Information Technology / CompTIA Security+ (SY0-601): Authentication

CompTIA Security+ (SY0-601): Authentication

Information Technology25 CardsCreated 9 months ago

This set of flashcards explores time- and event-based authentication mechanisms like TOTP and HOTP, along with advanced identity solutions such as context-aware authentication and Federated Identity Management (FidM), including both cross-certification and trusted third-party models for secure identity sharing.

Report

TOTP

Time-Based One-Time Password:

A password is computed from a shared secret and current time

Rate to track your progress ✦

Tap to flipTap or swipe ↕ to flip

Space↑↓

←→Swipe ←→Navigate

SSpeak

FFocus

1/25

Key Terms

Term

Definition

TOTP

Time-Based One-Time Password:

A password is computed from a shared secret and current t...

HOTP

HMAC-based One-Time Password:

A password is computed from a shared secret and is synchr...

Context-Aware Authentication

Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect

FidM

Federated Identity Management:

A single identity is created for a user and shared with ...

FidM: Cross-Certification

Utilizes a web of trust between organizations where each one certifies others in the federation

FidM: Trusted Third-Party

Organizations are able to place their trust in a single third-party (also called the bridge model)

FidM: SAML

Security Assertion Markup Language:
Attestation model built upon XML used to share federated identity management info...

802.1x

Standardized framework used for port-based authentication on wired and wireless networks

EAP

Extensible Authentication Protocol:
A framework of protocols that allows for numerous methods of authentication inclu...

VPN Concentrator

Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers

Split Tunneling

A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection<...

Password Spraying

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

Credential Stuffing

Brute force attack in which stolen user account names and passwords are tested against multiple websites

Broken Authentication

A software vulnerability where the authentication mechanism allows an attacker to gain entry

OAuth

Authorization framework
Determines what resources a user can access
Created by Google/Twitter/others
Used with ...

Related Flashcard Decks

Information Technology

Introduction to Database Management and Computer Systems

This deck covers fundamental concepts in database management systems and computer systems, including data models, SQL, and system architecture.

10 cards

View Deck

Information Technology

Java Programming Concepts

This deck covers key concepts in Java programming, including classes, methods, constructors, and object-oriented principles. It includes examples of using classes like Rectangle, Point, Student, and more, with a focus on understanding object creation, method calls, and class interactions.

30 cards

View Deck

Information Technology

DOD Cyber Awareness Challenge 2025 Knowledge check-1 Part 2

This deck covers the key concepts and safety practices from the DOD Cyber Awareness Challenge 2025, focusing on social networking, mobile security, insider threats, and more.

20 cards

View Deck

Information Technology

Controlled Unclassified Information (CUI) Training

This deck covers key concepts and guidelines related to Controlled Unclassified Information (CUI) as outlined in the DoD CUI program.

15 cards

View Deck

Information Technology

Cyber Awareness Challenge 2024 (Knowledge Pre-Check)

This deck covers key concepts and best practices for cyber awareness, including handling classified information, social networking, teleworking, and more.

21 cards

View Deck

Information Technology

Personally Identifiable Information Part 1

This deck covers key concepts related to the management and protection of Personally Identifiable Information (PII), including legal responsibilities, privacy impact assessments, and safeguards.

15 cards

View Deck

Information Technology

DOD Cyber Awareness Challenge 2025 Knowledge Check-1 Part 1

This flashcard deck covers key concepts from the DOD Cyber Awareness Challenge 2025, including best practices for online security, identity protection, and appropriate use of government resources.

20 cards

View Deck

Information Technology

Personally Identifiable Information Part 2

This deck covers key concepts related to the protection and management of Personally Identifiable Information (PII), including common threats, compliance requirements, and safeguarding measures.

15 cards

View Deck

Information Technology

Animation and Games CodeHS Part 5

A set of flashcards covering key concepts from CodeHS Part 5: Animation and Games, including circles, shapes, and event handling.

11 cards

View Deck

CompTIA Security+ (SY0-601): Authentication

Term	Definition
TOTP	Time-Based One-Time Password: A password is computed from a shared secret and current time
HOTP	HMAC-based One-Time Password: A password is computed from a shared secret and is synchronized between the client and the server
Context-Aware Authentication	Process to check the user’s or system’s attributed or characteristics prior to allowing it to connect Restrict authentication based on the time of day or location
FidM	Federated Identity Management: A single identity is created for a user and shared with all of the organizations in a federation
FidM: Cross-Certification	Utilizes a web of trust between organizations where each one certifies others in the federation
FidM: Trusted Third-Party	Organizations are able to place their trust in a single third-party (also called the bridge model) Trusted third-party model is more efficient than a cross certification or web of trust mode
FidM: SAML	Security Assertion Markup Language: Attestation model built upon XML used to share federated identity management information between systems Open standard for authentication & authorization Authenticate via third-party
FidM: OpenID	An open standard and decentralized protocol that is used to authenticate users in a federated identity management system Used in conjunction with OAuth2 User logs into an Identity Provider (IdP) and uses their account at Relying Parties (RP) OpenID is easier to implement than SAML SAML is more efficient than OpenID
802.1x	Standardized framework used for port-based authentication on wired and wireless networks Helps prevent rogue devices (Ex: RADIUS, TACACS+)
EAP	Extensible Authentication Protocol: A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure EAP-MD5 uses simple passwords for its challenge-authentication EAP-TLS uses digital certificates for mutual authentication EAP-TTLS uses a server-side digital certificate and a client-side password for mutual authentication
EAP-FAST	Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication
PEAP & LEAP	Protected EAP: Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password Lightweight EAP: Proprietary to Cisco-based networks (supposedly FAST is an upgrade from LEAP)
LDAP	Lightweight Directory Access Protocol: A database used to centralize information about clients and objects on the network Unencrypted: Port 389 Encrypted: Port 636 Active Directory is Microsoft’s version
Kerberos	An authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets Port 88 A domain controller can be a single point of failure for Kerberos
PAP	Password Authentication Protocol: Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted (in the clear)
CHAP	Challenge-Handshake Authentication Protocol: Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers 3-way handshake After link, server sends challenge message Client responds with password hash calculated from challenge & password Server compares hash with stored hash Occurs periodically
VPN Concentrator	Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers
Split Tunneling	A remote worker’s machine diverts internal traffic over the VPN but external traffic over their own internet connection Prevent split tunneling through proper configuration and network segmentation
RADIUS	Centralization administration system for dial-up, VPN, and wireless authentication that uses either ports 1812/1813 (UDP) or 1645/1646 (UDP) Operates at layer 7
TACACS+	Cisco’s proprietary version of RADIUS that provides separate authentication and authorization functions over port 49 (TCP)
MitB	Man-in-the-Browser Attack: Intercepts API calls between the browser process and its DLLs
Password Spraying	Brute force attack in which multiple user accounts are tested with a dictionary of common passwords
Credential Stuffing	Brute force attack in which stolen user account names and passwords are tested against multiple websites Credential stuffing can be prevented by not reusing passwords across different websites
Broken Authentication	A software vulnerability where the authentication mechanism allows an attacker to gain entry Weak password credentials Weak password reset methods Credential exposure Session hijacking
OAuth	Authorization framework Determines what resources a user can access Created by Google/Twitter/others Used with OpenID - handles the SSO authentication

Learning Tools

Writing Tools

Browse Resources

CompTIA Security+ (SY0-601): Authentication

TOTP

Key Terms

Related Flashcard Decks

Company

Explore

Study Tools