8 - Identity and Access Management Flashcards

Summarize authentication and authorization design concepts; given scenarios, be able to implement identity and account management controls, and execute authentication/authorization solutions

1
Q

Angela has chosen to federate with other organizations to allow use of services that each org provides. What role does Angela’s org play when they authenticate their users and assert that those users are valid to other members of the federation?

A

Identity Provider (IdP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What technology is the least effective means of preventing shared accounts?

A

Password Complexity Requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?

A

The cloud service will provide account and identity management services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Elaine want to implement an AAA system. Which of the following is an AAA system she could implement?

  • RADIUS
  • SAML
  • OAuth
  • LDAP
A

Remote Authentication Dial-In User Service (RADIUS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of multifactor authentication is considered the least secure?

A

Short Message Service (SMS) -or- Texting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Samantha wants to set an account policy that ensures that devices can be used only while the user is in the org’s main facility. What type of account policy should she set?

A

Geofencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Michelle enables the Windows 10 picture password feature to control logins for her laptop. What type of authentication attribute will this provide?

A

Something you can do

[Picture Password is a type of Captcha(c), in this case]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is HSM used for?

A

To generate, manage, and securely store cryptographic keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Theresa wants to implement an access control scheme that sets permissions based on what the individual’s job requires. What scheme is most suited to this type of implementation?

A

Role-Based Access Control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What biometric technology is most broadly deployed due to its ease of use and acceptance from end users?

A

Fingerprint Scanners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Charles has implemented LDAP for his organization. What type of service has he enabled?

A

A directory service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A PIN is an example of what type of factor?

A

Something you know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Melissa is planning on implementing biometric authentication on her network. What should be the goal for any biometric solution she selects?

A

Low Cross-over Error Rate (CER)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of attack does an account lockout policy help to prevent?

A

Brute Force

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Password complexity, password history, and password reuse are all examples of what?

A

Account Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Scott wants to allow users to bring their own credentials to his website so that they can log in using Google or Microsoft accounts without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their info?

A

OpenID

17
Q

Trevor is deploying the Google Authenticator mobile application for use in his org. What type of one-time password system does Google Authenticator use in its default mode?

A

Time-based One-time Passwords (TOTP)

18
Q

Nina’s org uses SSH keys to provide secure access between systems. What are common security concerns when using SSH keys?

A

Inadvertent exposure of the private key, weak passwords/passphrases, and SSH key sprawl

19
Q

A person’s name, age, location, or job title are all examples of what?

A

Attributes

20
Q

What type of access control scheme best describes the Linux Filesystem?

A

Discretionary Access Control (DAC) - Read, write, and execute permission are all default on standard Linux Filesystems