Menu

1.5 Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.

Credential management

 Password repository application

  End-user password storage
  On premises vs. cloud repository

 Hardware key manager

 Privileged access management

Password policies

 Complexity

 Length

 Character classes

 History

 Maximum/minimum age

 Auditing

 Reversable encryption

Federation

 Transitive trust

 OpenID

 Security Assertion Markup Language (SAML)

 Shibboleth

Access control

 Mandatory access control (MAC)

 Discretionary access control (DAC)

 Role-based access control

 Rule-based access control

 Attribute-based access control

Protocols

 Remote Authentication Dial-in User Server (RADIUS)

 erminal Access Controller Access Control System (TACACS)

 Diameter

 Lightweight Directory Access Protocol (LDAP)

 Kerberos

 OAuth

 802.1X

Extensible Authentication Protocol (EAP)

Multifactor authentication (MFA)

 Two-factor authentication (2FA)

 2-Step Verification

 In-band

 Out-of-band

One-time password (OTP)

 HMAC-based one-time password (HOTP)

 Time-based one-time password (TOTP)

Hardware root of trust

Single sign-on (SSO)

JavaScript Object Notation (JSON) web token (JWT)

Attestation and identity proofing

Security Architecture

CASP+ Home