Access Mgmt Flashcards
(35 cards)
What is IAM?
ID Access Mgmt
IAM is sec & bus discipline that ?
“Enables right individual & sys to access right resources at right times for right reasons”
IAM could also support (3):
- Could include customers
- BYOD – securing non-Web Application program (API)
& using Corp ID is norm - Support Cloud base application w/ IAM
Who is responsible for granting access to a user in federated identity management?
A. Identity provider
B. Relying party
C. SaaS provider
D. User
B. Relying party
An organization requires that it federates its internal systems and their externally hosted SaaS finance system so a user does not have to re-authenticate. This is an example of which of the following?
A. Open authentication
B. Single sign-on
C. Biometric scanning
D. Multifactor authentication
B. Single sign-on
Who is the Relying Party in a federated environment, and what do they do?
A. The Customer. They consume tokens generated by
the Identity Provider.
B. The Service Provider. They consume tokens
generated by the customer.
C. The Identity Provider. They consume tokens
generated by the service provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
D. The Service Provider. They consume tokens
generated by the Identity Provider.
What are 2 types of access keys?
Key pairs or x.509 certificates
Key pairs consist of (2) keys
Public
Private key
Private key is used for?
digital sign
Public key is used for?
validation of the signature
X.509 certificates contain
__________ + __________
Each certificate is associated with:
public key + metadata (ie: expiration dt)
Each certificate is associated with: PRIVATE KEY
What type of encryption over Internet is used?
(2) separate types
- TLS / SSL – both use x.509 certify, Asymmetric crypto & exchange symmetric key
- TDE Transparent Data Encrypt – encrypt DB files (MS/Oracle) key based AC sys
Which of the following is BEST used when setting up security for services being used within a public cloud?
A. LDAP
B. SFTP
C. SNMP
D. SSL
D. SSL
What is Transparent Encryption?
In transparent encryption, the encryption engine resides in the database and is transparent to the application.
What is File Level Encryption?
Encryption engine and keys reside on the INSTANCES. The database folder or volume is encrypted, and encryption engine and keys reside on instances attached to volume. It protects against lost backup, external attacks and media theft.
What is Application Level Encryption?
Encryption engine resides at the application using the database.
*It protects against a wide array of threats that include application-level attacks, compromised database and administrative accounts.
Where does the encryption engine reside when using transparent encryption of database? A. In Key Management System B. Within the database C. On instance(s) attached to the volume D. At the database-using application
B. Within the database
Safe Disposal of Electronic Records?
What is Degaussing?
Degaussing: The use of strong magnets to scramble data on magnetic tapes and hard drives
Safe Disposal of Electronic Records?
What is Physical Destruction?
Physical Destruction: Physically shredding or incinerating the records to destroy them completely
Safe Disposal of Electronic Records?
What is Overwriting?
Overwriting: Writing unimportant or random data over the real data to make the real data unreadable. More overwrites ensure better destruction of data. 1s & 0s
Safe Disposal of Electronic Records?
What is Encryption?
Encryption: Rewriting the data in encrypted format so that it cannot be read without an encryption key.
*Only suitable way to dispose data in CLOUD …
- Encryption.
- Encrypting data for disposal is called
Crypto- shredding or digital shredding. *Keys req’d to
read the data are deliberately destroyed.
How does Cloud destroy data?
Crypto Shredding
What is Crypto Shredding?
Encrypting data for disposal is called Crypto-shredding or digital shredding. *Keys required to read the data are deliberately destroyed.
