Cloud IAM

Question 1

Someone or something that has an identity

Answer 1

An Entity

Question 2

A unique expression of an entity within a given environment. When you log into a work system, your username would be your identity.

Answer 2

An Identity

Question 3

A cryptographic token in a digital environment that identifies an identity (such as a user) to an application or service. Windows systems, for example, use a security identifier (SID) to identify users. In real life, an identifier could be a passport.

Answer 3

An Identifier

Question 4

A facet (aspect) of an identity; anything about the identity and the connection itself. An attribute could be static (group membership, organizational unit) or highly dynamic (IP address used for your connection, your physical location). For example, if you log on with multifactor authentication, an attribute could be used to determine the permissions granted to your access (attribute-based access control).

Answer 4

An Attribute

Question 5

Your Identity and attributes in a specific situation

Answer 5

A Persona

Question 6

1. A temporary credential that is inherited by a system within a cloud environment. 2. A part of federation; how your group membership within your company is granted entitlements in your Infrastructure as a Service (IaaS) provider. 3. The job you perform at work.

Answer 6

A Role

Question 7

The process of confirming your identity.

Answer 7

Authentication

Question 8

The three factors in authentication: something you know, something you have, and something you are.

Answer 8

Multifactor authentication (MFA)

Question 9

A control that restricts access to a resource. This is the “access management” portion of IAM.

Answer 9

Access control

Question 10

Logging and monitoring capabilities.

Answer 10

Accounting (IAM)

Question 11

The ability to allow an identity to do something. The hotel key you get after authorization allows you to access your room, the gym, laundry, and so on. In an IT analogy, you are authorized to access a file or system.

Answer 11

Authorization (Authz)

Question 12

The permissions you have to something. The CSA uses the term “entitlements” rather than “permissions,” but the meaning is the same. Entitlements determine what an identity is allowed to do by mapping an identity to an authorization. These can (and should) be documented as an entitlement matrix.

Answer 12

Entitlement

Question 13

A token or ticket system used to authorize a user rather than having the user sign on to individual systems in a domain. Kerberos is an example of SSO in a Windows environment.

Answer 13

Single-sign-on (SSO)

Question 14

A key enabler of SSO across different systems that enables the action of authenticating locally and authorizing remotely.

Answer 14

Federated identity management

Question 15

The “root” source of an identity. A common example of this is a directory server (such as Active Directory). Alternatively, the payroll system could be the true authoritative source.

Answer 15

Authoritative source

Question 16

The party that manages the identities and creates the identity assertions used in federation.

Answer 16

Identity provider

Question 17

The system that consumes identity assertions from the identity provider. This is sometimes referred to as a “service provider.”

Answer 17

Relying party

Question 18

standard for federated identity management supports both authentication and authorization. Assertions are based on XML and are used between an identity provider and a relying party. These assertions can contain authentication, attribute, and authorization statements. SAML is widely supported by many cloud providers and many enterprise tools as a result.

Answer 18

Security Assertion Markup Language (SAML)

Question 19

This IETF authorization standard is widely used for web and consumer services.
is most often used for delegating access control and authorization (delegated authorization) between services.

Answer 19

OAuth

Question 20

his standard for federated authentication is well supported for web services. It runs over HTTP with URLS to identify providers. is commonly seen in consumer services such as logging in to web sites.

Answer 20

OpenID

Question 21

his is the standard for defining attribute-based access controls and authorizations.
is a policy language for defining access controls at a policy decision point (PDP) and passing them to a policy enforcement point (PEP).

Answer 21

eXtensible Access Control Markup Language (XACML)

Question 22

This standard deals with exchanging identity information between domains.
It is used for provisioning and deprovisioning accounts in external systems and exchanging attribute information.

Answer 22

System for Cross-domain Identity Management (SCIM)