Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCSK Certification > Domain 12 - Identity, Entitlement, and Access Management > Flashcards

Domain 12 - Identity, Entitlement, and Access Management Flashcards

1
Q

How is IAM different in the cloud?

A
  1. Involvement of multiple organizations in the IAM process - i.e. cloud provider and cloud user.
  2. Use of Federation to manage hundreds of clouds (Federation at scale)
  3. Differences between cloud providers and platforms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is XACML?

A
  • Extensible Access Control Markup Language
    Policy language for defining access controls at a Policy Decision Point and passing them to a Policy Enforcement Point.
    -Used with SAML and OAuth
  • AWS has its own JSON based policy language; we don’t use XACML.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the two architectures for managing identity providers and service provider relationships?

A
  1. Hub & Spoke model - a broker is used to negotiate between multiple authoritative identity providers and service providers.
  2. Free Form - each service provider connects to all the identity providers in a full-mesh network.

The user of brokers means that internal IdPs don’t need to be exposed to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are key architectural decision regarding IAM that enterprises have to make?

A
  • What kind of architecture to use?
  • What is the provisioning process for new users and how to integrate that process with the use of cloud?
  • How to integrate new cloud services into the IAM infrastructure? - e.g. new federation connections
  • Managing identity lifecycle - registration/creation, provisioning, change, deletion/deregistration.
  • Managing entitlements
  • What standards to support (SAML? OAuth? OIDC?).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is authentication and who is responsible for it?

A
  • AuthN is the process of proving or confirming an identity.
  • The Identity Provider is responsible for AuthN.
  • When using MFA, the MFA status is passed by the IdP to the relying party as an attribute.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s Authorization, Access Control and Entitlement?

A
  • Authorization is permission to do something - e.g. access a file
  • Access Control - allows or denies an expression of that authorization. It may involve ensuring that the user is authenticated before allowing access.
  • Entitlement - maps identities to authorizations (who is allowed to do what?).

Cloud providers responsible for Authorization and Access Control
Cloud user responsible for Entitlement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How does cloud affect Auth, Access Control and Entitlement?

A
  • Cloud platform specific authorization language
  • Cloud provider responsible for Auth and Access Control
  • Cloud user responsible for Entitlement
  • User of RBAC and ABAC
  • Cloud Provider must provide ABAC and granular policy definitions and controls
  • User of Federation for AuthN.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CCSK Certification (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions