Chapter 3 Identity and Account management Flashcards
What is identity management?
Identity management refers to the process of managing and controlling user identities, including authentication, authorization, and access to resources.
What are the three components of authentication?
The three components of authentication are ID (identification), authentication (proving identity), and authorization (granting access rights).
What is the purpose of authorization in identity management?
Authorization determines what actions or resources a user is allowed to access or perform after they have been authenticated.
Define multifactor authentication.
Multifactor authentication is a security measure that requires users to provide multiple forms of identification or verification, such as a password and a fingerprint, to gain access to a system or resource.
What are the three factors of multifactor authentication?
The three factors of multifactor authentication are something you know (e.g., password), something you have (e.g., smart card), and something you are (e.g., biometric traits).
What is the purpose of salting in password storage?
Salting is the process of adding a random value to a password before hashing it, making it more difficult for attackers to use precomputed tables, such as rainbow tables, in password cracking.
What is a rainbow table in the context of password cracking?
A rainbow table is a precomputed table that contains a large number of hash values and their corresponding plaintext passwords, used in password cracking attacks to quickly find the original password from its hash.
What is the difference between authentication and authorization?
Authentication is the process of verifying the identity of a user, while authorization is the process of granting or denying access rights and privileges to authenticated users.
What is key stretching in password-based key derivation?
Key stretching is a technique used to increase the time and computational effort required to derive a cryptographic key from a password, making brute-force attacks more difficult.
What are attributes in multifactor authentication?
Attributes in multifactor authentication refer to additional characteristics or properties used for verification, such as a person’s typing speed or a trusted certificate from a recognized authority.
What is the purpose of multifactor authentication?
Multifactor authentication enhances security by requiring users to provide multiple forms of identification or verification to access a system or resource.
What are the three factors of multifactor authentication?
The three factors of multifactor authentication are something you know (e.g., password), something you have (e.g., mobile phone), and something you are (e.g., biometric trait).
What is the difference between enabled and enforced in multifactor authentication?
Enabled means that multifactor authentication is turned on for a user, but they have not yet experienced it. Enforced means that multifactor authentication is mandatory, and the user must actively use it during the sign-in process.
How can multifactor authentication be enabled for a Microsoft Azure user account?
In the Azure portal, go to Azure Active Directory > Users. Select the user account, click on Multifactor authentication, and enable it for the user by clicking the “Enable” button.
What are some alternate methods of authentication in multifactor authentication?
Alternate methods can include using the Microsoft Authenticator app, receiving a verification code via SMS text message, or using other factors like a smart card or biometric authentication.
How does multifactor authentication enhance security in the sign-in process?
Multifactor authentication adds an additional layer of security by requiring users to provide an extra verification factor, such as a code from their mobile phone, along with their username and password.
What is the purpose of accounting in identity management?
Accounting, also known as auditing, tracks and records the activities performed by authenticated users, providing an audit trail for security and compliance purposes.
How does multifactor authentication contribute to identity management?
Multifactor authentication is a crucial aspect of identity management as it helps verify and protect user identities, control access to resources, and maintain a secure and auditable environment.
What is the relationship between authentication and authorization?
Authentication is the process of verifying the identity of a user, device, or software component, while authorization determines the permissions and access rights that are granted to the authenticated entity.
What are resources in the context of authorization?
Resources refer to the targets or entities that have permissions assigned to them. This can include files on a file server, rows in a database table, web applications, or specific parts of a web application.
How does auditing relate to authorization?
Auditing is closely related to authorization as it involves tracking and recording the activities and access performed by authenticated users or entities. It provides accountability and helps in monitoring and reviewing resource usage.
How can you assign permissions to a virtual machine in Microsoft Azure for accessing storage?
In the Azure portal, go to the virtual machine properties, navigate to the Identity section, and enable a system-assigned managed identity for the virtual machine. Then, go to the storage account properties, access the Access Control (IAM) section, and add a role assignment for the virtual machine’s managed identity, such as “Storage Account Contributor.”
What is a managed identity in the context of Azure virtual machines?
A managed identity is an identity that is automatically provisioned and managed by Azure for a specific resource, such as a virtual machine. It allows the resource to authenticate itself to other Azure services and obtain access to resources based on the assigned permissions.
What is the purpose of role assignments in Azure IAM?
Role assignments in Azure Identity and Access Management (IAM) allow you to grant permissions to users, groups, or managed identities. Roles are collections of related permissions, and by assigning a role to a resource, you define what actions can be performed on that resource.