✅ 4.6 Given a scenario, implement and maintain identity and access management.

Define Interoperability

Ability of systems to work together

Define Rule-based access control

Access control based on predefined rules

Define Mandatory access control

Access control based on system-enforced rules

Define Attribute-based access control

Access control based on user attributes

Define Discretionary access control

Access control based on user discretion

Define Role-based access control

Access control based on user roles

Define Federation

Allowing users from different systems to access resources

Define Password concepts

Aspects related to passwords

Define Permission assignments and implications

Assigning and understanding the consequences of permissions

Define Something you are

Authentication factor based on biometrics

Define Something you know

Authentication factor based on knowledge

Define Somewhere you are

Authentication factor based on location

Define Something you have

Authentication factor based on possession

Define Passwordless

Authentication methods that do not require passwords

Define Open authorization (OAuth)

Authorization framework for granting access to resources

Define Factors for Multifactor authentication

Categories of authentication factors

Define Provisioning/de-provisioning user accounts

Creating or removing user accounts

Define Just-in-time permissions

Granting temporary access for specific tasks

Define Least privilege

Granting users the minimum privileges necessary

Define Security keys

Hardware devices used for authentication

Define Access controls

Methods used to restrict access to resources

Define Age

Password best practice related to password age

Define Reuse

Password best practice related to password repetition

Define Length

Password best practice related to password size

Define Complexity

Password best practice related to password strength

Define Expiration

Password best practice related to password validity period

Define Hard/soft authentication tokens

Physical or software-based tokens for authentication

Define Attestation

Process of verifying the integrity of a system or component

Define Lightweight Directory Access Protocol (LDAP)

Protocol for accessing and managing directory information

Define Password best practices

Recommended guidelines for creating and managing passwords

Define Time-of-day restrictions

Restricting access based on specific times

Define Password vaulting

Securely storing and managing privileged account passwords

Define Ephemeral credentials

Temporary credentials for privileged access

Define Privileged access management tools

Tools for managing and controlling privileged access

Define Password managers

Tools for securely storing and managing passwords

Define Multifactor authentication

Using multiple factors to verify a user's identity

Define Single sign-on (SSO)

Using one set of credentials to access multiple systems

Define Biometrics

Using unique physical characteristics for authentication

Define Identity proofing

Verifying the identity of a user

Define Security Assertions Markup Language (SAML)

XML-based framework for exchanging authentication and authorization data