Authentication & Authorization

Question 1

Refer back to Security + Identify and Access Management deck for additional notes

Question 2

What is the process of aggregating logs collected from various devices across a network for centralized analysis?

Answer 2

Log ingestion

Question 3

What process increases the security of a system by reducing vulnerabilities and minimizing the attack surface?

Answer 3

System hardening

Question 4

What set of tools and processes helps standardize and automate security operation tasks, such as data enrichment and threat intelligence combination, to minimize human engagement?

Answer 4

Security Orchestration Automation & Response (SOAR)

Question 5

What six-phase process, involving requirements definition, collection, analysis, dissemination, and feedback ensures that security information is timely, actionable and consistent?

Answer 5

Threat intelligence lifecycle

Question 6

What type of vulnerability scanning involves the scanner logging into the target system using valid credentials to perform a more thorough, internal check for misconfigurations and missing patches?

Answer 6

Authenticated scanning

Question 7

What are the pieces of forensic data, such as IP addresses, file hashes, or domain names, that indicate a system or network has been breached by an attacker?

Answer 7

Indicators of Compromise (IoCs)

Question 8

Which configuration is commonly used to establish trust between an identity provider and a resource provider?

Answer 8

The resource provider is configured with the identity provider public key

Question 9

Which server file stores SSH public keys for users?

Answer 9

authorized_keys

Question 10

What is identity federation in cybersecurity?

Answer 10

Identity federation a system that uses a trusted identity provider (IdP) to authenticate users, devices, or software

Examples of IdPs include Microsoft Active Directory, Google, Facebook, and LinkedIn.

Question 11

What is the purpose of the Identity Provider (IdP)?

Answer 11

IdP a centralized location for credentials that authenticate users

Question 12

What is the role of a resource provider or service provider (RP or SP)?

Answer 12

RP or SP are web apps or service that trusts the identity provider

It allows authentication through the IdP instead of building in authentication directly.

Question 13

What is a claim in the context of identity federation?

Answer 13

Claim a statement or assertion about a user or device

Claims can include attributes like device type, IP address, or user date of birth.

Question 14

True or false: Users can sign in to websites using identity federation with providers like Google and Facebook.

Answer 14

TRUE

This is a common practice for authentication on the Internet.

Question 15

What happens when a user accesses an app configured with an identity provider?

Answer 15

The app redirects the user to the IdP for authentication

This process is transparent and quick for the user.

Question 16

What is a security token in identity federation?

Answer 16

Security token a digitally signed token that may contain claims about the user

It is created by the server after successful user authentication.

Question 17

What is attribute-based access control?

Answer 17

A method of access control based on user attributes or claims

An example is verifying a user’s age using their date of birth.

Question 18

What is the purpose of a digital signature in identity federation?

Answer 18

Digital signatures verify the authenticity of a security token

It is created using a private key from a public-private key pair.

Question 19

How is an application configured to trust an identity provider?

Answer 19

By using the public key of the IdP

This allows the app to verify digitally signed tokens.

Question 20

What does single sign-on (SSO) mean?

Answer 20

SSO users are signed in automatically to an app after initial authentication within an environment

SSO is often used in conjunction with identity federation.

Question 21

What are some common authentication methods used in single sign-on?

Answer 21

• SAML
• HTTP header-based authentication
• Integrated Windows authentication
• Basic password-based authentication

These methods can be used both on-premises and in the cloud.

Question 22

What is OpenID Connect?

Answer 22

OpenID Connect an open standard for single sign-on in the cloud

It is often used alongside OAuth.

Question 23

Why must cybersecurity analysts understand identity federation?

Answer 23

To analyze past intrusions and prevent future ones

Knowledge of data flow and configurations aids in threat hunting.

Question 24

Which access control model uses the OS to determine resource access?

Answer 24

Mandatory Access Control (MAC)

Question 25

What occurs after **successful authentication**?

Answer 25

***Authorization*** ## Footnote Authorization determines the level of access to a given resource.

Question 26

Define **authentication**.

Answer 26

**Authentication** is a method of proving a user's identity ## Footnote It is the process that verifies who a user is.

Question 27

What does **authorization** determine?

Answer 27

**Authorization** determines level of access to a resource ## Footnote This includes permissions to applications, databases, file systems, and physical facilities.

Question 28

True or false: **Authorization** is influenced by legal or regulatory requirements related to data privacy.

Answer 28

TRUE ## Footnote Legal requirements can affect how permissions are granted.

Question 29

List examples of resources that may require **authorization**.

Answer 29

* Databases * Applications * File systems * Physical facilities ## Footnote Authorization can apply to both digital and physical access.

Question 30

What is a common issue found during **security audits**?

Answer 30

Regular users added to powerful groups ## Footnote This often occurs instead of finding granular permission details.

Question 31

Give examples of **authorization** in action.

Answer 31

* Gaining VPN access * Sending emails with confidential attachments ## Footnote These actions often require additional authentication methods.

Question 32

What is often required in addition to regular user sign-in for **VPN access**?

Answer 32

Smart card insertion ## Footnote The smart card typically contains a PKI certificate or private key.

Question 33

What model should organizations adopt **regarding internal networks**?

Answer 33

***Zero-trust model*** ## Footnote This treats internal networks as potentially hostile, similar to external networks.

Question 34

What should be conducted periodically to ensure security?

Answer 34

Audits of resource access and privilege use ## Footnote These audits can be automated and may include workflows for access confirmation.

Question 35

What can **threat hunting tools** detect?

Answer 35

Unusual access patterns ## Footnote They use machine learning to identify potential account compromises.

Question 36

What is **Transitive Trust**?

Answer 36

**Transitive trust** is when trust between two entities is extended—implicitly or automatically—to a third entity, even though that third entity was never directly evaluated or approved ## Footnote Example: If A trusts B, and B trusts C, then A ends up trusting C… whether A meant to or not

Question 37

Define **Cloud Access Security Broker** (CASB)?

Answer 37

**CASB** a software tool or service that provides policy-based protection for cloud-based resources. ## Footnote CASB is considered a core component of a SASE architecture

Question 38

List some DLP concepts

Answer 38

* RDP blocking * Print blocking * Clipboard privacy controls * Data classification blocking * Blocking use of external media

Question 39

List the different data types

Answer 39

* Cardholder Data (CHD) * Intellectual Property (IP) * Personal Health Information (PHI) * Personally Identifiable Information (PII) * Personal Identifiable Financial Information (PIFI)