Chapter 3 Identity and Account management

Question 1

What is identity management?

Answer 1

Identity management refers to the process of managing and controlling user identities, including authentication, authorization, and access to resources.

Question 2

What are the three components of authentication?

Answer 2

The three components of authentication are ID (identification), authentication (proving identity), and authorization (granting access rights).

Question 3

What is the purpose of authorization in identity management?

Answer 3

Authorization determines what actions or resources a user is allowed to access or perform after they have been authenticated.

Question 4

Define multifactor authentication.

Answer 4

Multifactor authentication is a security measure that requires users to provide multiple forms of identification or verification, such as a password and a fingerprint, to gain access to a system or resource.

Question 5

What are the three factors of multifactor authentication?

Answer 5

The three factors of multifactor authentication are something you know (e.g., password), something you have (e.g., smart card), and something you are (e.g., biometric traits).

Question 6

What is the purpose of salting in password storage?

Answer 6

Salting is the process of adding a random value to a password before hashing it, making it more difficult for attackers to use precomputed tables, such as rainbow tables, in password cracking.

Question 7

What is a rainbow table in the context of password cracking?

Answer 7

A rainbow table is a precomputed table that contains a large number of hash values and their corresponding plaintext passwords, used in password cracking attacks to quickly find the original password from its hash.

Question 8

What is the difference between authentication and authorization?

Answer 8

Authentication is the process of verifying the identity of a user, while authorization is the process of granting or denying access rights and privileges to authenticated users.

Question 9

What is key stretching in password-based key derivation?

Answer 9

Key stretching is a technique used to increase the time and computational effort required to derive a cryptographic key from a password, making brute-force attacks more difficult.

Question 10

What are attributes in multifactor authentication?

Answer 10

Attributes in multifactor authentication refer to additional characteristics or properties used for verification, such as a person’s typing speed or a trusted certificate from a recognized authority.

Question 11

What is the purpose of multifactor authentication?

Answer 11

Multifactor authentication enhances security by requiring users to provide multiple forms of identification or verification to access a system or resource.

Question 12

What are the three factors of multifactor authentication?

Answer 12

The three factors of multifactor authentication are something you know (e.g., password), something you have (e.g., mobile phone), and something you are (e.g., biometric trait).

Question 13

What is the difference between enabled and enforced in multifactor authentication?

Answer 13

Enabled means that multifactor authentication is turned on for a user, but they have not yet experienced it. Enforced means that multifactor authentication is mandatory, and the user must actively use it during the sign-in process.

Question 14

How can multifactor authentication be enabled for a Microsoft Azure user account?

Answer 14

In the Azure portal, go to Azure Active Directory > Users. Select the user account, click on Multifactor authentication, and enable it for the user by clicking the “Enable” button.

Question 15

What are some alternate methods of authentication in multifactor authentication?

Answer 15

Alternate methods can include using the Microsoft Authenticator app, receiving a verification code via SMS text message, or using other factors like a smart card or biometric authentication.

Question 16

How does multifactor authentication enhance security in the sign-in process?

Answer 16

Multifactor authentication adds an additional layer of security by requiring users to provide an extra verification factor, such as a code from their mobile phone, along with their username and password.

Question 17

What is the purpose of accounting in identity management?

Answer 17

Accounting, also known as auditing, tracks and records the activities performed by authenticated users, providing an audit trail for security and compliance purposes.

Question 18

How does multifactor authentication contribute to identity management?

Answer 18

Multifactor authentication is a crucial aspect of identity management as it helps verify and protect user identities, control access to resources, and maintain a secure and auditable environment.

Question 19

What is the relationship between authentication and authorization?

Answer 19

Authentication is the process of verifying the identity of a user, device, or software component, while authorization determines the permissions and access rights that are granted to the authenticated entity.

Question 20

What are resources in the context of authorization?

Answer 20

Resources refer to the targets or entities that have permissions assigned to them. This can include files on a file server, rows in a database table, web applications, or specific parts of a web application.

Question 21

How does auditing relate to authorization?

Answer 21

Auditing is closely related to authorization as it involves tracking and recording the activities and access performed by authenticated users or entities. It provides accountability and helps in monitoring and reviewing resource usage.

Question 22

How can you assign permissions to a virtual machine in Microsoft Azure for accessing storage?

Answer 22

In the Azure portal, go to the virtual machine properties, navigate to the Identity section, and enable a system-assigned managed identity for the virtual machine. Then, go to the storage account properties, access the Access Control (IAM) section, and add a role assignment for the virtual machine’s managed identity, such as “Storage Account Contributor.”

Question 23

What is a managed identity in the context of Azure virtual machines?

Answer 23

A managed identity is an identity that is automatically provisioned and managed by Azure for a specific resource, such as a virtual machine. It allows the resource to authenticate itself to other Azure services and obtain access to resources based on the assigned permissions.

Question 24

What is the purpose of role assignments in Azure IAM?

Answer 24

Role assignments in Azure Identity and Access Management (IAM) allow you to grant permissions to users, groups, or managed identities. Roles are collections of related permissions, and by assigning a role to a resource, you define what actions can be performed on that resource.

Question 25

How does successful authentication relate to authorization in Microsoft Azure?

Answer 25

After successful authentication of a virtual machine in Azure, the authorization configuration determines the access permissions granted to that virtual machine. This allows the authenticated virtual machine to access the specified resources, such as a storage account, based on the assigned permissions.

Question 26

How does internal trust in Microsoft Azure contribute to the authentication and authorization process?

Answer 26

Internal trust within Microsoft Azure ensures that the authentication and authorization processes are secure and reliable. It establishes the trustworthiness of the virtual machine and allows it to be authenticated and granted access to resources based on the defined authorization configuration.

Question 27

What is accounting in IT security?

Answer 27

Accounting in IT security refers to the process of tracking and recording activity to provide visibility and accountability.

Question 28

Why is it important to have separate user accounts for auditing purposes?

Answer 28

Separate user accounts are important for auditing as they allow actions to be attributed to individual users, enabling better accountability and tracking of activity.

Question 29

What can be tracked and monitored through auditing in a Windows environment?

Answer 29

Auditing in a Windows environment can track resource access, logon attempts, system changes, and user behavior.

Question 30

How can auditing logs help identify potential security threats?

Answer 30

Auditing logs can help identify potential security threats by examining audit failures, unauthorized login attempts, and suspicious activity, providing insights into potential vulnerabilities or attacks.

Question 31

What are some best practices for securing virtual machines in the cloud?

Answer 31

Best practices for securing virtual machines in the cloud include avoiding public IP addresses, using VPNs or jump boxes, monitoring auditing logs, following security guidelines, implementing strong authentication, and regularly updating security measures.

Question 32

How does auditing contribute to environment hardening?

Answer 32

Auditing contributes to environment hardening by identifying vulnerabilities, monitoring and detecting security incidents, and guiding the implementation of security measures to protect against potential threats.

Question 33

What are common authentication methods?

Answer 33

Common authentication methods include usernames and passwords, one-time passwords (OTP), PKI certificates, smart cards, public key authentication, and biometrics.

Question 34

Why is it important to use unique and complex passwords?

Answer 34

Using unique and complex passwords for different resources is important to prevent unauthorized access. If one password is compromised, it won’t affect all other accounts.

Question 35

How can password managers help with authentication?

Answer 35

Password managers securely store and manage complex passwords, eliminating the need to remember them. They provide convenience and enhance security by generating and storing unique passwords for each resource.

Question 36

What is a one-time password (OTP)?

Answer 36

A one-time password is a unique passcode or passphrase generated for authentication and valid for a short period. It adds an extra layer of security, often used alongside usernames and passwords.

Question 37

What is a smart card and how does it contribute to authentication?

Answer 37

A smart card is a credit card-sized card containing embedded certificates for authentication. It verifies the identity of the cardholder and can be used for secure access to systems and physical locations.

Question 38

What is public key authentication?

Answer 38

Public key authentication involves using a private key and a corresponding public key stored on a server or device. It enhances security by requiring possession of the private key in addition to a username and password for authentication.

Question 39

What is biometric authentication?

Answer 39

Biometric authentication uses unique physical or behavioral characteristics of an individual, such as fingerprints, retinal scans, facial recognition, voice recognition, vein analysis, or gait analysis, to verify identity.

Question 40

What are some considerations when using biometric authentication?

Answer 40

Biometric authentication efficacy is measured by factors like false acceptance rate, false rejection rate, and crossover error rate. Imperfections in biometric systems can lead to incorrect matches or false rejections.

Question 41

What are credential policies used for?

Answer 41

Credential policies are used to determine access permissions for users, contractors, devices, or service accounts. They help control access to resources and manage privileged access.

Question 42

What is attribute-based access control (ABAC)?

Answer 42

Attribute-based access control is an access control scheme that uses the attributes of a user or device to determine their permissions. For example, access may be granted based on age, device type, or location.

Question 43

What is role-based access control (RBAC)?

Answer 43

Role-based access control is an access control scheme where permissions are assigned to roles, and users or devices are assigned to those roles. Users inherit the permissions associated with their assigned roles.

Question 44

What is rule-based access control (RBAC)?

Answer 44

Rule-based access control is an access control scheme that uses conditional access policies to determine access permissions. Access is granted if certain conditions, such as multifactor authentication or device type, are met.

Question 45

What is mandatory access control (MAC)?

Answer 45

Mandatory access control is an access control scheme that assigns labels to resources and uses policies to determine access based on security clearances. The operating system enforces access based on labels and clearances.

Question 46

What is discretionary access control (DAC)?

Answer 46

Discretionary access control is an access control scheme where permissions are set by the data custodian at their discretion. It allows users to control access to their resources based on their own permissions.

Question 47

What is physical access control?

Answer 47

Physical access control refers to controlling access to physical spaces, such as buildings, server rooms, and equipment racks. It involves measures like locks, access control systems, and security guards to protect physical resources.

Question 48

Why should password authentication protocol (PAP) be avoided?

Answer 48

Password Authentication Protocol (PAP) should be avoided because it sends credentials over the network in clear text, making it vulnerable to interception and unauthorized access.

Question 49

What is the purpose of Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)?

Answer 49

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a network authentication protocol that allows users to authenticate without transmitting their password over the network. It uses password hashing and challenges to verify user credentials.

Question 50

What is the difference between NTLM and NTLMv2?

Answer 50

NTLMv2 is an updated version of NTLM (LAN Manager), a network authentication protocol used on workgroup computers. NTLMv2 uses salted password hashes, making them more difficult to crack than unsalted hashes.

Question 51

Which network authentication protocol is used in Active Directory environments?

Answer 51

The Kerberos protocol is used in Active Directory environments for network authentication. It involves components such as the Key Distribution Center (KDC), Authentication Service (AS), Ticket Granting Service (TGS), and Ticket Granting Ticket (TGT).

Question 52

What is the Extensible Authentication Protocol (EAP) used for?

Answer 52

The Extensible Authentication Protocol (EAP) is a standardized framework used for network authentication. It allows for various authentication methods, such as certificates and smart cards, and ensures secure communication using protocols like TLS.

Question 53

What is IEEE 802.1X and how does it control network access?

Answer 53

: IEEE 802.1X is a port-based network access control protocol that limits network access by authenticating devices before granting them access. It works with network edge devices, such as switches, routers, and VPN concentrators, and uses a centralized authentication server (RADIUS) to handle authentication requests.

Question 54

What is the role of a RADIUS client and RADIUS supplicant?

Answer 54

The RADIUS client refers to the network edge point device, such as a switch or router, that initiates authentication requests to a centralized RADIUS server. The RADIUS supplicant is the user or device seeking network access, such as a smartphone or computer.

Question 55

Why is using a centralized authentication server, like RADIUS, preferred over storing credentials on network edge devices?

Answer 55

Storing credentials on network edge devices poses a security risk, as they have limited memory and can be compromised. Using a centralized authentication server, like RADIUS, provides better security and control over authentication processes.

Question 56

What is single sign-on (SSO)?

Answer 56

Single sign-on (SSO) is a mechanism that allows users to authenticate once and gain access to multiple systems or applications without having to re-enter their credentials. It improves user experience and reduces the need to remember multiple usernames and passwords.

Question 57

What are OpenID and OAuth used for?

Answer 57

OpenID and OAuth are protocols used for identity management and enabling single sign-on. OpenID allows users to use a single set of credentials to access multiple websites, while OAuth allows users to grant permissions to third-party applications without sharing their credentials.

Question 58

What is Identity Federation?

Answer 58

Identity Federation is a concept where multiple resource providers or websites trust a centralized identity provider (IDP) for authentication. The IDP, such as Google or Facebook, authenticates the user and issues a digital security token (e.g., SAML token) that can be used to access trusted resources without the need for separate authentication.

Question 59

What is a Security Assertion Markup Language (SAML) token?

Answer 59

A Security Assertion Markup Language (SAML) token is a digitally signed authentication token issued by an identity provider (IDP) in an identity federation environment. It serves as proof of identity and is passed from the IDP to the resource provider to grant access to resources.

Question 60

What are some examples of identity providers (IDPs) used in Identity Federation?

Answer 60

Examples of identity providers (IDPs) used in Identity Federation include Google, Facebook, Twitter, and on-premises solutions like Microsoft Active Directory Federation Services (ADFS). These IDPs act as centralized trusted sources for authentication and enable single sign-on across multiple applications or websites.

Question 61

What are some commonly used protocols within Identity Federation?

Answer 61

Some commonly used protocols within Identity Federation include OpenID, OAuth, and SAML. OpenID enables users to use a single set of credentials across different websites, OAuth allows users to grant access to their resources without sharing credentials, and SAML provides a standard format for exchanging authentication and authorization data between the identity provider and resource provider.