IAM

Question 1

What is Provisioning? / 什么是 Provisioning？

Answer 1

Creating user accounts and giving them access to systems.

创建用户账户并赋予访问权限。

Question 2

What is Deprovisioning? / 什么是 Deprovisioning？

Answer 2

Removing a user’s access when it’s no longer needed.

在用户不再需要权限时撤销其访问。

Question 3

What is Identity Proofing? / 什么是 Identity Proofing？

Answer 3

Verifying a user’s identity before account creation.

在创建账户前验证用户身份。

Question 4

What is Interoperability? / 什么是 Interoperability？

Answer 4

Different systems working together and sharing identity info.

不同系统之间可以协同工作，分享身份信息。

Question 5

What is Attestation? / 什么是 Attestation？

Answer 5

Reviewing and confirming if user access is still appropriate.

定期审查并确认用户权限是否仍然合适。

Question 6

What is a Brute Force Attack? / 什么是 Brute Force 攻击？

Answer 6

Trying every possible password combination until the correct one is found.

尝试所有可能的密码组合，直到猜中为止。

Question 7

What is a Dictionary Attack? / 什么是 Dictionary 攻击？

Answer 7

Using a list of common passwords to try to guess the password.

使用常见密码列表来尝试猜中用户密码。

Question 8

What is Password Spraying? / 什么是 Password Spraying？

Answer 8

Trying a few common passwords across many accounts to avoid lockouts.

用几个常见密码试很多个账号，避免被系统锁定。

Question 9

What is a Hybrid Attack? / 什么是 Hybrid 攻击？

Answer 9

Combining dictionary and brute force methods, like adding numbers or symbols to words.

结合字典和暴力破解的方法，比如在常见密码后加数字或符号。

Question 10

What is SSO (Single Sign-On)? / 什么是 SSO？

Answer 10

One login lets you access multiple apps or services.

一次登录，访问多个应用或服务。

Question 11

What is LDAP used for? / LDAP 是做什么的？

Answer 11

Centralized user directory for authentication and permissions.

用于统一管理用户信息和身份认证的目录服务。

Question 12

What is OAuth? / 什么是 OAuth？

Answer 12

A way to let third-party apps access your data without sharing your password.

允许第三方应用在不暴露密码的情况下访问你的数据。

Question 13

What is SAML used for? / SAML 是做什么的？

Answer 13

Authenticates users through an identity provider and sends login confirmation to apps.

通过身份提供者验证用户，并将登录状态断言发送给应用。

Question 14

What is PAM? / 什么是 PAM？

Answer 14

A system that protects and controls high-level (admin) access to prevent misuse.

用于保护和控制管理员权限，防止误用或攻击的系统。

Question 15

What is Just-in-Time (JIT) Access? / 什么是 Just-in-Time 权限？

Answer 15

Temporary admin access given only when needed for a specific task.

在需要时临时授予管理员权限，用完即撤销。

Question 16

What is Password Vaulting? / 什么是 Password Vaulting？

Answer 16

Storing sensitive credentials in a secure, encrypted vault.

将敏感密码保存在加密的保险库中并控制访问。

Question 17

What is a Temporal Account? / 什么是 Temporal Account？

Answer 17

A short-term user account that is auto-disabled after use.

使用后自动失效的短期临时账户。

Question 18

What is MAC (Mandatory Access Control)? / 什么是 MAC？

Answer 18

System-enforced access using security labels; users can’t change permissions.

系统强制的访问控制，基于安全等级标签，用户不能更改权限。

Question 19

What is DAC (Discretionary Access Control)? / 什么是 DAC？

Answer 19

The owner decides who can access the resource and what actions they can take.

资源拥有者决定谁可以访问资源，以及能做什么操作。

Question 20

What is RBAC (Role-Based Access Control)? / 什么是 RBAC？

Answer 20

Access is based on the user’s job role.

权限是根据用户的职位角色分配的。

Question 21

What is Rule-Based Access Control? / 什么是 Rule-Based？

Answer 21

Access is controlled by system-defined rules or policies.

权限由系统设定的规则控制，与用户角色无关。

Question 22

What is ABAC (Attribute-Based Access Control)? / 什么是 ABAC？

Answer 22

Access is based on multiple attributes like user, resource, time, and location.

权限由多个属性组合判断，如用户身份、资源类型、时间和地点等。