MFA
What does MFA Stand For?
Multi-Factor Authentication
Two factor or Three factor Authentication is a log in authentication to log into users accounts
What does AD FS stand for
Active Directory Federation Services
AD FS has seamless access to multiple Applications without repeated Logins.
What phrase does Zero Trust teach?
Never Trust, Always Verify
Zero trust assumes that each request needs to be verify as its from an unsecured network.
What does PAM stand for?
Privileged Access Management
PAM helps to right size user accounts security.
Name a Pro and Con of MFA?
Pros: Extra Security, Reduce Account takeovers, Protections against Password based threats
Helps Users secure accounts from threats.
Cons: External Factors, Lock out without device, User Complexity
Causes an increase of user related Issues related to MFA.
What is the Primary purpose of Active Directory Federation Services
To provide single sign-on access for both Windows and non-Windows applications
What does CBA stand for?
Certificate-based authentication
CBA creates a digital identification and uses it for authentication.
What is the parameter that defines how long a user is added
MemberTimeToLive
When using Add-ADGroupMember this can be useful when only needed to add the person to the group for a limited time frame.
Name one of three ways to use MFA in Active Directory on Window Server?
Active Directory AF , Microsoft Entra, RADIUS
Third party software is also supported in window server.
What is the job of a Federation Server in AD FS?
The Federation Server issues security tokens that enables trusted connections between organizations.
What Certificate does Microsoft Entra use to Authenticate?
X.509 Certificate
Contains two things:
A Public Key
And an Identity (hostname , Organization)
What is Privileged Access Management and why is it important?
PAM consists of principals like Just In Time (making users only have the permissions they require for a specific amount of time) and Just Enough Access (making sure that users only have the permissions they require at that time, and nothing more) to enhance user security in a domain environment.
Name the one of the tokens to log in with MFA?
Physical token: Devices, Security tokens
Invisible Token: Password, Pins
Identity Token: Biometrics
For Authentication it breaks it down into three tokens
something that you have - Physical Token
Something that you know - Invisible Token
Something that you are - Identity Token
Name 1 to 3 of the challenges organizations might face while using AD FS?
High setup and maintenance cost, complex hardware configurations, and lack of security against modern threats
What phrase helps remember authentication methods for Microsoft Entra?
Something you know - Password, Pins
something you have - Device, Security Token
something you are - Biometrics
This is the key understanding of Authentication at the base level.
What is "Just-In-Time" access, and why is it important?
JIT access limits how long users have access to certain tasks, and is important as it lowers the chances of privilege abuse or exploitation.