Manage Learn to apply best practices and optimize your operations.

Identity and access management final exam

Find out how much you learned in Identity and Access Management Security School and the areas where you need to focus more attention.

1. What two issues does an administrator confront during the account provisioning process?

  1. Ensuring that the process is consistent and as simple as possible
  2. Speeding up the process and making it as consistent as possible
  3. Speeding up the process and making it as simple as possible
  4. Ensuring that the process is consistent and giving the end user as much responsibility for the process as possible

2. What VPN tunneling protocol really consists of three protocols -- AH, ESP and IKE?

  1. L2TP
  2. SSL
  3. IPsec
  4. MPLS

3. Which of the following describes a policy server within an endpoint security solution?

  1. The policy server is generally a RADIUS, Kerberos or 802.1X system.
  2. The policy server is the central point for establishing network access policies.
  3. The policy server is the primary mechanism for the endpoint security workflow.
  4. All of the above.

4. Which of the following includes groups as a schema attribute for individuals and are usually created using an LDAP search URL?

  1. dynamic groups
  2. static groups
  3. None of the above

5. How are organizations addressing the incompatibility of gateway authorization with a large class of applications?

  1. By not using a gateway authorization system at all.
  2. By integrating their application authorization mechanisms with the enterprise identity and access management solution.
  3. By using it only for Web applications.
  4. All of the above.

6. Given the benefits of NAC for regulatory compliance, what would stop you from just implementing it everywhere in your network and getting a leg up on your compliance efforts?

  1. The cost
  2. The maturity of the solutions
  3. It needs to be fully deployed into the network
  4. All of the above

7. Which of the following is critical to avoid establishing VPN tunnels with unauthorized parties?

  1. Authorization
  2. AAA
  3. Availability
  4. Authentication

8. Which of the following defines provisioning?

  1. To distribute
  2. To make available
  3. To assign
  4. To administer

9. Which of the following is the only control mechanism explicitly stated by the FFIEC to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties?

  1. biometrics
  2. single-factor authentication
  3. geo-location
  4. shared secrets (passwords and PINs)

10. Which of the following describes the state of endpoint security?

  1. There are a lot of experts in the field.
  2. Solutions have matured.
  3. Many current solutions are proprietary.
  4. Solutions are straightforward to implement.

11. Which of the following is an example of a good identifier?

  1. Birth certificate
  2. Driver's license
  3. Social Security card
  4. Credit card

12. Where will NAC have the most impact on compliance efforts?

  1. Authentication, Access Control and Remediation
  2. Access Control, Policies and Audit
  3. Authentication, Access Control and Audit
  4. Policies, Authentication and Remediation

13. To defeat ID spoofing of IPsec VPN tunnels, you should require proof of claim using an IKE standard authentication method. Which of the following qualifies as an IKE standard authentication method?

  1. PSK
  2. RSA digital signature
  3. DSS digital signature
  4. All of the above

14. Who is required to comply with the FFIEC's authentication mandate?

  1. All financial institutions
  2. All financial institutions engaging in any form of Internet banking
  3. Credit unions engaging in any form of Internet banking
  4. Online merchants

15. What is the best way to future proof your endpoint security investment?

  1. Implement comprehensive processes before buying any product.
  2. Invest in the current leading product.
  3. Go with your gut instincts.
  4. None of the above. It's impossible to future proof anything in information security.

16. What is an active identity?

  1. A person, a service or a system
  2. One that can act or execute
  3. Users or application services
  4. All of the above

17. According to Mike Rothman, from a network standpoint, compliance can be largely represented by five requirements. Which of the following is one of those requirements?

  1. Availability
  2. Authorization
  3. Authentication
  4. Accounting

18. Which VPN tunneling protocol uses a firewall or an RA concentrator as a gateway?

  1. MPLS
  2. PPTP
  3. IPsec
  4. SSL

19. Gateway-oriented access management systems alleviate the problems associated with having Web application developers create access role and access control models because...

  1. Gateway-oriented access management systems allow organizations to use identities from enterprise directories.
  2. Gateway-oriented access management systems support multiple authentication providers.
  3. Gateway-oriented access management systems allow applications to use groups and roles from enterprise authorization services.
  4. All of the above.

20. Which solution requires a security chip, called a Trusted Platform Module, to protect data at the hardware level?

  1. TNC
  2. NAP
  3. NAC
  4. None of the above.

Check your score

  • 15-20 correct: You passed!
  • Less than 15 correct: Go back to Identity and Access Management Security School and revisit the subjects you need to freshen up on.
  • This was last published in August 2006

    Dig Deeper on Two-factor and multifactor authentication strategies