Quiz: Building an identity and access management architecture

Find out how much you've learned about building an identity and access management architecture in Identity and Access Management Security School.

SearchSecurity.com Security School
This article is part of the Identity and Access Management Security School lesson on building an IAM architecture. Visit the Building an identity and access management architecture lesson page for more learning resources.

1. There are two models of identity management systems. Which of the following describes a master model?

  1. The ID management system allows managed systems to be the authoritative source.
  2. The ID management system is authoritative and can overwrite data in managed systems.
  3. None of the above.

2. Which of the following is a problem associated with developers creating authentication models for the Web applications they develop?

  1. Different developers create different access role and access control models, leading to user confusion and attendant security problems.
  2. Multiple implementations of authorization code lead to more bugs, also leading to security vulnerabilities.
  3. When each application is responsible for its own security components, it can be almost impossible to manage the roles and access controls across the many applications in the enterprise.
  4. All of the above.

3. Which of the following is true of federated identity management systems?

  1. They simplify reporting and avoid the problem of out-of-band modifications.
  2. They duplicate a lot of data and can be slow.
  3. They require access to the managed systems for reporting.
  4. They are more difficult to integrate than master ID management systems.

4. While identity management and access control are usually paired together, they perform different functions. Which of the following describes access control products?

  1. They provide rich mechanisms to manage groups, roles and privileges but tend to focus on controlling access only to resources that can be addressed by a URL.
  2. They help companies design and carry out approval workflow, automate administrative tasks and consolidate much of the reporting that regulations require.

5. Which of the following features is sometimes missing in an identity management product?

  1. Support for multiple authentication providers
  2. Flexible workflow and approval mechanisms
  3. Support for loose integration/manual intervention
  4. Strong security design

If you got two or more wrong, revisit these materials in the Building an identity and access management architecture lesson:

  • Video: Demystifying identity management
  • Tip: From the gateway to the application: Effective access control strategies
  • Podcast: Five key challenges in managing identities
  • This was first published in March 2009

    Dig deeper on Microsoft identity and access management

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchSecurity

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    ComputerWeekly

    Close