Access Mgmt Flashcards
What is IAM?
ID Access Mgmt
IAM is sec & bus discipline that ?
“Enables right individual & sys to access right resources at right times for right reasons”
IAM could also support (3):
- Could include customers
- BYOD – securing non-Web Application program (API)
& using Corp ID is norm - Support Cloud base application w/ IAM
Who is responsible for granting access to a user in federated identity management?
A. Identity provider
B. Relying party
C. SaaS provider
D. User
B. Relying party
An organization requires that it federates its internal systems and their externally hosted SaaS finance system so a user does not have to re-authenticate. This is an example of which of the following?
A. Open authentication
B. Single sign-on
C. Biometric scanning
D. Multifactor authentication
B. Single sign-on
Who is the Relying Party in a federated environment, and what do they do?
A. The Customer. They consume tokens generated by
the Identity Provider.
B. The Service Provider. They consume tokens
generated by the customer.
C. The Identity Provider. They consume tokens
generated by the service provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
What are 2 types of access keys?
Key pairs or x.509 certificates
Key pairs consist of (2) keys
Public
Private key
Private key is used for?
digital sign
Public key is used for?
validation of the signature
X.509 certificates contain
__________ + __________
Each certificate is associated with:
public key + metadata (ie: expiration dt)
Each certificate is associated with: PRIVATE KEY
What type of encryption over Internet is used?
(2) separate types
- TLS / SSL – both use x.509 certify, Asymmetric crypto & exchange symmetric key
- TDE Transparent Data Encrypt – encrypt DB files (MS/Oracle) key based AC sys
Which of the following is BEST used when setting up security for services being used within a public cloud?
A. LDAP
B. SFTP
C. SNMP
D. SSL
D. SSL
What is Transparent Encryption?
In transparent encryption, the encryption engine resides in the database and is transparent to the application.
What is File Level Encryption?
Encryption engine and keys reside on the INSTANCES. The database folder or volume is encrypted, and encryption engine and keys reside on instances attached to volume. It protects against lost backup, external attacks and media theft.
What is Application Level Encryption?
Encryption engine resides at the application using the database.
*It protects against a wide array of threats that include application-level attacks, compromised database and administrative accounts.
Where does the encryption engine reside when using transparent encryption of database? A. In Key Management System B. Within the database C. On instance(s) attached to the volume D. At the database-using application
B. Within the database
Safe Disposal of Electronic Records?
What is Degaussing?
Degaussing: The use of strong magnets to scramble data on magnetic tapes and hard drives
Safe Disposal of Electronic Records?
What is Physical Destruction?
Physical Destruction: Physically shredding or incinerating the records to destroy them completely
Safe Disposal of Electronic Records?
What is Overwriting?
Overwriting: Writing unimportant or random data over the real data to make the real data unreadable. More overwrites ensure better destruction of data. 1s & 0s
Safe Disposal of Electronic Records?
What is Encryption?
Encryption: Rewriting the data in encrypted format so that it cannot be read without an encryption key.
*Only suitable way to dispose data in CLOUD …
- Encryption.
- Encrypting data for disposal is called
Crypto- shredding or digital shredding. *Keys req’d to
read the data are deliberately destroyed.
How does Cloud destroy data?
Crypto Shredding
What is Crypto Shredding?
Encrypting data for disposal is called Crypto-shredding or digital shredding. *Keys required to read the data are deliberately destroyed.
What is Federated Identity?
Common ID Std for Fed employees/Ctrs for users seeking physical access to Fed Cntl Govt Facilities and electronic access to Govt equipment and networks
Federated Identity – (3) Standards?
- SAML Standard *SSO *Smart Client
- Open ID Standard *SSO
- Info Cards *Smart Client
What are the differences between the (3) FED ID standards:
1. SAML Standard *SSO *Smart Client
Open std for ____ ______ / ______ data btw parties w/ ___.
- Open ID Standard *SSO
___ party allows users to authenticate using coop sites known as ___ _____. - Info Cards *Smart Client
Personal digital ID used mainly on ___ ___ or ___ party authentication
- SAML Standard *SSO *Smart Client
> Exchg Authentication/Authorization
> IdP
Open std for exchange authentication / authorization data btw parties w/ IdP. In Public Cloud … user establishes Public key certificate w/ svc, Private key used to sign SOAP request. - (3rd party) Allows users to be authenticated by certain
> 3rd
> RP Relying Parties
co-op sites, known as (RP) Relying Parties
ID provider provides the OPENID authentication, Exchange is enabled by browser used to communicate w/ RP / OPEN ID Provider - Are personal digital identities that people can use
> Mobil ID, 3rd
online. Does not require card reader, ie: mobile ID & 3rd party authentication
(3) users: IdP, RP, and Self
Which of the following early examples of cloud computing was used for software engineering purposes in the form of web-based applications and required interoperability between different systems?
A. Distributed Computing
B. Service-Oriented Architecture (SOA)
C. Virtual Private Networks (VPNs)
D. Desktop Virtualization
B. Service-Oriented Architecture (SOA)
Which of the following is a negative business impact of cloud computing?
A. It lowers the company’s overall application processing availability.
B. It is difficult to implement problem management.
C. It is more difficult to ensure policy compliance.
D. It slows down the company’s ability to deal with server capacity issues.
C. It is more difficult to ensure policy compliance.
A specific cloud deployment has been established specifically for financial services companies to consume.
Which of the following BEST describes this type of cloud environment?
A. Private cloud
B. Community cloud
C. Hybrid cloud
D. Public cloud
B. Community cloud
Least Privilege consists of (3) benefits?
Better svc (2)
1. Stability 2. Security 3. Ease of Deployment (saves steps)
What are the benefits of Least Privilege Access?
A. Better service stability, security, & ease of
Deployment
B. Better service stability, lower complexity, better
security, & ease of Deployment
C. Improved availability, lower risk, lower cost of
development, and deployment
D. It is mainly about the best service availability
A. Better service stability, security, & ease of
Deployment
How does the Role-Based Access Sec Grp work in the Cloud?
Security Grp acts as Virtual ____, Controls traffic on one/more ______, ______, _____ hosted in cloud.
SECURITY GROUP acts as
FW
services, instances, applications
Virtual FW & controls traffic of one/more services, instances, applications hosted in cloud
Like AD GPO
What does the Security Group use to collect :
______ Accts
______ Accts
Other _____ Accts into manageable units
User accts
System accts
Other Grp accts into manageable units.
How is the Security Group used?
When you launch ____, ____, ____, you associate one/more ____ _____s with _______. Like AD GPO.
When launch instance, container, application, you associated one/more Sec Groups with service.
*Like AD GPO
instance, container, application Security Groups (with) service.
