Identity and Access Management Terms and Concepts Flashcards

What is the difference between authentication and authorization?"Authentication is the process of verifying the identity of a user, while authorization is the process of granting or denying access to resources based on the user's identity."
What is multi-factor authentication (MFA)?MFA is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction.
What is identity federation?Identity federation is the practice of linking a single digital identity and its characteristics across multiple systems or organizations.
Define privileged access management (PAM)."PAM is the process of managing and controlling access to critical systems and data by privileged users, including administrators and superusers."
What is a directory service?"A directory service is a software system that stores, organizes, and provides access to information in a directory."
Explain the concept of role-based access control (RBAC).RBAC is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise.
Define biometrics in the context of authentication."Biometrics refers to the use of physical characteristics, such as fingerprints, facial recognition, or iris scans, to verify identity."
Describe the concept of attribute-based access control (ABAC)."ABAC is an access control method where access rights are granted based on attributes, such as user role, department, and security clearance level."
Define single-factor authentication (SFA)."SFA is a security process that requires only one method of authentication, such as a password, to verify the identity of the user."
Explain the use of LDAP in identity management."LDAP, or Lightweight Directory Access Protocol, is an open, vendor-neutral, industry standard for accessing and maintaining distributed directory information services over an IP network."
What are access control lists (ACLs)?"ACLs are a set of rules that allow or deny access to network resources, based on user identities or other criteria."
What is single sign-on (SSO)?SSO is an authentication process that allows a user to access multiple applications with one set of login credentials.
What is an identity provider (IdP)?"An IdP is a system or service that creates, maintains, and manages identity information for principals and provides authentication services to relying applications within a federation or distributed network."
What is a digital certificate?"A digital certificate is an electronic document used to prove the ownership of a public key, typically issued by a certificate authority (CA)."
What is the principle of least privilege?The principle of least privilege states that users should be granted the minimum levels of access – or permissions – needed to perform their job functions.