Chapter 4 Identity and Account Management

Question 1

What is identity management in IT security?

Answer 1

Identity management involves processes like authentication and authorization to ensure that only authorized users have access to network resources.

Question 2

What are the three parts of authentication?

Answer 2

Identification, Authentication, and Authorization.

Question 3

What is the role of identification in authentication?

Answer 3

Identification involves identifying the user, typically through a username.

Question 4

What is authentication in the context of IT security?

Answer 4

Authentication is the process of verifying a user’s identity, usually through a password or other credential.

Question 5

What does authorization determine?

Answer 5

Authorization determines what actions or resources an authenticated user is allowed to access.

Question 6

What is an example of identification in a theater ticket scenario?

Answer 6

Using a driver’s license or a confirmation number to prove identity when picking up tickets.

Question 7

What is multi-factor authentication (MFA)?

Answer 7

MFA uses more than one factor or attribute to authenticate a user, making it more secure.

Question 8

What are the three main factors in multi-factor authentication?

Answer 8

Something you know (password), something you have (smart card), and something you are (fingerprint).

Question 9

What is an example of “something you know” in MFA?

Answer 9

A password or a PIN code.

Question 10

What is an example of “something you have” in MFA?

Answer 10

A smart card or an RSA token.

Question 11

What is an example of “something you are” in MFA?

Answer 11

Biometric data like a fingerprint or facial recognition.

Question 12

What are attributes in the context of MFA?

Answer 12

Attributes are specific factors used in MFA, such as something you can do (signature), something you exhibit (typing speed), someone you know (trust), and somewhere you are (location).

Question 13

How is “somewhere you are” used in authentication?

Answer 13

Location-based authentication, such as using a credit card zip code verification at a gas station.

Question 14

What is the importance of multi-factor authentication in identity management?

Answer 14

MFA enhances security by requiring multiple forms of verification, making it harder for unauthorized users to gain access.

Question 15

Why is understanding MFA important for the Security+ exam?

Answer 15

MFA is a critical concept in IT security, and understanding its factors and attributes is essential for passing the Security+ exam.

Question 16

What can be a sign of a bad actor having access to your password?

Answer 16

Unusual login attempts from different locations or unexpected changes in account settings.

Question 17

What is a practical example of “someone you know” in authentication?

Answer 17

Trusting a server’s certificate issued by a known and trusted Certificate Authority like VeriSign.

Question 18

How does “something you exhibit” work in authentication?

Answer 18

Using behavioral attributes like typing speed as part of the authentication process.

Question 19

What are the four components of identity management in IT security?

Answer 19

Identification, Authentication, Authorization, and Accounting.

Question 20

What is accounting in the context of identity management?

Answer 20

Accounting, also known as auditing, involves tracking and recording the activities of authenticated users to ensure accountability.

Question 21

How does multi-factor authentication (MFA) relate to identification?

Answer 21

MFA strengthens identification by requiring additional factors beyond just a username to verify a user’s identity.

Question 22

How does authorization work after successful authentication?

Answer 22

Authorization determines the permissions and access rights a user has once they have been successfully authenticated.

Question 23

What is the first step to enable MFA for a Microsoft Azure user account?

Answer 23

Open the Microsoft Azure portal and navigate to Azure Active Directory.

Question 24

How do you access user accounts in Azure Active Directory?

Answer 24

Click on “Users” in the left-hand navigator to see a list of user accounts created in Azure AD.

Question 25

What is the difference between “enabled” and “enforced” MFA in Azure AD?

Answer 25

Enabled” means MFA is turned on but not actively used by the user yet. “Enforced” means the user has signed in using MFA.

Question 26

What happens the first time a user signs in after MFA is enabled?

Answer 26

The user is prompted to provide additional authentication details, such as setting up the Microsoft Authenticator app or receiving an SMS code.

Question 27

What are the two methods a user can choose for the second factor in MFA during sign-in?

Answer 27

The Microsoft Authenticator app or receiving an SMS text message with a code.

Question 28

How does receiving an SMS code for MFA work?

Answer 28

The user provides their phone number, receives a six-digit code via SMS, and enters the code during sign-in to authenticate.

Question 29

What is multi-factor authentication (MFA)?

Answer 29

MFA is a security process that requires more than one method of authentication from independent categories of credentials to verify the user’s identity.

Question 30

What does “something you know” refer to in MFA?

Answer 30

Something you know” refers to information like a password or PIN.

Question 31

What does “something you have” refer to in MFA?

Answer 31

Something you have” refers to physical objects like a smartphone, smart card, or RSA token

Question 32

What does “something you are” refer to in MFA?

Answer 32

Something you are” refers to biometric attributes like fingerprints or facial recognition.

Question 33

How does MFA improve security compared to single-factor authentication?

Answer 33

MFA improves security by requiring multiple forms of verification, making it more difficult for unauthorized users to gain access.

Question 34

How does accounting enhance security in identity management?

Answer 34

Accounting enhances security by providing a record of user activities, which can be audited to detect and respond to suspicious behavior.

Question 35

What is accounting in the context of identity management?

Answer 35

Accounting, also known as auditing, involves tracking and recording the activities of authenticated users to ensure accountability.

Question 36

Why is it important to have separate user accounts for auditing purposes?

Answer 36

Separate user accounts help track individual actions and identify who did what, which is essential for accurate auditing.

Question 37

What types of activities can be audited in an IT environment?

Answer 37

Activities like file access, database changes, VPN logins, failed login attempts, and data modifications can be audited.

Question 38

How can auditing help in detecting security incidents?

Answer 38

Auditing can detect abnormal activities, such as unusual login times or multiple failed login attempts, which may indicate security breaches.

Question 39

What is the importance of monitoring failed logon attempts?

Answer 39

Monitoring failed logon attempts can help identify potential brute force attacks and other unauthorized access attempts.

Question 40

: How can auditing verify the integrity of sensitive data?

Answer 40

Auditing, combined with hashing, can track changes to sensitive data and identify who made the changes and when.

Question 41

What is the purpose of using the Event Viewer in Windows?

Answer 41

The Event Viewer allows administrators to view and analyze security logs, including audit successes and failures, to monitor system activities.

Question 42

What information can be found in a Windows security audit failure log?

Answer 42

Information such as the time of the failed attempt, the account name used, the IP address of the source, and the reason for the failure can be found.

Question 43

Why should a virtual machine in the cloud not have a public IP address unless necessary?

Answer 43

Having a public IP address can expose the virtual machine to internet-based attacks, such as brute force login attempts.

Question 44

What are some alternative methods to manage a virtual machine without a public IP?

Answer 44

Alternatives include using a VPN connection to the cloud, or a jump box to connect from a public IP to the private IP of the VM.

Question 45

What is user behavior analytics in the context of auditing?

Answer 45

User behavior analytics involves monitoring and analyzing user actions to detect abnormal behaviors that may indicate security threats.

Question 46

How does auditing support compliance and security policies?

Answer 46

Auditing ensures that user activities are recorded and reviewed, supporting compliance with security policies and regulatory requirements.

Question 47

What might a failed login attempt from an unknown IP address indicate?

Answer 47

A failed login attempt from an unknown IP address may indicate an unauthorized access attempt or an ongoing attack.

Question 48

What is the significance of knowing the workstation name in an audit log?

Answer 48

Knowing the workstation name can help identify the source of an attack, especially if the attack is coming from a specific machine.

Question 49

Why is it important to monitor and review audit logs regularly?

Answer 49

Regular monitoring and review of audit logs help identify and respond to security incidents promptly, ensuring the security of the system.

Question 50

What are credential policies used for in access control?

Answer 50

Credential policies determine who gets access to what resources, including internal employees, contractors, devices, and service accounts.

Question 51

What is a service account?

Answer 51

A service account is a non-human account used to assign permissions to a software component or resource.

Question 52

What is privileged access management (PAM)?

Answer 52

PAM is the process of controlling and monitoring access for administrative accounts and root accounts to ensure they have access to items not normally accessible by regular user accounts.

Question 53

What is Attribute-Based Access Control (ABAC)?

Answer 53

ABAC determines permissions based on user or device attributes, such as age, device type, or location.

Question 54

What is Role-Based Access Control (RBAC)?

Answer 54

RBAC assigns permissions to users based on their roles, where a role is a collection of related permissions.

Question 55

What is Rule-Based Access Control (RBAC2)?

Answer 55

RBAC2 uses conditional access policies, where access is granted only if certain conditions are met, such as using MFA or accessing from a specific location.

Question 56

What is Mandatory Access Control (MAC)?

Answer 56

MAC assigns labels to resources and security clearances, with the operating system enforcing access based on these labels and policies.

Question 57

What is Discretionary Access Control (DAC)?

Answer 57

DAC allows users to set permissions on files or folders at their discretion, often aligning with policies set by the data owner.

Question 58

What is Physical Access Control?

Answer 58

Physical Access Control involves controlling access to physical spaces, such as buildings and server rooms, using methods like locked doors, security guards, and access control vestibules.

Question 59

Why is it important to use unique and complex passwords for different resources?

Answer 59

Using unique and complex passwords prevents a single compromised password from granting access to multiple resources.

Question 60

What is the role of a password manager?

Answer 60

A password manager securely stores and manages passwords for different accounts, allowing users to use strong, unique passwords without having to remember them all.

Question 61

How do one-time passwords (OTPs) enhance security?

Answer 61

OTPs provide an additional layer of security by requiring a unique, temporary password for each login session, making it harder for attackers to gain access.

Question 62

What is a time-based one-time password (ToTP)?

Answer 62

A ToTP is a one-time password that is only valid for a short period, typically 30 seconds, providing additional security.

Question 63

What is an HMAC-based one-time password (HOTP)?

Answer 63

An HOTP uses a cryptographic hash function and a secret key to generate a one-time password, ensuring its authenticity.

Question 64

What is the purpose of a PKI certificate in authentication?

Answer 64

A PKI certificate is a digital certificate issued by a trusted authority that proves the identity of a user, device, or software component.

Question 65

What is a smart card used for in authentication?

Answer 65

A smart card contains embedded certificates or keys and is used for authentication, often in combination with a PIN or password.

Question 66

How does SSH public key authentication work?

Answer 66

SSH public key authentication uses a public key stored on the server and a private key kept by the user, providing secure access to systems.

Question 67

What are some examples of biometric authentication factors?

Answer 67

Examples include fingerprint scans, retinal scans, facial recognition, voice recognition, and gait analysis.

Question 68

What is multi-factor authentication (MFA)?

Answer 68

MFA is a security process that requires multiple forms of verification from different categories of authentication factors to prove identity.

Question 69

What is the importance of using multi-factor authentication?

Answer 69

MFA enhances security by requiring multiple forms of verification, making it more difficult for unauthorized users to gain access.

Question 70

What is a common access card (CAC)?

Answer 70

A CAC is a multifunctional card used for identification, access to secure areas, and logging into computer systems.

Question 71

What are the advantages of using a password manager?

Answer 71

A password manager allows for the use of complex, unique passwords for each account, reducing the risk of password compromise.

Question 72

Why is it important to consider both digital and physical access control?

Answer 72

Ensuring both digital and physical access control helps protect resources from unauthorized access and potential security breaches.

Question 73

How do conditional access policies work in rule-based access control (RBAC2)?

Answer 73

Conditional access policies require specific conditions to be met, such as using MFA or accessing from a certain location, before granting access to resources.

Question 74

What are the key components of identity management systems?

Answer 74

Authentication, authorization, network authentication protocols (like Kerberos), and centralized identity providers

Question 75

What is single sign-on (SSO)?

Answer 75

SSO allows users to authenticate once and gain access to multiple applications without re-entering credentials.

Question 76

Which protocols are commonly used to enable single sign-on?

Answer 76

OpenID and OAuth.

Question 77

What is OAuth?

Answer 77

OAuth is an open authorization framework that allows third-party services to exchange user information without exposing credentials.

Question 78

How does OAuth work in practice?

Answer 78

Users can sign in to websites using credentials from trusted identity providers (like Google) instead of creating new accounts.

Question 79

What is Identity Federation?

Answer 79

Identity Federation allows multiple resource providers (like websites) to trust a single centralized identity provider (IDP) for authentication.

Question 80

What are common identity providers (IDPs)?

Answer 80

Google, Facebook, Twitter, or an on-premises Active Directory domain controller.

Question 81

What is SAML and what does it stand for?

Answer 81

SAML stands for Security Assertion Markup Language, and it is used for exchanging authentication and authorization data between parties.

Question 82

How does the SAML authentication process work?

Answer 82

User connects to a web app.
Web app redirects user to the identity provider (IDP).
User authenticates with the IDP.
IDP issues a SAML token.
User sends the SAML token to the web app.
Web app grants access based on the trusted SAML token.

Question 83

What role does a SAML token play in identity management?

Answer 83

A SAML token is a digital security token that proves the user’s identity and is trusted by the resource provider.

Question 84

Name a few on-premises products that support identity federation.

Answer 84

Microsoft Active Directory Federation Services (ADFS) and Shibboleth.

Question 85

How does single sign-on enhance user convenience?

Answer 85

It eliminates the need to remember multiple sets of credentials and allows seamless access to multiple applications after initial authentication.