Lesson 8 Implementing Identity and Account Management Controls

Question 1

How does single-sign-on work?

Answer 1

the user authenticates to an identity provider (IdP) and receives a cryptographic token. The user can present that token to compatible applications as proof they are authenticated, and receive authorizations from the application.

Question 2

What is an Identity Provider?

Answer 2

The service that provisions the user account and processes authentication requests

Question 3

What is an Exit interview or Off-Boarding process?

Answer 3

The process of ensuring that an employee leaves a company gracefully

Question 4

Name the processes of the Offboarding process

Answer 4

1. Account management - Disable the user account and privileges and ensure that any info assets created by the user are able to be accessed
2. Company assets - retrieve mobile devices, keys, smart cards, USB media, and so on
3. Personal assets - Wipe employee devices of corporate data and applications

Question 5

What is a default account?

Answer 5

One that is created by the operating system or application when it is installed

Question 6

What is another name for default account?

Answer 6

Admin in Windows
Root/Super User in Linux

Question 7

What are service accounts

Answer 7

A host or network account that is designed to run a background service, rather than to log on interactively

Question 8

What does the local system account do

Answer 8

Creates the host processes that start Windows before the user logs on

Question 9

What does the local Service account do

Answer 9

Has the same privileges as the standard user account. It can only access network resources as an anonymous user

Question 10

Describe the Network Service Account

Answer 10

has the same privileges as the standard user account but can present the computer’s account credentials when accessing network resources

Question 11

What is a SSH Host key pair

Answer 11

Identifies an SSH server. he server reveals the public part when a client connects to it. The client must use some means of determining the validity of this public key. If accepted, the key pair is used to encrypt the network connection and start a session.

Question 12

What is a SSH user key pair

Answer 12

a means for a client to login to an SSH server. The server stores a copy of the client’s public key. The client uses the linked private key to generate an authentication request and sends the request (not the private key) to the server. The server can only validate this request if the correct public key is held for that client.

Question 13

What two things can allow you to find the geolocation of a user

Answer 13

Ip-address and Location Services

Question 14

What is Geo-fencing?

Answer 14

the practices of creating a virtual boundary based on real-world geography and accepting and rejecting requests based on location

Question 15

What is a Time of Day policy?

Answer 15

Policies or configuration settings that limit a user’s access to resources. and establishes logon hours for an account

Question 16

What is usage auditing?

Answer 16

Configuring the security log to record key indicators and then reviewing the logs for suspicious activity

Question 17

What are some categories of Usage audits

Answer 17

Account logon and management events
Process creation
Object access (file system/file share)
Changes to audit policy
Changes to system security and integrity (antivirus, host firewall, and so on)

Question 18

What is Discretionary Access Control (DAC)

Answer 18

Access control model where each resource is protected by an Access Control List (ACL) managed by the resource’s owner (or owners).

Question 19

What is Role Based Access Control (RBAC)

Answer 19

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Question 20

What is Mandatory Access Control (MAC)

Answer 20

Access control model where resources are protected by inflexible, system-defined rules. Resources (objects) and users (subjects) are allocated a clearance level (or label).

Question 21

What is Attribute Based Access Control (ABAC)

Answer 21

An access control technique that evaluates a set of attributes that each subject possesses to determine if access should be granted.

Question 22

What is Rule-based access control

Answer 22

A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Question 23

What are three types of rule-based / non discretionary access controls

Answer 23

ABAC, MAC, and RBAC

Question 24

What is Conditional access and how does it work

Answer 24

An example of rule-based access control. Monitors account or device behavior throughout a session

Question 25

What is Privileged access management (PAM)

Answer 25

Policies, procedures, and support software for managing accounts and credentials with administrative permissions.

Question 26

What is Directory Services

Answer 26

A network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers.

Question 27

What is a Distinguished Name (DN)

Answer 27

A unique identifier for any given resource within an X.500-like directory

Question 28

What is Federation?

Answer 28

A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.

Question 29

What are the steps of federated identity management process?

Answer 29

1. The user attempts to access a service provider (SP), The service provider redirects the principal to the Identity Provider (IDP) to authenticate
2. The principal authenticates with the identity provider and obtains an attestation of identity, in the form of some sort of token or document signed by the IDP.
3. The principal presents the attestation to the service provider. The SP can validate that the IdP has signed the attestation because of its trust relationship with the IdP
4. The service provider can now connect the authenticated principal to its own accounts database. It may be able to query attributes of the user account profile held by the IdP, if the principal has authorized this type of access.

Question 30

What is Security Assertion Markup Language (SAML)

Answer 30

An XML-based data format used to exchange authentication information between a client and a service

Question 31

What is Simple Object Access Protocol (SOAP)

Answer 31

An XML-based web services protocol that is used to exchange messages.

Question 32

What is Open Authorization (OAuth) Protocol?

Answer 32

Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.

Question 33

What is Code of Conduct/ Rules of behavior

Answer 33

expected professional standards