Flashcards
Checking access...
Q1: What are the five pillars of IAM?
Tip
A: 1. Identity lifecycle (provisioning, deprovisioning). 2. Authentication (verify who you are). 3. Authorisation (determine what you can access). 4. Governance (policies, certifications, audits). 5. Privileged access (admin accounts, JIT, credential vaulting).
Q2: What is the difference between authentication and authorisation?
Tip
A: Authentication verifies identity (“who are you?”). Authorisation determines access rights (“what are you allowed to do?”). Authentication happens first; authorisation happens after. Authentication ≠ authorisation.
Q3: What is the principle of least privilege?
Tip
A: Users and systems should have the minimum level of access required to perform their job functions. No more, no less. Violations create unnecessary risk. Least privilege is enforced through RBAC, ABAC, and JIT access.
Q4: What is Zero Standing Privileges (ZSP)?
Tip
A: A security model where no user has permanent privileged access. Privileges are granted just-in-time (JIT) for a specific task duration, then automatically revoked. ZSP eliminates the attack surface of always-on admin accounts.
Q5: What is the difference between RBAC and ABAC?
Tip
A: RBAC (Role-Based Access Control) grants access based on job role — simpler but coarser. ABAC (Attribute-Based Access Control) grants access based on user, resource, and environment attributes — more flexible but more complex. ABAC enables policies like “managers can access employee records during business hours from corporate devices.”
Q6: What is a PAM solution?
Tip
A: Privileged Access Management — a set of tools and processes for securing, managing, and monitoring privileged accounts. Core capabilities: credential vaulting, session recording, JIT access, password rotation, and privileged session isolation.
Q7: What is Segregation of Duties (SoD)?
Tip
A: A control that prevents a single person from performing conflicting tasks that could enable fraud or error. Example: The person who requests a vendor payment should not be the same person who approves it. SoD is enforced through access controls and monitored through certification campaigns.
Q8: What is an access certification campaign?
Tip
A: A periodic review process where managers certify that their team members’ access rights are appropriate. Typical cadence: quarterly for privileged access, annually for standard access. Uncertified access is automatically revoked.
Q9: What was the root cause of the Target 2013 breach from an IAM perspective?
Tip
A: A third-party HVAC vendor had excessive network access (no least privilege for vendors). Attackers compromised the vendor’s credentials, then used that overprivileged access to pivot to Target’s POS systems. Root cause: no vendor IAM controls, no network segmentation, no JIT access.
Q10: What is federation?
Tip
A: Federation enables identity portability across organisations using standards like SAML 2.0, OAuth 2.0, and OpenID Connect. A user authenticates at their home organisation (IdP) and accesses resources at a partner organisation (SP) without creating a separate account. Example: logging into a partner SaaS app with your corporate Microsoft/Google account.