Review Questions - SYS701 - 8 - Identity and Access Management

Questions and Answers

Angela has chosen to federate with other organizations to allow use of services that each organization provides. What role does Angela's organization play when they authenticate their users and assert that those users are valid to other members of the federation?

• Service provider (correct)
• Relying party
• Authentication provider
• Identity provider (correct)

Which of the following technologies is the least effective means of preventing shared accounts?

• Requiring biometric authentication
• Requiring one-time passwords via a token
• Requiring a one-time password via an application
• Password complexity requirements (correct)

What major difference is likely to exist between on-premises identity services and those used in a cloud-hosted environment?

• A.Account policy control will be set to the cloud provider's standards.
• B.The cloud service will provide account and identity management services. (correct)
• C.Multifactor authentication will not be supported by the cloud vendor.
• D.None of the above.

Amitoj wants to ensure that her organization's password policy does not allow users to reset their password multiple times until they can reuse their current password. What setting is used to prevent this?

Age (D)

Which type of multifactor authentication is considered the least secure?

SMS (B)

Geeta has been issued a USB security key as part of her organization's multifactor implementation. What type of implementation is this?

A biometric token (A)

Michelle enables the Windows picture password feature to control logins for her laptop. Which type of attribute will it provide?

Something you know (B)

What purpose would Linux file permissions set to rw-r—r-- serve?

To allow the owner to read and write the file, and for the owner's group and others to be able to read it (A)

Theresa wants to implement an access control scheme that sets permissions based on what the individual's job requires. Which of the following schemes is most suited to this type of implementation?

RBAC (C)

Which of the following biometric technologies is most broadly deployed due to its ease of use and acceptance from end users?

Fingerprint scanner (D)

Adam want to increase his organization's passwords resistance to attacks in the event that the password hash database is stolen by attackers. Which of the following password security settings has the largest impact on password cracking if his organization's current passwords are 8 characters long?

Password length (B)

A PIN is an example of what type of factor?

Something you know (A)

Marie is implementing a PAM solution and wants to ensure that root passwords are available in the event of an outage. Which PAM-related tool is most likely to be useful in this situation?

Password vaulting (C)

Jill sets her files on a Windows file share to allow Fred to access the files. What type of access control system is she using?

Discretionary access control (D)

Lisa sets up an account on a website that allows her to log in with Google. When she logs in, Google provides an access token to the website that confirms that she is who she says she is but doesn't provide the site with her password. Which of the following technologies has she used?

OAuth (B)

Kyle has been asked to provide his government-issued ID as part of the creation of his user account. What process should he assume it is being used for?

Identity proofing (C)

What key concept below best describes only providing the permissions necessary to perform a role?

Least privilege (A)

Nina has recently left her organization. What should the organization do with her account?

Deprovision her account. (C)

A person's name, age, location, or job title are all examples of what?

Attributes (C)

What type of access control scheme best describes the Linux filesystem?

DAC (C)

Flashcards

Capital of France (example flashcard)

Paris