Identity and Access Manag

Quiz: Building an identity and access management architecture

SearchSecurity.com Security School
This article is part of the Identity and Access Management Security School lesson on building an IAM architecture. Visit the Building an identity and access management architecture lesson page for more learning resources.

1. There are two models of identity management systems. Which of the following describes a master model?

  1. The ID management system allows managed systems to be the authoritative source.
  2. The ID management system is authoritative and can overwrite data in managed systems.
  3. None of the above.

2. Which of the following is a problem associated with developers creating authentication models for the Web applications they develop?

  1. Different developers create different access role and access control models, leading to user confusion and attendant security problems.
  2. Multiple implementations of authorization code lead to more bugs, also leading to security vulnerabilities.
  3. When each application is responsible for its own security components, it can be almost impossible to manage the roles and access controls across the many applications in the enterprise.
  4. All of the above.

3. Which of the following is true of federated identity management systems?

  1. They simplify reporting and avoid the problem of out-of-band modifications.
  2. They duplicate a lot of data and can be slow.
  3. They require access to the managed systems for reporting.
  4. They are more difficult to integrate than master ID management systems.

4. While identity management and access control are usually paired together, they perform different functions. Which of the following describes access control products?

  1. They provide rich mechanisms to manage groups, roles and privileges but tend to focus on controlling access only to resources that can be addressed by a URL.
  2. They help companies design and carry out approval workflow, automate administrative tasks and consolidate much of the reporting that regulations require.

5. Which of the following features is sometimes missing in an identity management product?

  1. Support for multiple authentication providers
  2. Flexible workflow and approval mechanisms
  3. Support for loose integration/manual intervention
  4. Strong security design

If you got two or more wrong, revisit these materials in the Building an identity and access management architecture lesson:

  • Video: Demystifying identity management
  • Tip: From the gateway to the application: Effective access control strategies
  • Podcast: Five key challenges in managing identities

  • This was first published in March 2009

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: