Lab 5 Assessment |

1. They are a. Password b. Token c. Shared secret 2. Authorization is a set of rights defined for a subject and an object; this concept is aligned with Identification and Authentication because these are the 3 steps to the access control process 3. Remote Access servers, Authentication servers, and Logical IDS 4. Network should be both connected and secured physically and remotely in order to avoid unauthorized access to the system. The three are the computer has authorized access. Computer settings must be in compliance with the security standards, and the user having authorization access. 5. NAC Systems implement network security policy at the network access point relatively than the client (endpoint) operating system. Reliant on the system architecture and configuration, NAC systems can deliver physical port security or logical port/access security. NAC systems necessitate authentication for both the endpoint and user before the network access point forwards traffic for that client 6. PKI refers to a framework of programs, data standards, communication protocols, policies, and cryptographic mechanisms. The PKI infrastructure delivers for the generation, production, spreading, control, accounting and obliteration of public key certificates. PKI offers a selection of facilities containing issuance of digital certificates to individual users and servers, end-user enrollment software, assimilation with certificate directories. 7. Public key or asymmetric cryptography uses a pair of simultaneously generated keys to perform encryption and decryption. The private key is used to encrypt, the public key can be used to decrypt and verify that the sender holds the private key. This process is used for authentication or digital signature, and supports non-repudiation. 8. One of the most important components of PKI is the X.509 formatted public key certificate. This certificate is a data file that binds the identity of an entity to a public key. 9. With biometric access control technology, administrators are the only users that interact with the system beyond the biometric capture device. Therefore, if the administrator unable to verify the identification then the system will authorize the access. 10. The PKI infrastructure delivers for the generation, production, distribution, control, accounting and destruction of public key certificates. PKI provides a variety of services including issuance of digital certificates to individual users and servers, end-user enrollment software, integration with certificate directories, tools for managing, renewing, and revoking certificates using Certificate Revocation Lists (CRLs), and related services and support 11. Category I, II, and III 12. False 13. False 14. True 15. The sturdiest security controls should be at the point closest to the asset. The access control perimeter is the outmost layer that the data owner and/or Security Manager be contingent on to confirm access control for the assets being endangered. Persons inside the access control perimeter are known or trusted to an assured point.