Category Archives: Technology

CISSP PRACTICE QUESTIONS – 20191206

Posted on by
1

Effective CISSP Questions

A new business partner is applying for a VPN account in your company to work remotely. However, the password settings for partners are the same as those for employees. As a security professional, you consider the risk is higher for remote partners than inside workers, and the system administrator should provision password settings at a stricter and fine-grained level. A system administrator created a new account, generated a password randomly, and text him a URL in his mobile phone to activate the account. Which of the following should be considered most in terms of the provisioning process?
A. Identity Assurance Levels (IAL)
B. Authenticator Assurance Levels (AAL)
C. Federation Assurance Levels (FAL)
D. Evaluation Assurance Levels (EAL)

Continue reading

SAML Web Browser SSO (IdP-Initiated)

Posted on by
Reply

SAML Web Browser SSO (IdP-Initiated)

Broadly speaking, there are two scenarios in the Web Browser SSO Profile, IDP-initiated SSO and SP-initiated SSO. This diagram introduces the message flows of the IdP-Initiated SSO.

Assertions

  1. Authentication statements
  2. Attribute statements
  3. Authorization decision statements

Protocols

  1. Authentication Request Protocol
  2. Single Logout Protocol
  3. Assertion Query and Request Protocol
  4. Artifact Resolution Protocol
  5. Name Identifier Management Protocol
  6. Name Identifier Mapping Protocol

Bindings

  1. HTTP Redirect Binding
  2. HTTP POST Binding
  3. HTTP Artifact Binding
  4. SAML SOAP Binding
  5. Reverse SOAP (PAOS) Binding
  6. SAML URI Binding

Profiles

  • Web Browser SSO Profile
  • Enhanced Client and Proxy (ECP) Profile
  • Identity Provider Discovery Profile
  • Single Logout Profile
  • Others

Fine-Grained Password Policy (FGPP)

Posted on by
Reply

image_thumb_4

The fine-grained password policy (FGPP) is specific to Microsoft Active Directory. The password settings in a group policy object (GPO) are applied at the domain level only. If you have multiple organizational units (OU or departments) or groups, you cannot enforce password settings at the OU or group level. That’s why the fine-grained policy comes in. By modifying the Active Directory schema, the AD administrators can apply password settings at a smaller granular level.

References

IDaaS and Shadow IT

Posted on by
Reply

IDaaS

Identity as a Service is described as the authentication infrastructure managed and hosted by a third-part cloud vendor to provide identity and access management services.

  • Cloud-Based and Multitenant Architecture
  • Password Management and Authentication
  • Single Sign-On and Federation
  • Automated Approval Workflows
  • Analytics and Intelligence
  • Configurable IAM Implementation Templates
  • Governance, Risk, and Compliance

Source: What is Identity-As-A-Service? IDaaS Explained

Shadow IT

Shadow IT refers to IT technologies, solutions, services, projects and infrastructure utilized and managed without formal approval and support of internal IT departments. Shadow IT technologies may not align with the organizational requirements and policies pertaining to compliance, security, cost, documentation, SLA, reliability and other key factors that determine the formal support of an IT system by appropriate decision makers in the organization. As such, users of Shadow IT systems bypass the approval and provisioning process and utilize the unauthorized technology without knowledge of their IT department.

Source: An Introduction to Shadow IT

 

CISSP PRACTICE QUESTIONS – 20191203

Posted on by
Reply

Effective CISSP Questions

Which of the following statement about single sign-on (SSO) is not true?
A. SSO enables users to log in once and gain access to resources across systems
B. Multiple user accounts registered across systems can achieve SSO
C. SSO may involve multiple logins across systems
D. SSO is achieved by maintaining only one account trusted across systems for each user

Continue reading