Identity and Access Management Flashcards
Which of the following terms describes the process of allowing access to different resources?
Authorization
Authentication
Accountability
Authorization
Authorization describes the process of allowing access to different resources
Which of the following states that users should be given only the level of access needed to perform their duties?
Separation of duties
Accountability
Principle of least privilege
Principle of least privilege
The principle of least privilege states that users should be given only the level of access needed to perform their duties
Which of the following access control models allows object creators and owners to assign permissions to users?
Rule-based access control
Discretionary access control
Mandatory access control
Discretionary access control
The discretionary access control model allows object creators and owners to assign permissions to users
An administrator wants to restrict access to a particular database based upon a stringent set of requirements. The organization is using a discretionary access control model. The database cannot be written to during a specified period when transactions are being reconciled. What type of restriction might the administrator impose on access to the database?
Access based upon membership in a logical group
Access from a particular workstation
Time-of-day and object permission restrictions
Time-of-day and object permission restrictions
The administrator would want to impose both a time-of-day and object permission restriction on users to prevent them from writing to the database during a specified time period
Which of the following allows a user to use one set of credentials throughout an enterprise?
TACACS
RADIUS
Single sign-on
Single sign-on
Single sign-on allows a user to use one set of credentials throughout an enterprise to access various resources without having to reauthenticate with a different set of credentials
Which of the following is used to prevent the reuse of passwords?
Disabling accounts
Account lockout
Password history
Password history
The password history setting in the account policy is used to prevent the reuse of older passwords
Which of the following are the best ways to ensure that user accounts are being used appropriately and securely? (Choose two.)
Periodically review assigned privileges.
Allow users to maintain their privileges indefinitely, even during promotion or transfer.
Continuously monitor accounts, through auditing, to ensure accountability and security.
Ensure that users permissions stay cumulative, regardless of which group or job role they occupy.
Periodically review assigned privileges.
Continuously monitor accounts, through auditing, to ensure accountability and security.
Periodic reviews and continuous monitoring are two ways to ensure that accounts and privileges are used in accordance with organizational policy and in a secure manner
Which of the following authentication factors would require that you input a piece of information from memory in addition to using a smart card?
Possession
Knowledge
Inherence
Knowledge
The knowledge factor would require that you input a piece of information, such as a password or PIN, from memory in addition to using a smart card
You are implementing an authentication system for a new company. This is a small company, and the owner has requested that all users be able to create accounts on their own individual workstations. You would like to explain to the owner that centralized authentication might be better to use. Which of the following are advantages of centralized authentication? (Choose two.)
Centralized security policies and account requirements.
Ability of individuals to set their own security requirements.
Ability to use single sign-on capabilities within the entire organization.
Requirements have different user names and passwords for each workstation and resource.
Centralized security policies and account requirements.
Ability to use single sign-on capabilities within the entire organization.
Centralized system security policies as well as the ability to use single sign-on throughout the organization are two advantages of centralized authentication
Under which of the following circumstances would a Windows host use Kerberos instead of NTLM v2 to authenticate users?
Authenticating to a server using only an IP address
Authenticating to a modern Windows Active Directory domain
Authenticating to a different Active Directory forest with legacy trusts enabled
Authenticating to a modern Windows Active Directory domain
When authenticating to a modern Windows Active Directory domain, Windows uses Kerberos as its authentication protocol by default