8. Identity and Access Management

Question 2

What are the foundations of authentication and authorization?

Answer 2

Identities

Identities are claimed through an authentication process.

Question 3

What methods can users use to claim an identity?

Answer 3

Usernames, certificates, tokens, SSH keys, smartcards

Each method provides additional security capabilities.

Question 4

What attributes are used to describe a user’s identity?

Answer 4

Job, title, personal traits

Attributes are stored as part of the user’s identity.

Question 5

What is single sign-on (SSO)?

Answer 5

Allows users to log in once and access resources across an organization

SSO is a core element of many identity infrastructures.

Question 6

What are critical technologies for modern SSO designs?

Answer 6

LDAP, OAuth, SAML

These technologies are widely used in SSO implementations.

Question 7

What are best practices for password configuration?

Answer 7

Length, complexity, reuse, expiration, age

Understanding each setting is important for security professionals.

Question 8

What role do password managers play in security?

Answer 8

Limit password reuse, manage passwords for organizations

They are effective when implemented with enterprise solutions.

Question 9

What does multifactor authentication rely on?

Answer 9

Additional factors beyond passwords

Potential factors include biometrics and hardware/software tokens.

Question 10

What are the distinct factors in multifactor authentication?

Answer 10

Something you know, something you have, something you are, somewhere you are

Each factor provides a different layer of security.

Question 11

What are the types of user accounts?

Answer 11

Users, guests, administrative (privileged), service accounts

Understanding account types is crucial for managing access.

Question 12

What is privileged access management (PAM)?

Answer 12

Focuses on controlling privileged accounts and rights

Techniques include just-in-time permission granting and ephemeral accounts.

Question 13

What do access control schemes determine?

Answer 13

What rights accounts have

Access control schemes are essential for managing user permissions.

Question 14

What is attribute-based access control (ABAC)?

Answer 14

Employs user attributes to determine access

ABAC is one of the key access control schemes.

Question 15

What is role-based access control (RBAC)?

Answer 15

Makes decisions based on roles

RBAC is commonly used for managing user permissions.

Question 16

What is rule-based access control?

Answer 16

Uses rules to control access

Sometimes referred to as a variant of RBAC.

Question 17

What is mandatory access control (MAC)?

Answer 17

Relies on the system administrator to control access

MAC is stricter compared to discretionary access control.

Question 18

What is discretionary access control (DAC)?

Answer 18

Allows users to make decisions about access to files and directories

DAC provides more flexibility to users.

Question 19

What is the focus of privileged access management (PAM)?

Answer 19

Controlling administrative accounts

PAM helps in managing permissions for sensitive operations.

Question 20

What do test takers need to know about filesystem permissions?

Answer 20

How to use and apply common filesystem permissions

Understanding permissions is critical for security management.