Domain 5, IAM

Question 1

What is a two way trust?

Answer 1

Trust flows in both directions bewteen two domains.

Question 2

In Kerberos, what grants ticket granting tickets?

Answer 2

Authentication service via the KDC

Question 3

In Kerberos, what does the authentication service do?

Answer 3

Issues ticket granting tickets.

Question 4

Which federated ID management is a protocol for exchanging authentication between domains?

Answer 4

SAML

Question 5

Which federated ID management is an HTTP service?

Answer 5

OAUTH

Question 6

Which identity assurance level is the most strict?

Answer 6

IAL 3

Question 7

What is the FICAM Roadmap concerned with?

Answer 7

Provisioning and de-provisioning process

Question 8

What are the procedures of the provisioning and de-provisioning process

Answer 8

Provision a user account and apply user permissions - user request, owner validate, app admin create account, notify
Modify user permissions - user request, resource owner validate, app admin modify, notify
Deprovision user account and end user permissions - resource owner notification, app admin removal

Question 9

What is a shortcut trust?

Answer 9

A trust that is explicitly defined in addition to the trust relationships already created between domains in a forest.

Question 10

What are four types of domain trusts?

Answer 10

One way
Two Way
Short cut
External

Question 11

What are the parts to IDaaS?

Answer 11

IGA - identity governance and administration - provisioning of users to cloud applications and password reset functionality
Access - user authentication, SSO, authorization, federation
Intelligence - identity access log monitoring

Question 12

In Kerberos, what identifies a service?

Answer 12

Service principal name

Question 13

What are the OAUTH roles?

Answer 13

Resource Owner
Resource Server
Client Application
Authorization Server

Question 14

What is SOAP?

Answer 14

Simple object access protocol
An XML structure for messages over HTTP, used to exchange structured information to web services. It is encapsulated data.

Question 15

What is an external trust?

Answer 15

Used between forests and organizations.

Question 16

Which message protocol is often identified by encapsulation?

Answer 16

SOAP

Question 17

In Kerberos, what identifies a user?

Answer 17

User principal name

Question 18

In Kerberos, what does the user principal name do?

Answer 18

Identifies a user

Question 19

Which IAL is self asserted?

Answer 19

IAL 1

Question 20

What is SASL?

Answer 20

Simple authentication and security layer, a framework for authentication and data security in internet protocols. It is non-proprietary and decentralized. Works with a variety of authentication methods and can be used for directory access.

Question 21

What are the objects in the access control MAC?

Answer 21

Files
folders
print queues
devices

Question 22

What could be consulted to see what a subject could do to an object?

Answer 22

Capability table

Question 23

How does MAC treat subjects and objects?

Answer 23

Subjects are active and objects are passive upon which subjects act.

Question 24

What are the steps in provisioning a user account and applying permissions?

Answer 24

The user requests access
The resource owner validates the request
The application administrator creates the account and applies permission
The user is notified

Question 25

What are the types and particular issues with biometrics?

Answer 25

Type 1 - FRR - False Rejection Rate Type 2 - FAR - False Acceptance Rate CER - Crossover Error Rate

Question 26

What are the SAML roles?

Answer 26

Identity Provider Service Provider / Relying Party User / Principal

Question 27

What are the parts of the credential enrollment process?

Answer 27

``` Sponsorship Enrollment Credential Production Issuance Credential Lifecycle Management ```

Question 28

In kerberos, what validates ticket granting tickets?

Answer 28

Ticket granting service

Question 29

In Kerberos, what does a ticket granting service do?

Answer 29

Validates the ticket granting ticket and grants a service ticket.

Question 30

What are the steps in de-provisioning access?

Answer 30

The resource owner notifies the application administrator | The application administrator removes the access

Question 31

What are the Identity Assurance Levels?

Answer 31

IAL 1 - attributes are self asserted IAL 2 - remote or in person identity proofing is required IAL 3 - in person identity proofing is required and verified by a Credential Service Provider

Question 32

What is a capability table?

Answer 32

A table of subjects and objects indicating what actions individuals can take upon individual objects.

Question 33

What is a one way trust?

Answer 33

Trust flows in one direction from one domain to another.

Question 34

What is FICAM

Answer 34

Federated Identity, Credential, and Access Management

Question 35

What are the special SIDs for Windows?

Answer 35

500 - Admin 501 - Guest 512 - Domain Admin

Question 36

What are the steps in modifying user permissions?

Answer 36

The user requests permission modification The resource owner validates the request The application administrator modifies the permissions The user is notified