Bash, the Crucial Exams Chat Bot
AI Bot
Access Control, Authentication, and Identity Management (CCNACBR) Flashcards
Cisco CCNA Cybersecurity 200-201 CCNACBR Flashcards
Study our Access Control, Authentication, and Identity Management (CCNACBR) flashcards for the Cisco CCNA Cybersecurity 200-201 CCNACBR exam with 47+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Best practice for storing credentials? | Store only hashed salted passwords not plaintext |
| Define account lifecycle stages? | Provisioning Maintenance Deprovisioning |
| Define certificate based authentication? | Using digital certificates to authenticate identity |
| Define multifactor authentication | MFA requires two or more independent authentication factors |
| Define role based access control | RBAC assigns permissions to roles and users inherit those roles |
| Difference between RADIUS and TACACS plus in separation of duties? | RADIUS combines authentication and authorization while TACACS plus separates them |
| Example of something you are in MFA? | Biometric like fingerprint or iris |
| Example of something you have in MFA? | Hardware token or mobile authenticator app |
| How to mitigate credential stuffing? | Use MFA rate limiting and detect unusual login patterns |
| Name a recommended password hashing algorithm | Scrypt bcrypt or Argon2 |
| Name the three common authentication factor types? | Something you know Something you have Something you are |
| Primary function of RADIUS server? | Centralized authentication and accounting for network access |
| Primary function of TACACS plus? | Centralized authentication authorization and command logging for devices |
| Purpose of multi layer authentication defense? | Reduce single point of failure and increase attack cost |
| Purpose of PAM modules? | Allow modular authentication methods for applications and services |
| Purpose of Privilege Separation? | Limit use of elevated privileges to reduce attack surface |
| What are orphaned accounts? | Accounts that are active but no longer associated with an authorized user |
| What does AAA stand for? | Authentication Authorization Accounting |
| What is account deprovisioning? | Removing access when no longer needed terminating accounts |
| What is account provisioning? | Creating user accounts and assigning initial access |
| What is attribute based access control? | ABAC grants access based on attributes of user resource and environment |
| What is audit logging for authentication events? | Recording authentication attempts for monitoring and incident response |
| What is certificate revocation list? | List of revoked certificates maintained by CA |
| What is CHAP authentication? | Challenge Handshake Authentication Protocol uses challenge response and hashed values |
| What is credential rotation? | Regularly changing passwords keys or secrets |
| What is credential stuffing attack? | Using stolen username password pairs to attempt access on other services |
| What is federated identity? | Trust relationship allowing identity reuse across organizational boundaries |
| What is hardware security module HSM used for? | Secure generation and storage of cryptographic keys |
| What is just in time access? | Provisioning privileges only for the time they are needed |
| What is least privilege for administrators? | Grant admin rights only to those who need them and scope rights narrowly |
| What is least privilege for service accounts? | Limit service account rights to only required operations |
| What is mutual authentication? | Both client and server verify each other identities |
| What is PAM in Unix like systems? | Pluggable Authentication Modules framework for authentication |
| What is PAP authentication? | Password Authentication Protocol cleartext password transmission |
| What is password hashing? | Transforming a password into a fixed length value using a hash function |
| What is password stretching? | Applying a hash function many times to slow brute force attacks |
| What is secure secret storage? | Using a vault to manage and encrypt secrets centrally |
| What is separation of duties? | Divide tasks across people to prevent fraud and mistakes |
| What is session management best practice? | Enforce session timeouts and reauthentication for sensitive actions |
| What is single sign on? | SSO allows one authentication to grant access to multiple systems |
| What is the principle of least privilege? | Users receive only the minimum access necessary to perform tasks |
| What is the risk of shared accounts? | Loss of accountability and audit trail |
| What transport protocol does RADIUS commonly use? | UDP |
| What transport protocol does TACACS plus use? | TCP |
| Why enforce periodic access reviews? | To ensure access remains appropriate and to detect orphaned accounts |
| Why rotate credentials? | To limit exposure time if secrets are compromised |
| Why use salt in password hashing? | Salt prevents identical passwords from producing the same hash |
About the Flashcards
Flashcards for the Cisco CCNA Cybersecurity exam reinforce core authentication and authorization concepts every candidate must master. Review AAA services, compare RADIUS and TACACS+ transport choices, and test your recall of PAP, CHAP, mutual and certificate-based authentication. Cards also drill multifactor factors, single sign-on, and federation so you can identify the right identity solution for any scenario.
Next, focus shifts to enforcing least privilege with RBAC, ABAC, just-in-time access, and rigorous account lifecycle controls. You will memorize password hashing, salting, stretching and secure vaulting practices, along with credential rotation, HSM use, session timeouts, audit logging, and tactics that stop credential-stuffing attacks.
Topics covered in this flashcard deck:
- AAA, RADIUS, TACACS+
- Authentication protocols, MFA
- SSO and federated identity
- Access control models
- Credential hashing & storage
- Session management and auditing