CDL - Identity

Question 1

What is a directory service?

Answer 1

A DS maps the names of network resources to their network addresses

Question 2

What is Cloud Identity?

Answer 2

A Identity as a Service (IDaaS) that centrally manages users and group within a SINGLE PANE OF GLASS

Question 3

What features constitute Cloud Identity?

Answer 3

• User lifecycle management
• SSO
• Device management
• Cloud Directory
• Account security

Question 4

IS Google Cloud Directory Sync a sub-service of Cloud Identity?

Answer 4

Yes

Question 5

What is Active Directory?

Answer 5

A service that allows orgs to manage multiple on-prem infra components and systems using a SINGLE identity per user.

Question 6

What is AD Domain Services (ADDS)?

Answer 6

A Microsoft server based directory service that stores and managers information about a network resources. Facilitates resource access and management

Note: AD services consist of multiple directory services.

Question 7

What is Managed Service for Microsoft AD?

Answer 7

It is an AD hostd on the GCP platform.

Question 8

If you have Managed Service for Micro Active Directory why and how would you use Cloud Identity?

Answer 8

1) MicroAD may have features that Cloud Identity does not

2) Via federation

Question 9

What are key benefits of Managed Service for Micro AD?

Answer 9

1) Maintenance free

2) Seamless multi-region deployment

3) Hybrid identity support

4) Compatibility with AD-dependent apps

Question 11

How does a Directory Service work?

Answer 11

It works as a shared information infrastructure for locating, managing, administering, and organizing resources.

Analogy - A magical map that locates all your toys and friends (resources & users)

Question 12

What is a Identity Provide (IdP)?

Answer 12

A service that creates, maintains, and manages identity information to provide authentication to services/applications within a federation or distributed network.

Eg: FB, Amzn, Google, Twitter.

Question 13

What are objects in a Directory Service?

Answer 13

Objects are resources.

Question 14

What are examples of resources on a directory service?

Answer 14

Users
Goups
Devises
Folders / files
Printers

Question 15

Is a directory service a critical component of a network operating system?

Answer 15

Yes

Question 16

What is Single-sign-on (SSO)? What ia a key benefit?

Answer 16

Seamless

Question 17

What is Lightweight Directory Access Protocol?

Answer 17

Hey protocol for accessing in managing directory information resources

Question 18

Why use LDAP when SSO is more convenient?

Question 19

What is Google Cloud Directory Sync (Exam)?

Question 20

What is a Directory Server?

Answer 20

It is a server which provides a directory service

Question 21

What are well known Directory Services ?

Answer 21

DNS - for the internet

MicoAD

OpenLDAP

Cloud Identity

Question 22

Can Cloud Identity federate identities between different ADs?

Answer 22

Yes

Between GCP, AD, Azure AD, etc.

Question 23

How does Cloud Identity work?

Answer 23

A zero trust service that Allows you to manage access and compliance across all users within your domain

AND

allows you to create a CI account for each of your users/groups.

IAM is used to manage access between GCP resources and cloud identity acounts.

Question 24

What deployment principles are characteristic by ADs?

Answer 24

They are redundant and placed as close to end users to reduce latency

Question 25

What are the various DS that comprise Active Directory?

Answer 25

AD Lightweight Directory Services (ADLDS) AD Federation Services (ADFS)

Question 26

What is a federated service?

Answer 26

A SSO service allows users to use several web-based services using only ONE set of credentials stored at a central location.

Question 27

What is AD Lightweight Directory Services (ADLDS)?

Answer 27

An implementation of LDAP protocol

Question 28

What elements comprise a Active Directory?

Answer 28

Org units Domains -- a network area organized by a single authentication DB Domain Controller Domain Computer Objects

Question 29

What are objects ?

Answer 29

The basic element in a AD -- users, groups, printers, devices, folders, etc

Question 30

What is a Domain Computer

Answer 30

A computer registered with a CENTRAL authentication DB It is also a object

Question 31

What is an AD domain?

Answer 31

A logical grouping of AD objects on a network

Question 32

What is a Directory Service?

Answer 32

An example of ADDS -- it provides methods for data storage and making the data available to network users and admins Runs on a Domain Controller

Question 33

What is a federated identity?

Answer 33

A method of linking a user's identity across multiple identity management systems

Question 34

What is OpenID?

Answer 34

OpenID is about providing who you are, and it is a open and decentralized authentication protocol. Use case: Logging into diff social media accounts via Google or FB

Question 35

What is OAuth2.0

Answer 35

OAuth is about granting access to functionality. Its a protocol that uses authorization tokens to prove identity between users and service providers. Does not use PW data

Question 36

What is SAML?Use case?

Answer 36

Security Assertion Markup Language An open standard for exchanging authentication & authorization between IdP and service providers. Use case: SSO via web browserSSO

Question 37

What is SSO?

Answer 37

Single sign on. An authentication scheme that allows users to log in with a SINGLE ID & password to different systems and software.

Question 38

Key benefit of SSO?

Answer 38

seamless

Question 39

What is a typical SSO diagram look like?

Answer 39

Azure AD --> SAML --> SS0 --> Services (slack, GWS, etc.)

Question 40

What is Light weight Directory Access Protocol (LDAP)?

Answer 40

A protocol for accessing and maintaining distributed directory information services On-prem AD --> LDAP Directory --> Services (GCP, GKE)

Question 41

How do LDAPs work?

Answer 41

Via Same sign -on - The user of a single ID + PW, but unlike SSO, you have to reuse them every time a user logs on.

Question 42

Common LDAP use case?

Answer 42

To provide a central place to store usernames and pws

Question 43

What is Google Cloud Directory Sync (exam)?

Answer 43

A synchronization service that allows admins to sync users, groups, and other data between AD/LDAP to their Managed Service for MicoAD within Google.