Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CISSP - Identity and Access Management (IAM) Flashcards
ISC2 CISSP Flashcards
| Front | Back |
| Challenges of password-based authentication | Vulnerable to guesswork, brute-force attacks, and poor user management practices. |
| Difference between DAC and MAC | Discretionary Access Control allows data owners to set permissions, Mandatory Access Control enforces permissions based on policies. |
| Key components of IAM | Identification, Authentication, Authorization, Accountability. |
| Purpose of access control mechanisms | To restrict and manage user access to resources based on policies. |
| Types of authentication factors | Knowledge (something you know), Possession (something you have), Inherence (something you are), Location, Behavior. |
| What does AAA stand for in security | Authentication, Authorization, and Accounting. |
| What does SSO stand for | Single Sign-On. |
| What is ABAC | Attribute-Based Access Control, assigns access based on attributes like user, resource, or environment. |
| What is an access control list (ACL) | A list defining the permissions for various users or systems to access a resource. |
| What is authentication | The process of verifying the identity of a user or system. |
| What is authorization | The process of determining access rights and permissions for an authenticated user. |
| What is cookie-based session management | Using cookies to maintain state and memory of user sessions. |
| What is de-provisioning | The process of removing access and disabling accounts when no longer needed. |
| What is identity federation | Linking a user's digital identity across multiple systems or organizations. |
| What is identity proofing | The process of verifying identity during enrollment or account creation. |
| What is Just-In-Time (JIT) access | Providing temporary access to resources as needed for specific tasks. |
| What is Kerberos | A network authentication protocol using tickets to securely manage credentials. |
| What is LDAP | Lightweight Directory Access Protocol, used to access and manage directory information. |
| What is MFA | Multifactor Authentication - using two or more factors for authentication. |
| What is provisioning | The process of creating and enabling user accounts and access rights. |
| What is proximity-based authentication | Authentication using physical closeness, often via tokens or smart cards. |
| What is RBAC | Role-Based Access Control, assigns access based on roles within an organization. |
| What is the goal of Identity Governance | To ensure identities are managed properly and comply with policies. |
| What is the principle of least privilege | Grant users only the access necessary to perform their job functions. |
| What is the purpose of a digital certificate | To verify identity and establish trust, often in PKI systems. |
| What is the purpose of a directory service | To store and manage information about users and resources in a network. |
This deck covers authentication, authorization, identity governance, and access control mechanisms used to protect resources.