CISSP Friday-Five Questions: Identity and access management.

In a good password policy, which should be allowed?

Passwords should never contain: The name of a pet, child, family member, significant other, anniversary dates, birthdays, birthplace, favorite holiday, something related to a favorite sports team, or the word "password". Winter2017 is not a good password, even if it does fulfil the password requirements. The official recommendations by the U.S. Department of Defense and Microsoft. Password history = set to remember 24 passwords. Maximum password age = 90 days. Minimum password age = 2 days (to prevent users from cycling through 24 passwords to return to their favorite password again). Minimum password length = 8 characters. Passwords must meet complexity requirements = true. Store password using reversible encryption = false.

Type 1 authentication is:

Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are.

Which authentication form is the worst to have compromised, because it can't be changed?

Something you are - Type 3 Authentication (Biometrics): Lost passwords and ID cards can be replaced with new different ones, biometrics can’t. You can't change your fingerprints, once compromised they are always compromised.

PINs, passwords and passphrases are which type of authentication?

Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are.

Which authentication protocol is no longer considered secure?

TACACS (The Terminal Access Controller Access Control System): Centralized access control system requiring users to send an ID and reusable (vulnerable) passwords for authentication, because of this it is no longer considered secure. Uses TCP/UDP port 49. TACACS has generally been replaced by TACACS+ and RADIUS.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

Leave a Reply