close out this module with a little recap of what we learned. We covered. I am terminology, a lot of different terms. I'm not going to reiterate them all. Here. There were also well defined in the C s. A security guidance. You're gonna want to make sure that I have a good understanding of what those are, even though you can use the C s a guidance during the test itself
if you don't really understand what these things mean,
applying those concepts to answer the questions is going to be a very difficult task that we looked at the different standards for I am in the cloud and focused on three particular technologies and walk through an example. There we covered managing identities in the cloud some of the difficulties and
and changes that cloud based management brings and why Federated Identity management is it preferred approach
and actually a more secure approach in the way you're doing things. We looked at the different authentication and credentials and how authentication, user name and password leakage can create real problems. And what are some of the other techniques you want to apply to really strengthen the way you do authentication,
and similarly, we looked at entitlement in access management, reviewing what those concepts jewel things are
and really narrowing in on attribute based access control to create more powerful access management rules that drive your entitlement mapping that you're going to create to control who could do what once they've been authenticated,
as is typical, let's go through some quiz questions.
What is the difference between an identity and a persona? Your identity is your user name. Your persona is a group. You are a member of. Your identity is your user name. Your persona is your identity and all other attributes associated with you in a specific situation.
Your identity is used to authorize you. Your persona is used to authenticate you. Your identity is used to authenticate you. Your persona is used to authorize you.
Think about it 1st 2nd give you little hint Keep in mind personas. Example of personas were father of four functional manager and Lennox admin when we were going through this before. So the answer is gonna be beat. Your identity is your user name, which is your identity, right? That's pretty consistent across all the options we have here,
but your persona
is your identity, and it's in the context of other attributes associated with a specific situation. So in a way, you look at that. Your persona is a group you are a member off while we talked about attributes and static attributes. So group membership really being a static attribute A B is the correct answer here. See,
your identity, it actually is not used to authorize you. Um, very rarely. That would be kind of silly to create authorisation rules that are just bound to a single identity. Usually it's gonna be bound to some sort of on our back or a back whose preferred method of doing that
and your persona is never used to authenticate you.
Authentications. We talked about all the factor authentication passwords that just doesn't really make sense, and d Your identity is used to authenticate you. Well, it's used in the authentication process. I'll give you that your persona is used to authorize you. That is also not something. Persona is just more of, ah, an abstract concept
based on the context of all the different attributes in a particular certain situation.
So going forward, which of the following considered a factor in multi factor authentication, a secret handshake, the color of your eyes, a one time password or d all of the above. So keep in mind,
multi factor something you know, something you have or something you are
and so secret Handshake. Certainly something you know that that secret, right? The color of your eyes is certainly something you are,
Ah, one time password. Whether it's hard, token or soft token, well, that certainly demonstrates something you have. There's there's some way that that one time password is getting to you. So the answer is gonna be d all of the above, and that wraps it up for this domain on identity, entitlement and access management. I know some of the materials were redundant of things we've covered in the past,
but in a lot of ways,
we explored them to the next level of detail in examining how they apply to the cloud and expanding on the nuances of Federated Identity. And so while this isn't intended to be a technical handbook on any particular specific technology, it should give you a good feel for what you need to take into account when managing identities in the cloud
and some of the tactics that are going to make that much more feasible and reasonable.
So you're administrative teams and your end users don't have to manage hundreds of accounts as they go across and use the many, many different cloud services that your company or organization are gonna be employing.