8 - Identity and Access Management

Question 1

Angela has chosen to federate with other organizations to allow use of services that each org provides. What role does Angela’s org play when they authenticate their users and assert that those users are valid to other members of the federation?

Answer 1

Identity Provider (IdP)

Question 2

What technology is the least effective means of preventing shared accounts?

Answer 2

Password Complexity Requirements

Question 3

What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?

Answer 3

The cloud service will provide account and identity management services

Question 4

Elaine want to implement an AAA system. Which of the following is an AAA system she could implement?

• RADIUS
• SAML
• OAuth
• LDAP

Answer 4

Remote Authentication Dial-In User Service (RADIUS)

Question 5

What type of multifactor authentication is considered the least secure?

Answer 5

Short Message Service (SMS) -or- Texting

Question 6

Samantha wants to set an account policy that ensures that devices can be used only while the user is in the org’s main facility. What type of account policy should she set?

Answer 6

Geofencing

Question 7

Michelle enables the Windows 10 picture password feature to control logins for her laptop. What type of authentication attribute will this provide?

Answer 7

Something you can do

[Picture Password is a type of Captcha(c), in this case]

Question 8

What is HSM used for?

Answer 8

To generate, manage, and securely store cryptographic keys

Question 9

Theresa wants to implement an access control scheme that sets permissions based on what the individual’s job requires. What scheme is most suited to this type of implementation?

Answer 9

Role-Based Access Control (RBAC)

Question 10

What biometric technology is most broadly deployed due to its ease of use and acceptance from end users?

Answer 10

Fingerprint Scanners

Question 11

Charles has implemented LDAP for his organization. What type of service has he enabled?

Answer 11

A directory service

Question 12

A PIN is an example of what type of factor?

Answer 12

Something you know

Question 13

Melissa is planning on implementing biometric authentication on her network. What should be the goal for any biometric solution she selects?

Answer 13

Low Cross-over Error Rate (CER)

Question 14

What type of attack does an account lockout policy help to prevent?

Answer 14

Brute Force

Question 15

Password complexity, password history, and password reuse are all examples of what?

Answer 15

Account Policies

Question 16

Scott wants to allow users to bring their own credentials to his website so that they can log in using Google or Microsoft accounts without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their info?

Answer 16

OpenID

Question 17

Trevor is deploying the Google Authenticator mobile application for use in his org. What type of one-time password system does Google Authenticator use in its default mode?

Answer 17

Time-based One-time Passwords (TOTP)

Question 18

Nina’s org uses SSH keys to provide secure access between systems. What are common security concerns when using SSH keys?

Answer 18

Inadvertent exposure of the private key, weak passwords/passphrases, and SSH key sprawl

Question 19

A person’s name, age, location, or job title are all examples of what?

Answer 19

Attributes

Question 20

What type of access control scheme best describes the Linux Filesystem?

Answer 20

Discretionary Access Control (DAC) - Read, write, and execute permission are all default on standard Linux Filesystems