacy rate that occurs when administrators tune the system to have equal FAR's and FRR's
multifactor authentication
A combination of two or more authentications a user must pass to access an information system, such as
a fingerprint scan combined with a password. (Something you know, something you are)
, Password Authentication Protocol (PAP)
The oldest and most basic form of authentication and also the least safe because it sends all passwords
in cleartext.
-requires the use of external encryption to protect passwords
Challenge Handshake Authentication Protocol (CHAP)
performs one-way authentication. However, authentication is performed through a three-way handshake
(challenge, response, and acceptance messages) between a server and a client. The three-way
handshake allows a client to be authenticated and secure without sending credential information across
a network.
federated identity management (FIM)
When a user's identity is shared across multiple identity management systems.
-reduces the number of individual identities a user must have
single sign-on (SSO)
authentication systems that shares a single authentication session across multiple systems, avoiding
asking users to log in multiple times.
one-way trust
Domain 1 trusts Domain 2, but Domain 2 does not trust Domain 1
two-way trust
domain 1 and 2 trust each other
transitive trust
trust relationships transfer across domains without administrator creating trust
non-transitive trust
trust relationships do not transfer across domains unless administrator creates trust
RADIUS and TACACS
provide centralized approaches for authentication, authorization, and accounting
Remote Access Dial-In User Service (RADIUS)
An authentication framework that allows for centralized authentication functions for all network access
devices.
application server
a RADIUS client is usually an ____
uses unreliable User Datagram Protocol (UDP)
does not encrypt entire authentication sequence
