36 Questions
What is the primary concern with authorization without auditing?
The authorizer may not be aware of the authorizee's actions
Which technique is used for source of origin verification?
Message Authentication Codes
What is the primary benefit of non-repudiation?
It provides a reliable record of who did what
Who is responsible for issuing verifiable credentials?
Credential Issuers
What is the purpose of delegation in access control?
To transfer accountability from the authorizer to the delegate
What is the primary goal of continuous authentication?
To create a continuous audit trail of user activities
What is the primary purpose of accountability in a system?
To ensure that the actions of an entity can be traced uniquely to that entity
What is the primary function of a reference monitor in access control?
To monitor and control access to system resources
What is the primary purpose of an audit trail in a system?
To log and record system events for accountability purposes
What is the primary function of an audit service in a system?
To records information needed to establish accountability for system events
What is the primary purpose of authentication in a system?
To ensure the identity of users and identity providers
What is the primary purpose of an audit policy in a system?
To define evidence to be collected, who can access, and who manages what
What is the primary purpose of identity management (IdM)?
To verify attribute assertions
What is a common challenge in managing devices for users?
Managing multiple devices at the same time
What is the benefit of using a federation to manage access control?
To authenticate entities across multiple systems
What is an example of a credential used to support authentication?
All of the above
What is the main advantage of federated identity management (FIM)?
It separates authentication and authorization
What is the primary benefit of single sign-on (SSO) capabilities?
It allows users to access resources at multiple systems by logging in once
Logs can be stored on external ______ such as hard disk, portable media.
memory
SIEM stands for ______ Information and Event Management.
Security
Identity management systems are responsible for the creation, use, and termination of electronic ______.
identities
Event logs are often managed as part of an SIEM system to facilitate ______ collection, storage, analysis, and exchanges.
data
CTI stands for ______ Threat Intelligence.
Cyber
An entity can have multiple ______.
identities
CTI can be made part of the SIEM system or be ______ managed.
separately
ISM deals with laws such as ______ laws, digital investigation laws, and online safety laws.
cybercrime
Authentication techniques are used to provide ______ for users.
accountability
Attributes are information bound to an entity that specifies a characteristic of the ______.
entity
Identity management is used for authentication, accountability, and ______.
authorization
ITUT defines identity management as a set of functions and capabilities used for assurance of ______ information.
identity
Digital Forensics & ______ used for establishing accountability.
eDiscovery
Security Operations Centre (SOC) is key in enabling ______ in org.
accountability
______ management involves identifying, classifying, prioritizing, and remediating vulnerabilities.
Vulnerability
Cyber Incident Management consists of Prepare, Handle, and ______ operations.
Follow Up
SIEM (Security Information and Event Management) is used for ______ and analysis of security-related data.
correlation
CSIRTs aka ______ / CITR = Cyber/Computer Security Incident Response Team.
CERT
Test your knowledge of information security and access control concepts, including risk-based authentication, continuous authentication, authorization, and accountability. Learn how to identify and mitigate security risks in user authentication and authorization processes.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free