Identity and Access Management Domain

Question 1

Access badges

Answer 1

Used to enter secured areas of a facility and are used in conjunction with a badge reader to read information stored on the badge

Question 2

Access Control Systems

Answer 2

Physical or electronic systems designed to control who; or what; has access to a network

Question 3

Account management systems

Answer 3

Systems that attempt to streamline the administration of user identity across multiple systems

Question 4

Authentication

Answer 4

The process of verifying the identity of the user

Question 5

Authorization

Answer 5

The process of defining the specific resources a user needs and determining the type of access to those resources the user may have

Question 6

Cryptographic Device

Answer 6

A hardware device that contains non-programmable logic and non-volatile storage dedicated to all cryptographic operations and protection of private keys.

Question 7

Electronic authentication (e-authentication)

Answer 7

The process of establishing confidence in user identities electronically presented to an information system

Question 8

Facility access control

Answer 8

Protects enterprise assets and provides a history of who gained access and when the access was granted

Question 9

Identity as a Service (IDaaS)

Answer 9

Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud

Question 10

Identity proofing

Answer 10

The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account; a credential; or other special privilege is indeed who he or she claims to be; and establishing a reliable relationship

Question 11

Kerberos

Answer 11

Developing standard for authenticating network users. Kerberos offers two key benefits: it functions in a multi-vendor network; and it does not transmit passwords over the network.

Question 12

Logical access controls

Answer 12

Protection mechanisms that limit users’ access to information and restrict their forms of access on the system to only what is appropriate for them

Question 13

MAC address

Answer 13

A 48-bit number (typically represented in hexadecimal format) that is supposed to be globally unique

Question 14

Mandatory Access Controls (MACs)

Answer 14

Access control that requires the system itself to manage access controls in accordance with the organization’s security policies

Question 15

Multi-factor Authentication

Answer 15

Ensures that a user is who they claim to be. The more factors used to determine a person’s identity; the greater the trust of authenticity.

Question 16

Password Management System

Answer 16

A system that manages passwords consistently across the enterprise

Question 17

Physical Access Control Systems (PACS)

Answer 17

Allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single; centralized location

Question 18

Radio Frequency Identification (RFID)

Answer 18

A non-contact; automatic identification technology that uses radio signals to identify; track; sort and detect a variety of objects including people; vehicles; goods and assets without the need for direct contact

Question 19

Role-Based Access Control (RBAC)

Answer 19

An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization

Question 20

Rule-Based Access Control

Answer 20

An access control model that based on a list of predefined rules that determine what accesses should be granted

Question 21

Security Assertion Markup Language 2.0 (SAML 2.0)

Answer 21

A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains

Question 22

Single factor authentication

Answer 22

Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested

Question 23

Single Sign-On (SSO)

Answer 23

A unified login experience (from the viewpoint of the end user) when accessing one or more systems

Question 24

Trusted Platform Modules (TPM)

Answer 24

A local hardware encryption engine and secured storage for encryption keys

Question 25

User ID

Answer 25

Provides the system with a way of uniquely identifying a particular user amongst all the users of that system