Identity and Access Management

Authentication

Authorization

IAM Policies

Access Controls

Threats & Attacks

100

MFA stands for

Multi-Factor Authentication

100

RBAC stands for

Role-Based Access Control

100

An IAM policy

A set of rules defining access permissions.

100

What is the difference between DAC and MAC?

DAC allows owners to control access, MAC follows strict rules.

100

What is phishing?

A social engineering attack to steal credentials.

200

What is the most common form of authentication?

Password-based authentication

200

Which principle ensures users have only necessary permissions?

Principle of Least Privilege

200

Which cloud provider uses IAM policies extensively?

AWS, Azure, Google Cloud, etc.

200

What is an access control list (ACL)?

A list defining which users or systems can access a resource.

200

What is a brute force attack?

An attack that tries multiple password combinations.

300

Name a biometric authentication method.

Fingerprint, Face ID, Retina Scan, etc.

300

What is ABAC?

Attribute-Based Access Control

300

What language format are AWS IAM policies written in?

JSON

300

Which access control model is most flexible?

Discretionary Access Control (DAC)

300

What is credential stuffing?

Using leaked credentials from one site to access another.

400

What is the purpose of SSO?

Single Sign-On allows access to multiple services with one login.

400

What is the main difference between RBAC and ABAC?

RBAC assigns permissions based on roles, while ABAC considers attributes.

400

What are the three fundamental components of an IAM policy?

Authentication, Authorization, Administration, and Auditing and Reporting

400

What type of control is a password policy?

Preventative control

400

What does the term 'Zero Trust' mean?

Never trust, always verify; assume breach.

500

What protocol is commonly used for federated authentication?

SAML (Security Assertion Markup Language)

500

Which model uses security labels for access?

Mandatory Access Control (MAC)

500

What happens when a policy explicitly denies access?

Denial takes precedence over allow rules.

500

What access control is used in military systems?

Mandatory Access Control (MAC)

500

What is an insider threat?

A security risk posed by someone within the organization.