CIAM-IAM Implementation Considerations

Question 1

The AAA identity and access management model is a framework which is embedded into the digital identity and access management world to manage access to assets and maintain system security. AAA stands for A__________, A__________, and A__________.

Answer 1

AAA stands for Authentication, Authorization, and Accounting.

Question 2

4 Primary types of authentication methods

Answer 2

1. Static passwords which remain active until they are changed or expired
2. One-time password (OTP) such as codes delivered thorough SMS texts or tokens used for each access session
3. Digital certificate
4. Biometric credential

Question 3

What is Multi-Factor Authentication (MFA)

Answer 3

It is combining more than one of these categories

1. Something you know such has a password
2. Something you have such as a key fob or cell phone; and
3. Something you are such as your finger prints, voice, hand geometry, etc also called “biometrics authentications.”

Question 4

Any authorization beyond normal job functions opens the door for either accidental or malicious violations of security objectives; CIA

Answer 4

Confidentiality, Integrity, and Availability

Question 5

The Principle of Least Privilege requires that users, processes, programs, and devices must only be granted…

Answer 5

…sufficient access necessary to perform their required functions, and nothing more

The principle of least privilege must be applied at all times until it is time to temporarily escalate access when warranted by business requirements.

Question 6

In order to be effective in IAM accounting, generic and shared accounts must be

Answer 6

avoided so that the actions of each individual can be accounted for

Question 7

The Principle of Least Privilege

Answer 7

The principle of least privilege applies to Authorization in the AAA identity and access management model.