Home > Quiz: Building an identity and access management architecture
Identity and Access Management Security School:
EMAIL THIS

Quiz: Building an identity and access management architecture

04 Mar 2009 | SearchMidmarketSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

SearchSecurity.com Security School
This article is part of the Identity and Access Management Security School lesson on building an IAM architecture. Visit the Building an identity and access management architecture lesson page for more learning resources.

1. There are two models of identity management systems. Which of the following describes a master model?

  1. The ID management system allows managed systems to be the authoritative source.
  2. The ID management system is authoritative and can overwrite data in managed systems.
  3. None of the above.

2. Which of the following is a problem associated with developers creating authentication models for the Web applications they develop?

  1. Different developers create different access role and access control models, leading to user confusion and attendant security problems.
  2. Multiple implementations of authorization code lead to more bugs, also leading to security vulnerabilities.
  3. When each application is responsible for its own security components, it can be almost impossible to manage the roles and access controls across the many applications in the enterprise.
  4. All of the above.

3. Which of the following is true of federated identity management systems?

  1. They simplify reporting and avoid the problem of out-of-band modifications.
  2. They duplicate a lot of data and can be slow.
  3. They require access to the managed systems for reporting.
  4. They are more difficult to integrate than master ID management systems.

4. While identity management and access control are usually paired together, they perform different functions. Which of the following describes access control products?

  1. They provide rich mechanisms to manage groups, roles and privileges but tend to focus on controlling access only to resources that can be addressed by a URL.
  2. They help companies design and carry out approval workflow, automate administrative tasks and consolidate much of the reporting that regulations require.

5. Which of the following features is sometimes missing in an identity management product?

  1. Support for multiple authentication providers
  2. Flexible workflow and approval mechanisms
  3. Support for loose integration/manual intervention
  4. Strong security design

If you got two or more wrong, revisit these materials in the Building an identity and access management architecture lesson:

  • Video: Demystifying identity management
  • Tip: From the gateway to the application: Effective access control strategies
  • Podcast: Five key challenges in managing identities

    •

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    How to build an identity and access management architecture
    Demystifying identity management
    Five key challenges in managing identities
    From the gateway to the application: Effective access control strategies

    Microsoft identity and access management
    Understand the pros and cons of Microsoft Windows 7 DirectAccess
    Microsoft SharePoint security hinges on authorization, external user management
    Poor Microsoft SharePoint security permissions policies can derail deployments
    How to use Kerberos and Credential manager for Windows single sign-on
    Three ways to prioritize endpoint security over perimeter defenses
    Microsoft Windows RMS enables granular access control over sensitive data
    Microsoft Stirling Beta 2 release includes Exchange SaaS offering
    Demystifying identity management
    Five key challenges in managing identities
    From the gateway to the application: Effective access control strategies

    Writing and enforcing security policies
    Five things to do before your first PCI DSS compliance audit
    Acceptable use policy for Internet usage helps data protection efforts
    Midmarket security managers must push risk acceptance to the business
    Demystifying identity management
    Handling the politics of network access control policies
    Questions to ask when choosing your managed security service provider
    Consider a compliance-driven security framework
    From the gateway to the application: Effective access control strategies
    How should a company's security program define roles and responsibilities?
    What controls can compensate when segregation of duties isn't economically feasible?

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary


    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts