IAM Solutions

Question 1

Identity Access Management

Answer 1

Systems/processes used to manage information into an organization to ensure that right user has correct access

Question 2

Account Provisioning

Answer 2

Process of creating and removing (deprovisioning) new users’ accounts, assigning permissions, and providing access

Question 3

Identity Proofing

Answer 3

Verify users’ identity

Question 4

Interoperability

Answer 4

Ability of different systems/devices to work together

Question 5

Multi-Factor Authentication (MFA)

Answer 5

Systems that require more than one form of authentication through a list of defined categories

Question 6

Multi-Factor Authentication Knowledge Based

Answer 6

(password, PIN)

Question 7

Multi-Factor Authentication Possession Based

Answer 7

(key fob, smart card, software token)

Question 8

Multi-Factor Authentication Inherence Based

Answer 8

(face scan, thumbprint)

Question 9

Multi-Factor Authentication Location Based

Answer 9

(IP)

Question 10

Multi-Factor Authentication Behavior Based

Answer 10

Patterns such as keystrokes and mouse movement

Question 11

Single Factor Authentication

Answer 11

Uses one factor for authentication

Question 12

Two-factor authentication

Answer 12

Uses two factors

Question 13

Password security

Answer 13

Measures the password’s ability to repel guessing/brute force attacks

Question 14

Password managers

Answer 14

Store, generate, and autofill passwords for security

Question 15

Passwordless authentication

Answer 15

Improves security and usability than traditional methods

Question 16

Password authentication types

Answer 16

(biometric, hardware tokens, one-time password, Magic Links, and Passkeys)

Question 17

Hardware tokens

Answer 17

Physical devices like a security key that generates a short-duration login code

Question 18

Magic Link

Answer 18

Email link that automatically logs the user into a web site

Question 19

Password attack types

Answer 19

(Brute force, dictionary attack, password-spraying, and hybrid attacks)

Question 20

Dictionary attacks

Answer 20

Using a list of commonly used passwords and trying them all

Question 21

Password spraying

Answer 21

Form a brute force that involves trying a small number of commonly used passwords against a large number of usernames

Question 22

Hybrid attack

Answer 22

Blends brute and dictionary text by using common passes with variations such as adding numbers and special characters

Question 23

Single Sign-On (SSO)

Answer 23

Authentication process that allows a user to access multiple applications and websites by logging in only once using a single set of credentials

Question 24

Identity Provider (IDP)

Answer 24

System that (creates, manages, maintains) identity information for principals while providing authentication services to apps that use it within their network; Microsoft Entra

Question 25

Lightweight Directory Access Protocol (LDAP)

Answer 25

Used to access and maintain distributed directory information services over an internet protocol in plain text

Question 26

LDAPS

Answer 26

LDAP with support over (SSL, STLS) that both support encryption and data over transmission

Question 27

Open Authorization (OAUTH)

Answer 27

Open standard for token-based authentication and authorization that allows a user's information to be used by third-party services without the user's password

Question 28

Security Assertion Markup Language (SAML)

Answer 28

Standard for logging users into applications based on their sessions in another context

Question 29

Federation

Answer 29

Processes that allows for the linking of users' identities across multiple independent security domains or organizations, allowing that user to use resources from those partners' domains; Using SAML or OAuth and OpenID; Example, user authenticated by Org A uses a service in Org B, vouched by Org A

Question 30

Privilege Access Management (PAM)

Answer 30

Solution that helps organizations restrict and monitor privileged access within an IT environment

Question 31

Just-IN-Time (JIT) Permissions

Answer 31

Security model where administrative access is granted only when needed for a specific period

Question 32

Password vaulting

Answer 32

Store and manage passwords in a vault

Question 33

Temporal accounts

Answer 33

Used to provide time-limited access to resources and automatically deleted/disabled

Question 34

Mandatory Access Control (MAC)

Answer 34

Employ security labels to authorize user accounts to specific resources; Every single user and resources need a unique level

Question 35

Discretionary Access Control (DAC)

Answer 35

Resource owners determine which users can access each resources

Question 36

RBAC

Answer 36

Rule-based Access Control and Role-Based Access Control

Question 37

Role-based Access Control

Answer 37

Enables admins to apply security policies to all users

Question 38

Attribute-based access control (ABAC)

Answer 38

Uses object characteristics for access control decisions

Question 39

Time-of-day Restrictions and Principles of Least Privilege

Answer 39

Prevention mechanisms and methodologies

Question 40

Permission or Authorization Creep

Answer 40

Occurs when the user gains excessive rights during career progression

Question 41

User Account Control (UAC)

Answer 41

Designed to ensure that actions requiring admin rights are authorized by the user