Identity Management and Authentication

Questions and Answers

What does a user do during the identification step?

• Proves their role
• Scans a card
• Unlocks access
• Claims an identity (correct)

Which process checks if the user has permission to access a resource?

• Authorization (correct)
• Accounting
• Identification
• Biometrics

What feature prevents users from using old passwords?

• Password history (correct)
• Password vault
• Two-step verification
• Lockout threshold

What is enforced by a password expiration policy?

Users change passwords regularly (C)

Which policy setting determines how long a locked account stays locked?

Lockout duration (C)

Which method uses an app or SMS to send a code to the user?

Two-step verification (C)

Which password policy helps prevent easy guessing?

Password complexity (B)

What kind of information does accounting in AAA keep?

Audit trail of user activity (B)

Which term means a system wrongly accepts an unauthorized person?

False acceptance (A)

What does multifactor authentication require?

Two or more different authentication factors (B)

Which accounts should not be shared among multiple users?

Shared and generic accounts (D)

Which combination shows two-factor authentication?

Fingerprint and smart card (B)

What should happen to accounts when employees leave the company?

Disable or delete (B)

What is the purpose of account audits?

To check and review account activities (A)

Which technology allows users to log in once and access multiple systems?

Single Sign-On (SSO) (B)

What is Role-Based Access Control (RBAC) based on?

Job roles and functions (D)

In a group-based privileges setup, where are permissions assigned?

To groups that include users (A)

What is the benefit of assigning access to groups?

Eases permission management (A)

Which permission allows both reading and running a file?

Read & Execute (B)

Which of the following is part of Conditional Access?

Group membership or IP location (B)

Flashcards

Identification in Security

The process where a user claims to be someone.

Authorization

Process of verifying a user's permissions to access resources.

Password History

A security feature that blocks the reuse of old passwords.

Password Expiration Policy

A policy that ensures users update passwords regularly.

Lockout duration

A setting that determines how long an account remains locked after too many failed login attempts.

Two-Step Verification

A method using an app or SMS to send a verification code to the user, adding a security layer.

Password Complexity

A password policy that requires passwords to be complex (e.g., including different character types).

Accounting in AAA

Audit trail of user activities such as logins and access attempts.

False Acceptance

When a system incorrectly accepts an unauthorized user.

Multifactor Authentication

Requires at least two different methods to verify a user's identity.

Two-factor authentication example

Using something you are (fingerprint) with something you have (smart card).

Shared/Generic account risk

Accounts that should not be shared among multiple users.

Offboarding Account Action

When an employee leaves, accounts should be disabled/deleted.

Purpose of Account Audits

Account audits check and review user account activities.

Single Sign-On (SSO)

It allows users to log in once and access multiple systems.

Role-Based Access Control (RBAC)

Access control based on job roles and functions within an organization.

Group-Based Privileges

Permissions are assigned to groups that include users.

Benefit of Group Access

The management becomes easier when you assign access to groups.

Read & Execute permission

The permission that allows users to both read and execute a file.

Conditional Access Criteria

Group Membership or IP location is part of Conditional Access.

Study Notes

Identification

• During the identification step, a user claims an identity.

Authorization

• Authorization is the process that checks if a user has permission to access a resource.

Password History

• A password history feature prevents users from re-using old passwords.

Password Expiration Policy

• A password expiration policy enforces that users change passwords regularly.

Lockout Duration

• Lockout duration determines how long a locked account stays locked.

Two-Step Verification

• Two-step verification uses an app or SMS to send a code to the user.

Password complexity

• Password complexity policy helps prevent easy password guessing.

Accounting in AAA

• Accounting in AAA (Authentication, Authorization, and Accounting) keeps an audit trail of user activity.

False Acceptance

• False acceptance is when a system wrongly accepts an unauthorized person.

Multifactor Authentication

• Multifactor authentication requires two or more different authentication factors.

Two-Factor Authentication Example

• A fingerprint scan and a Smart Card are an example of two-factor authentication.

Shared Accounts

• Shared and generic accounts should not be shared among multiple users.

Employee Account Handling

• When employees leave a company, their accounts should be disabled or deleted.

Account Audits

• Account audits purpose is to check and review account activities.

Single Sign-On (SSO)

• Single Sign-On (SSO) is a technology that allows users to log in once and access multiple systems.

Role-Based Access Control (RBAC)

• Role-Based Access Control (RBAC) is based on job roles and functions.

Group-Based Permissions Assignment

• In a group-based privileges setup, permissions are assigned to groups that include users.

Assigning Access to Groups

• Assigning access to groups eases permission management.

Read & Execute Permissions

• Read & Execute permission allows both reading and running a file.

Conditional Access

• Group membership or IP location is part of conditional access.