Access Mgmt

Question 1

What is IAM?

Answer 1

ID Access Mgmt

Question 2

IAM is sec & bus discipline that ?

Answer 2

“Enables right individual & sys to access right resources at right times for right reasons”

Question 3

IAM could also support (3):

Answer 3

1. Could include customers
2. BYOD – securing non-Web Application program (API)
   & using Corp ID is norm
3. Support Cloud base application w/ IAM

Question 4

Who is responsible for granting access to a user in federated identity management?

A. Identity provider
B. Relying party
C. SaaS provider
D. User

Answer 4

B. Relying party

Question 5

An organization requires that it federates its internal systems and their externally hosted SaaS finance system so a user does not have to re-authenticate. This is an example of which of the following?

A. Open authentication
B. Single sign-on
C. Biometric scanning
D. Multifactor authentication

Answer 5

B. Single sign-on

Question 6

Who is the Relying Party in a federated environment, and what do they do?
A. The Customer. They consume tokens generated by
the Identity Provider.
B. The Service Provider. They consume tokens
generated by the customer.
C. The Identity Provider. They consume tokens
generated by the service provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.

Answer 6

D. The Service Provider. They consume tokens

generated by the Identity Provider.

Question 7

What are 2 types of access keys?

Answer 7

Key pairs or x.509 certificates

Question 8

Key pairs consist of (2) keys

Answer 8

Public

Private key

Question 9

Private key is used for?

Answer 9

digital sign

Question 10

Public key is used for?

Answer 10

validation of the signature

Question 11

X.509 certificates contain
__________ + __________

Each certificate is associated with:

Answer 11

public key + metadata (ie: expiration dt)

Each certificate is associated with: PRIVATE KEY

Question 12

What type of encryption over Internet is used?

(2) separate types

Answer 12

1. TLS / SSL – both use x.509 certify, Asymmetric crypto & exchange symmetric key
2. TDE Transparent Data Encrypt – encrypt DB files (MS/Oracle) key based AC sys

Question 13

Which of the following is BEST used when setting up security for services being used within a public cloud?

A. LDAP
B. SFTP
C. SNMP
D. SSL

Answer 13

D. SSL

Question 14

What is Transparent Encryption?

Answer 14

In transparent encryption, the encryption engine resides in the database and is transparent to the application.

Question 15

What is File Level Encryption?

Answer 15

Encryption engine and keys reside on the INSTANCES. The database folder or volume is encrypted, and encryption engine and keys reside on instances attached to volume. It protects against lost backup, external attacks and media theft.

Question 16

What is Application Level Encryption?

Answer 16

Encryption engine resides at the application using the database.

*It protects against a wide array of threats that include application-level attacks, compromised database and administrative accounts.

Question 17

Where does the encryption engine reside when using transparent encryption of database?
A. In Key Management System
B. Within the database
C. On instance(s) attached to the volume
D. At the database-using application

Answer 17

B. Within the database

Question 18

Safe Disposal of Electronic Records?

What is Degaussing?

Answer 18

Degaussing: The use of strong magnets to scramble data on magnetic tapes and hard drives

Question 19

Safe Disposal of Electronic Records?

What is Physical Destruction?

Answer 19

Physical Destruction: Physically shredding or incinerating the records to destroy them completely

Question 20

Safe Disposal of Electronic Records?

What is Overwriting?

Answer 20

Overwriting: Writing unimportant or random data over the real data to make the real data unreadable. More overwrites ensure better destruction of data. 1s & 0s

Question 21

Safe Disposal of Electronic Records?

What is Encryption?

Answer 21

Encryption: Rewriting the data in encrypted format so that it cannot be read without an encryption key.

Question 22

*Only suitable way to dispose data in CLOUD …

Answer 22

1. Encryption.
2. Encrypting data for disposal is called
   Crypto- shredding or digital shredding. *Keys req’d to
   read the data are deliberately destroyed.

Question 23

How does Cloud destroy data?

Answer 23

Crypto Shredding

Question 24

What is Crypto Shredding?

Answer 24

Encrypting data for disposal is called Crypto-shredding or digital shredding. *Keys required to read the data are deliberately destroyed.

Question 25

What is Federated Identity?

Answer 25

Common ID Std for Fed employees/Ctrs for users seeking physical access to Fed Cntl Govt Facilities and electronic access to Govt equipment and networks

Question 26

Federated Identity – (3) Standards?

Answer 26

1. SAML Standard *SSO *Smart Client
2. Open ID Standard *SSO
3. Info Cards *Smart Client

Question 27

What are the differences between the (3) FED ID standards:
1. SAML Standard *SSO *Smart Client
Open std for ____ ______ / ______ data btw parties w/ ___.

2. Open ID Standard *SSO
   ___ party allows users to authenticate using coop sites known as ___ _____.
3. Info Cards *Smart Client
   Personal digital ID used mainly on ___ ___ or ___ party authentication

Answer 27

1. SAML Standard *SSO *Smart Client
   > Exchg Authentication/Authorization
   > IdP
   Open std for exchange authentication / authorization data btw parties w/ IdP. In Public Cloud … user establishes Public key certificate w/ svc, Private key used to sign SOAP request.
2. (3rd party) Allows users to be authenticated by certain
   > 3rd
   > RP Relying Parties
   co-op sites, known as (RP) Relying Parties
   ID provider provides the OPENID authentication, Exchange is enabled by browser used to communicate w/ RP / OPEN ID Provider
3. Are personal digital identities that people can use
   > Mobil ID, 3rd
   online. Does not require card reader, ie: mobile ID & 3rd party authentication
   (3) users: IdP, RP, and Self

Question 28

Which of the following early examples of cloud computing was used for software engineering purposes in the form of web-based applications and required interoperability between different systems?

A. Distributed Computing
B. Service-Oriented Architecture (SOA)
C. Virtual Private Networks (VPNs)
D. Desktop Virtualization

Answer 28

B. Service-Oriented Architecture (SOA)

Question 29

Which of the following is a negative business impact of cloud computing?

A. It lowers the company’s overall application processing availability.
B. It is difficult to implement problem management.
C. It is more difficult to ensure policy compliance.
D. It slows down the company’s ability to deal with server capacity issues.

Answer 29

C. It is more difficult to ensure policy compliance.

Question 30

A specific cloud deployment has been established specifically for financial services companies to consume.
Which of the following BEST describes this type of cloud environment?

A. Private cloud
B. Community cloud
C. Hybrid cloud
D. Public cloud

Answer 30

B. Community cloud

Question 31

Least Privilege consists of (3) benefits?

Answer 31

Better svc (2)

 1. Stability
 2. Security 3. Ease of Deployment (saves steps)

Question 32

What are the benefits of Least Privilege Access?
A. Better service stability, security, & ease of
Deployment
B. Better service stability, lower complexity, better
security, & ease of Deployment
C. Improved availability, lower risk, lower cost of
development, and deployment
D. It is mainly about the best service availability

Answer 32

A. Better service stability, security, & ease of

Deployment

Question 33

How does the Role-Based Access Sec Grp work in the Cloud?

Security Grp acts as Virtual ____, Controls traffic on one/more ______, ______, _____ hosted in cloud.

Answer 33

SECURITY GROUP acts as
FW
services, instances, applications

Virtual FW & controls traffic of one/more services, instances, applications hosted in cloud
Like AD GPO

Question 34

What does the Security Group use to collect :
______ Accts
______ Accts
Other _____ Accts into manageable units

Answer 34

User accts
System accts
Other Grp accts into manageable units.

Question 35

How is the Security Group used?

When you launch ____, ____, ____, you associate one/more ____ _____s with _______. Like AD GPO.

Answer 35

When launch instance, container, application, you associated one/more Sec Groups with service.
*Like AD GPO

instance, container, application
Security Groups (with) service.