8 - Identity and Access Management Flashcards
Summarize authentication and authorization design concepts; given scenarios, be able to implement identity and account management controls, and execute authentication/authorization solutions
Angela has chosen to federate with other organizations to allow use of services that each org provides. What role does Angela’s org play when they authenticate their users and assert that those users are valid to other members of the federation?
Identity Provider (IdP)
What technology is the least effective means of preventing shared accounts?
Password Complexity Requirements
What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?
The cloud service will provide account and identity management services
Elaine want to implement an AAA system. Which of the following is an AAA system she could implement?
- RADIUS
- SAML
- OAuth
- LDAP
Remote Authentication Dial-In User Service (RADIUS)
What type of multifactor authentication is considered the least secure?
Short Message Service (SMS) -or- Texting
Samantha wants to set an account policy that ensures that devices can be used only while the user is in the org’s main facility. What type of account policy should she set?
Geofencing
Michelle enables the Windows 10 picture password feature to control logins for her laptop. What type of authentication attribute will this provide?
Something you can do
[Picture Password is a type of Captcha(c), in this case]
What is HSM used for?
To generate, manage, and securely store cryptographic keys
Theresa wants to implement an access control scheme that sets permissions based on what the individual’s job requires. What scheme is most suited to this type of implementation?
Role-Based Access Control (RBAC)
What biometric technology is most broadly deployed due to its ease of use and acceptance from end users?
Fingerprint Scanners
Charles has implemented LDAP for his organization. What type of service has he enabled?
A directory service
A PIN is an example of what type of factor?
Something you know
Melissa is planning on implementing biometric authentication on her network. What should be the goal for any biometric solution she selects?
Low Cross-over Error Rate (CER)
What type of attack does an account lockout policy help to prevent?
Brute Force
Password complexity, password history, and password reuse are all examples of what?
Account Policies