Identity and Access Management Solutions

Question 1

A security process that provides identification, authentication, and authorization
mechanisms for users, computers, and other entities to work with organizational
assets like networks, operating systems, and applications

Answer 1

Identity and Access Management

Question 2

Support the identities of various assets by defining the resources an asset has
permission to access based on the function the asset fulfills

Answer 2

Roles

Question 3

A policy document that promotes strong passwords by specifying a minimum
password length, requiring complex passwords, requiring periodic password
changes, and placing limits on reuse of passwords

Answer 3

Password Policies

Question 4

Software used to generate a pseudorandom passphrase for each website a user
needs to log-on

Answer 4

Password Manager

Question 5

Asks the user for information that only they should know, such as their first
school, first model of car, or their first pet’s name

Answer 5

Challenge Questions

Question 6

Users provides a secondary communication channel like another email address or
cellphone number to receive a one-time code to verify their identify when
resetting a password

Answer 6

Two-step Verification

Question 7

An authentication technology that enables a user to authenticate once and
receive authorizations for multiple services

Answer 7

Single Sign-On (SSO)

Question 8

An authentication scheme that requires the user to present at least two different
factors as credentials, from something you know, something you have, something
you are, something you do, and somewhere you are

Answer 8

Multifactor Authentication (MFA)

Question 9

The practice of issuing, updating, and revoking digital certificates

Answer 9

Certificate Management

Question 10

A Sysinternals utility that allows you to verify root certificates in the local store
against Microsoft’s master trust list

Answer 10

sigcheck

Question 11

A library of software functions supporting the SSL/TLS protocol

Answer 11

OpenSSL

Question 12

A Windows utility that allows you to display certification authority (CA)
configuration information, configure Certificate Services, backup and restore CA
components, and verify certificates, key pairs, and certificate chains
▪ Installing, updating, and validating trusted root certificates
▪ Deploying, updating, and revoking subject certificates
▪ Preventing use of self-signed certificates
▪ SSH key management

Answer 12

certutil

Question 13

A process that provides a shared login capability across multiple systems and
enterprises

Answer 13

Federation

Question 14

Creating an account and giving the user authorization to a particular role,
application, or file share

Answer 14

Provisioning and Deprovisioning

Question 15

An account is configured by an administrator on the service provider’s
site

Answer 15

Manual Provisioning

Question 16

Users are enrolled with the service provider without intervention

Answer 16

Automatic Provisioning

Question 17

The use of authentication and authorization mechanisms to provide an
administrator with centralized or decentralized control of user and group rolebased privilege management

Answer 17

Privilege Management

Question 18

Access Control Types

Answer 18

o Discretionary Access Control (DAC)
o Mandatory Access Control (MAC)
o Role-Based Access Control (RBAC)
o Attribute-Based Access Control (ABAC)

Question 19

Access control model where each resource is protected by an Access Control List
(ACL) managed by the resource’s owner (or owners)

Answer 19

Discretionary Access Control (DAC)

Question 20

Access control model where resources are protected by inflexible, system defined
rules where every resources (object) and user (subject) is allocated a clearance
level (or label)
SELinux provides a method for implementing MAC

Answer 20

Mandatory Access Control (MAC)

Question 21

An access control model where resources are protected by ACLs that are
managed by administrators and that provide user permissions based on job
functions
RBAC can be partially implemented in Windows through the concept of group
accounts

Answer 21

Role-Base Access Control (RBAC)

Question 22

An access control technique that evaluates a set of attributes that each subject
possesses to determine if access should be granted

Answer 22

Attribute-Based Access Control (ABAC)

Question 23

IAM auditing is necessary to detect compromise of a legitimate account, rogue
account use, and insider threat

Answer 23

IAM Auditing

Question 24

A log of all file access and authentications within network-based operating
system, application, or service
▪ Accounting for user actions
▪ Detecting intrusions or attempted intrusions

Answer 24

Audit Logs

Question 25

A manual review of accounts, permissions, configurations, and clearance levels at
a given interval

Answer 25

Recertification

Question 26

Security policies can be used to direct the behavior of end-user employees

Answer 26

Conduct and Use Policies

Question 27

A defined set of rules, ethics, and expectations for employees in a particular job
role

Answer 27

Code of Conduct

Question 28

A contract with terms stating a code of conduct for employees assigned high-level
privileges on network and data systems

Answer 28

Privileged User Agreement (PUA)

Question 29

A policy that governs employees’ use of company equipment and Internet
services

Answer 29

Acceptable Use Policy (AUP)