IAM Jeopardy

Basics

Access Models

Passwords

Authentication

MFA

100

Verifying the identity of the person or device attempting to access the system, which includes entering a password or presenting a smart card.

Authentication

100

Security system that allows users to access resources based on their permissions. Uses access control lists (ACLs) to specific company resources.

Discretionary Access Control (DAC)

100

Which is better for passwords? Length or complexity?

Length

100

Basic authentication is simple and involves just ...

username & password

100

The MFA tool used at the University of Denver to allow access to resources.

DUO

200

Allows access to distinct resources post-authentication.

Authorization

200

Security approach that restricts access to users based on roles within the organization.

Role Based Access Control (RBAC)

200

Type 1 authentication is something that you...

KNOW

200

Authentication type that includes fingerprints, retina and iris patterns, voice patterns and faces.

Biometric

200

A system-generated password that is used to authenticate for one session only.

One Time Password

300

Sentence-like string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.

Passphrase

300

Authorization model that evaluates attributes (or characteristics), rather than roles, to determine access.

Attribute-based access control (ABAC)

300

Trial-and-error method to try and crack passwords, submitting multiple requests with the hope of guessing the correct password.

Brute-Forcing

300

Type 3 authentication is something you

ARE

300

Jen Easterly of CISA says that implementation of MFA can reduce risk by what percentage?

99%

400

Enables security professionals to keep track of the accesses that take place on any given resource over time.

Accounting

400

System-controlled access to objects based on the level of clearance assigned to each user. Relies on security labels for resources.

Mandatory Access Control (MAC)

400

Which NIST publication specifies the guidance to use passphrases versus passwords

NIST 800-63

400

With this approach, a user only has to enter their login credentials one time on a single page to access all of their SaaS applications.

Single Sign-On (SSO)

400

Type 2 authentication is something that you....

HAVE