Day 1: Identity & Access Management

Question 1

What are the 5 factors of authentication?

Answer 1

Something you know, have, are, do, and somewhere you are.

Question 2

What is MFA and why is it important?

Answer 2

Multifactor authentication uses two or more different types of authentication factors to increase security.

Question 3

What does SSO allow?

Answer 3

A single login that grants access to multiple systems or services.

Question 4

What protocol is commonly used in federated identity?

Answer 4

SAML or OAuth.

Question 5

How is OAuth different from OpenID Connect?

Answer 5

OAuth handles authorization, OpenID Connect adds authentication on top of OAuth.

Question 6

What is the difference between LDAP and RADIUS?

Answer 6

LDAP is used for directory services, RADIUS is used for centralized AAA services.

Question 7

What is a key difference between RADIUS and TACACS+?

Answer 7

TACACS+ encrypts the entire packet and separates authentication and authorization; RADIUS only encrypts the password.

Question 8

Compare RBAC and ABAC.

Answer 8

RBAC assigns permissions to roles, while ABAC evaluates attributes like time, location, and device.

Question 9

Multifactor Authentication Methods:

Answer 9

Something you know – password, PIN

Something you have – smart card, security token

Something you are – fingerprint, retina scan (biometrics)

Something you do – typing rhythm, behavior patterns

Somewhere you are – GPS, IP address, location-based

Question 10

Centralized Identity Services:

Answer 10

LDAP (Lightweight Directory Access Protocol): Manages user directory info

RADIUS (Remote Authentication Dial-In User Service): AAA over networks, encrypts only passwords

TACACS+ (Terminal Access Controller Access-Control System Plus): Cisco AAA, encrypts entire packet

Question 11

Policy-Based Access Controls:

Answer 11

RBAC (Role-Based Access Control): Access based on user role (e.g., Admin, HR)

ABAC (Attribute-Based Access Control): Uses attributes like department, device, time to determine access

Rule-Based: If/then conditions for system operations

Question 12

Authentication Factors:

Answer 12

Something you know (password), have (token), are (biometric), do (behavioral), or somewhere you are (location)

Question 13

MFA (Multifactor Authentication):

Answer 13

Combines two or more factors to verify identity (e.g., password + fingerprint)

Question 14

SSO (Single Sign-On):

Answer 14

Log in once to access multiple systems (e.g., corporate suite)

Question 15

Federated Identity:

Answer 15

Allows users from one domain to access resources in another via SAML (Security Assertion Markup Language) or OAuth (Open Authorization)

Question 16

SAML (Security Assertion Markup Language):

Answer 16

XML-based, used for enterprise SSO between identity providers and service providers

Question 17

OAuth (Open Authorization):

Answer 17

Authorization protocol (often paired with OpenID Connect for authentication)

Question 18

LDAP (Lightweight Directory Access Protocol):

Answer 18

Used for centralized user directory services

Question 19

RADIUS (Remote Authentication Dial-In User Service):

Answer 19

Centralized AAA (Authentication, Authorization, Accounting), encrypts only password

Question 20

TACACS+ (Terminal Access Controller Access-Control System Plus):

Answer 20

Cisco proprietary AAA, encrypts entire packet, separates authentication and authorization

Question 21

RBAC (Role-Based Access Control):

Answer 21

Permissions assigned to roles, then to users

Question 22

ABAC (Attribute-Based Access Control):

Answer 22

Uses policies that evaluate attributes (e.g., time of access, user role)