Chapter 4 Identity and Account Management Flashcards

1
Q

What is identity management in IT security?

A

Identity management involves processes like authentication and authorization to ensure that only authorized users have access to network resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three parts of authentication?

A

Identification, Authentication, and Authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the role of identification in authentication?

A

Identification involves identifying the user, typically through a username.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is authentication in the context of IT security?

A

Authentication is the process of verifying a user’s identity, usually through a password or other credential.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does authorization determine?

A

Authorization determines what actions or resources an authenticated user is allowed to access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is an example of identification in a theater ticket scenario?

A

Using a driver’s license or a confirmation number to prove identity when picking up tickets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is multi-factor authentication (MFA)?

A

MFA uses more than one factor or attribute to authenticate a user, making it more secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the three main factors in multi-factor authentication?

A

Something you know (password), something you have (smart card), and something you are (fingerprint).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an example of “something you know” in MFA?

A

A password or a PIN code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an example of “something you have” in MFA?

A

A smart card or an RSA token.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is an example of “something you are” in MFA?

A

Biometric data like a fingerprint or facial recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are attributes in the context of MFA?

A

Attributes are specific factors used in MFA, such as something you can do (signature), something you exhibit (typing speed), someone you know (trust), and somewhere you are (location).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How is “somewhere you are” used in authentication?

A

Location-based authentication, such as using a credit card zip code verification at a gas station.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the importance of multi-factor authentication in identity management?

A

MFA enhances security by requiring multiple forms of verification, making it harder for unauthorized users to gain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is understanding MFA important for the Security+ exam?

A

MFA is a critical concept in IT security, and understanding its factors and attributes is essential for passing the Security+ exam.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can be a sign of a bad actor having access to your password?

A

Unusual login attempts from different locations or unexpected changes in account settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a practical example of “someone you know” in authentication?

A

Trusting a server’s certificate issued by a known and trusted Certificate Authority like VeriSign.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How does “something you exhibit” work in authentication?

A

Using behavioral attributes like typing speed as part of the authentication process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the four components of identity management in IT security?

A

Identification, Authentication, Authorization, and Accounting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is accounting in the context of identity management?

A

Accounting, also known as auditing, involves tracking and recording the activities of authenticated users to ensure accountability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How does multi-factor authentication (MFA) relate to identification?

A

MFA strengthens identification by requiring additional factors beyond just a username to verify a user’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

How does authorization work after successful authentication?

A

Authorization determines the permissions and access rights a user has once they have been successfully authenticated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the first step to enable MFA for a Microsoft Azure user account?

A

Open the Microsoft Azure portal and navigate to Azure Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do you access user accounts in Azure Active Directory?

A

Click on “Users” in the left-hand navigator to see a list of user accounts created in Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is the difference between “enabled” and “enforced” MFA in Azure AD?

A

Enabled” means MFA is turned on but not actively used by the user yet. “Enforced” means the user has signed in using MFA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What happens the first time a user signs in after MFA is enabled?

A

The user is prompted to provide additional authentication details, such as setting up the Microsoft Authenticator app or receiving an SMS code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the two methods a user can choose for the second factor in MFA during sign-in?

A

The Microsoft Authenticator app or receiving an SMS text message with a code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How does receiving an SMS code for MFA work?

A

The user provides their phone number, receives a six-digit code via SMS, and enters the code during sign-in to authenticate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is multi-factor authentication (MFA)?

A

MFA is a security process that requires more than one method of authentication from independent categories of credentials to verify the user’s identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What does “something you know” refer to in MFA?

A

Something you know” refers to information like a password or PIN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does “something you have” refer to in MFA?

A

Something you have” refers to physical objects like a smartphone, smart card, or RSA token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does “something you are” refer to in MFA?

A

Something you are” refers to biometric attributes like fingerprints or facial recognition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

How does MFA improve security compared to single-factor authentication?

A

MFA improves security by requiring multiple forms of verification, making it more difficult for unauthorized users to gain access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

How does accounting enhance security in identity management?

A

Accounting enhances security by providing a record of user activities, which can be audited to detect and respond to suspicious behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is accounting in the context of identity management?

A

Accounting, also known as auditing, involves tracking and recording the activities of authenticated users to ensure accountability.

36
Q

Why is it important to have separate user accounts for auditing purposes?

A

Separate user accounts help track individual actions and identify who did what, which is essential for accurate auditing.

37
Q

What types of activities can be audited in an IT environment?

A

Activities like file access, database changes, VPN logins, failed login attempts, and data modifications can be audited.

38
Q

How can auditing help in detecting security incidents?

A

Auditing can detect abnormal activities, such as unusual login times or multiple failed login attempts, which may indicate security breaches.

39
Q

What is the importance of monitoring failed logon attempts?

A

Monitoring failed logon attempts can help identify potential brute force attacks and other unauthorized access attempts.

40
Q

: How can auditing verify the integrity of sensitive data?

A

Auditing, combined with hashing, can track changes to sensitive data and identify who made the changes and when.

41
Q

What is the purpose of using the Event Viewer in Windows?

A

The Event Viewer allows administrators to view and analyze security logs, including audit successes and failures, to monitor system activities.

42
Q

What information can be found in a Windows security audit failure log?

A

Information such as the time of the failed attempt, the account name used, the IP address of the source, and the reason for the failure can be found.

43
Q

Why should a virtual machine in the cloud not have a public IP address unless necessary?

A

Having a public IP address can expose the virtual machine to internet-based attacks, such as brute force login attempts.

44
Q

What are some alternative methods to manage a virtual machine without a public IP?

A

Alternatives include using a VPN connection to the cloud, or a jump box to connect from a public IP to the private IP of the VM.

45
Q

What is user behavior analytics in the context of auditing?

A

User behavior analytics involves monitoring and analyzing user actions to detect abnormal behaviors that may indicate security threats.

46
Q

How does auditing support compliance and security policies?

A

Auditing ensures that user activities are recorded and reviewed, supporting compliance with security policies and regulatory requirements.

47
Q

What might a failed login attempt from an unknown IP address indicate?

A

A failed login attempt from an unknown IP address may indicate an unauthorized access attempt or an ongoing attack.

48
Q

What is the significance of knowing the workstation name in an audit log?

A

Knowing the workstation name can help identify the source of an attack, especially if the attack is coming from a specific machine.

49
Q

Why is it important to monitor and review audit logs regularly?

A

Regular monitoring and review of audit logs help identify and respond to security incidents promptly, ensuring the security of the system.

50
Q

What are credential policies used for in access control?

A

Credential policies determine who gets access to what resources, including internal employees, contractors, devices, and service accounts.

51
Q

What is a service account?

A

A service account is a non-human account used to assign permissions to a software component or resource.

52
Q

What is privileged access management (PAM)?

A

PAM is the process of controlling and monitoring access for administrative accounts and root accounts to ensure they have access to items not normally accessible by regular user accounts.

53
Q

What is Attribute-Based Access Control (ABAC)?

A

ABAC determines permissions based on user or device attributes, such as age, device type, or location.

54
Q

What is Role-Based Access Control (RBAC)?

A

RBAC assigns permissions to users based on their roles, where a role is a collection of related permissions.

55
Q

What is Rule-Based Access Control (RBAC2)?

A

RBAC2 uses conditional access policies, where access is granted only if certain conditions are met, such as using MFA or accessing from a specific location.

56
Q

What is Mandatory Access Control (MAC)?

A

MAC assigns labels to resources and security clearances, with the operating system enforcing access based on these labels and policies.

57
Q

What is Discretionary Access Control (DAC)?

A

DAC allows users to set permissions on files or folders at their discretion, often aligning with policies set by the data owner.

58
Q

What is Physical Access Control?

A

Physical Access Control involves controlling access to physical spaces, such as buildings and server rooms, using methods like locked doors, security guards, and access control vestibules.

59
Q

Why is it important to use unique and complex passwords for different resources?

A

Using unique and complex passwords prevents a single compromised password from granting access to multiple resources.

60
Q

What is the role of a password manager?

A

A password manager securely stores and manages passwords for different accounts, allowing users to use strong, unique passwords without having to remember them all.

61
Q

How do one-time passwords (OTPs) enhance security?

A

OTPs provide an additional layer of security by requiring a unique, temporary password for each login session, making it harder for attackers to gain access.

62
Q

What is a time-based one-time password (ToTP)?

A

A ToTP is a one-time password that is only valid for a short period, typically 30 seconds, providing additional security.

63
Q

What is an HMAC-based one-time password (HOTP)?

A

An HOTP uses a cryptographic hash function and a secret key to generate a one-time password, ensuring its authenticity.

64
Q

What is the purpose of a PKI certificate in authentication?

A

A PKI certificate is a digital certificate issued by a trusted authority that proves the identity of a user, device, or software component.

65
Q

What is a smart card used for in authentication?

A

A smart card contains embedded certificates or keys and is used for authentication, often in combination with a PIN or password.

66
Q

How does SSH public key authentication work?

A

SSH public key authentication uses a public key stored on the server and a private key kept by the user, providing secure access to systems.

67
Q

What are some examples of biometric authentication factors?

A

Examples include fingerprint scans, retinal scans, facial recognition, voice recognition, and gait analysis.

68
Q

What is multi-factor authentication (MFA)?

A

MFA is a security process that requires multiple forms of verification from different categories of authentication factors to prove identity.

69
Q

What is the importance of using multi-factor authentication?

A

MFA enhances security by requiring multiple forms of verification, making it more difficult for unauthorized users to gain access.

70
Q

What is a common access card (CAC)?

A

A CAC is a multifunctional card used for identification, access to secure areas, and logging into computer systems.

71
Q

What are the advantages of using a password manager?

A

A password manager allows for the use of complex, unique passwords for each account, reducing the risk of password compromise.

72
Q

Why is it important to consider both digital and physical access control?

A

Ensuring both digital and physical access control helps protect resources from unauthorized access and potential security breaches.

73
Q

How do conditional access policies work in rule-based access control (RBAC2)?

A

Conditional access policies require specific conditions to be met, such as using MFA or accessing from a certain location, before granting access to resources.

74
Q

What are the key components of identity management systems?

A

Authentication, authorization, network authentication protocols (like Kerberos), and centralized identity providers

75
Q

What is single sign-on (SSO)?

A

SSO allows users to authenticate once and gain access to multiple applications without re-entering credentials.

76
Q

Which protocols are commonly used to enable single sign-on?

A

OpenID and OAuth.

77
Q

What is OAuth?

A

OAuth is an open authorization framework that allows third-party services to exchange user information without exposing credentials.

78
Q

How does OAuth work in practice?

A

Users can sign in to websites using credentials from trusted identity providers (like Google) instead of creating new accounts.

79
Q

What is Identity Federation?

A

Identity Federation allows multiple resource providers (like websites) to trust a single centralized identity provider (IDP) for authentication.

80
Q

What are common identity providers (IDPs)?

A

Google, Facebook, Twitter, or an on-premises Active Directory domain controller.

81
Q

What is SAML and what does it stand for?

A

SAML stands for Security Assertion Markup Language, and it is used for exchanging authentication and authorization data between parties.

82
Q

How does the SAML authentication process work?

A

User connects to a web app.
Web app redirects user to the identity provider (IDP).
User authenticates with the IDP.
IDP issues a SAML token.
User sends the SAML token to the web app.
Web app grants access based on the trusted SAML token.

83
Q

What role does a SAML token play in identity management?

A

A SAML token is a digital security token that proves the user’s identity and is trusted by the resource provider.

84
Q

Name a few on-premises products that support identity federation.

A

Microsoft Active Directory Federation Services (ADFS) and Shibboleth.

85
Q

How does single sign-on enhance user convenience?

A

It eliminates the need to remember multiple sets of credentials and allows seamless access to multiple applications after initial authentication.

86
Q
A