Domain 12 Knowledge Recap
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> Lets close out this module with
00:01
a little recap of what we learned.
00:01
We covered IAM terminology,
00:01
a lot of different terms.
00:01
I'm not going to reiterate them all here,
00:01
they're well defined in the CSA security guidance,
00:01
you're going to want to make sure that you have
00:01
a good understanding of what those are.
00:01
Even though you can use
00:01
the CSA guidance during the test itself,
00:01
if you don't really understand what these things mean,
00:01
applying those concepts to answer
00:01
the questions is going to be a very difficult task.
00:01
Then we looked at the different standards
00:01
for IAM and the Cloud,
00:01
and focused on three particular technologies
00:01
and walked through an example there.
00:01
We covered managing identities in the Cloud,
00:01
some of the difficulties and changes
00:01
that Cloud-based management brings and why
00:01
federated identity management is
00:01
a preferred approach and
00:01
actually a more secure approach
00:01
in the way you're doing things.
00:01
We looked at the different authentication and
00:01
credentials and how authentication, username,
00:01
and password leakage can create real problems,
00:01
and what are some of
00:01
the other techniques you want to apply to
00:01
really strengthen the way you do authentication.
00:01
Similarly, we looked at
00:01
entitlement and access management,
00:01
reviewing what those conceptual things are,
00:01
and really narrowing in on
00:01
attribute-based access control to
00:01
create more powerful access management rules
00:01
that drive your entitlement mapping that you're going to
00:01
create to control who can do
00:01
what once they've been authenticated.
00:01
As is typical, let's go through some quiz questions.
00:01
What is the difference between an identity and a persona?
00:01
Your identity is your username,
00:01
your persona is a group you are a member of.
00:01
Your identity is your username,
00:01
your persona is your identity and
00:01
all other attributes associated
00:01
with you in a specific situation.
00:01
Your identity is used to authorize you,
00:01
your persona is used to authenticate you.
00:01
Your identity is used to authenticate you,
00:01
your persona is used to authorize you.
00:01
Think about it for a second.
00:01
I'll give you a little hint to keep in
00:01
mind example of persona's were further
00:01
for functional manager and
00:01
Linux admin when we were going through this before.
00:01
The answer is going to be B,
00:01
your identity is your username,
00:01
which is your identity.
00:01
That's pretty consistent across
00:01
all the options we have here.
00:01
But your persona is
00:01
your identity and it's in the context of
00:01
other attributes associated with a specific situation.
00:01
In A, you look at that,
00:01
your persona is a group you are a member of.
00:01
Well, we talked about attributes and static attributes,
00:01
so group membership really being a static attribute.
00:01
B is the correct answer here.
00:01
C your identity actually is not used to authorize you,
00:01
very rarely, that would be silly to create
00:01
authorization rules that are
00:01
just bound to a single identity.
00:01
Usually it's going to be bound to some sort of
00:01
an RBAC or ABAC is preferred method of doing that.
00:01
Your persona is never used to authenticate you.
00:01
Authentications, we've talked
00:01
about multi-factor authentication,
00:01
password, so it just doesn't really make sense.
00:01
D, your identity is used to authenticate you,
00:01
well, it's used in the authentication process,
00:01
so I'll give you that.
00:01
Now your persona is used to authorize you.
00:01
That is also not something.
00:01
Persona is more of an abstract concept
00:01
based on the context of
00:01
all the different attributes in
00:01
a particular certain situation.
00:01
Going forward, which of the following can be considered a
00:01
factor in multi-factor authentication?
00:01
A secret handshake, the color of your eyes,
00:01
a onetime password or D,
00:01
all of the above?
00:01
Keep in mind, multi-factor,
00:01
something you know, something you have,
00:01
or something you are.
00:01
A secret handshake, certainly something
00:01
you know, that secret.
00:01
The color of your eyes is certainly something you are.
00:01
A onetime password, whether it's
00:01
hard token or soft token, well,
00:01
that certainly demonstrates something you have,
00:01
there's some way that that onetime
00:01
password is getting to you.
00:01
The answer is going to be D, all of the above.
00:01
That wraps it up for this domain on
00:01
identity entitlement and access management.
00:01
I know some of the materials were
00:01
redundant of things we've covered in the past,
00:01
but not a lot of ways we explored them
00:01
to the next level of detail in examining
00:01
how they apply to the Cloud and
00:01
expanding on the nuances of federated identity.
00:01
While this isn't intended to be
00:01
a technical handbook on
00:01
any particular specific technology,
00:01
it should give you a good feel for what you need
00:01
to take into account when
00:01
managing identities in the Cloud,
00:01
and some of the tactics that are
00:01
going to make that much more feasible
00:01
and reasonable so your administrative teams and
00:01
your end users don't have to manage hundreds of
00:01
accounts as they go across and use
00:01
the many different Cloud services that
00:01
your company or organization are going to be employing.
Up Next
Similar Content
