Identity and Access Management

• What is the name of the room recommended to finish before this one?

Security Principles

• You are granted access to read and send an email. What is the name of this process?

Authorisation

• Which process would require you to enter your username?

Identification

• Although you have write access, you should only make changes if necessary for the task. Which process is required to enforce this policy?

Accountability

Which of the following cannot be used for identification?

1. Email address

2. Mobile number with international code

3. Year of birth

4. Passport number

3

Which of the following cannot be used for identification?

1. Landline phone number

2. Street number

3. Health insurance card number

4. Student ID number

2

• When you want to check your email, you enter your username and password. What kind of authentication is your email provider using?

1

• Your bank lets you finish most of your banking operations using its app. You can log in to your banking app by providing a username and a password and then entering the code received via SMS. What kind of authentication is the banking app using?

4

• Your new landline phone system at home allows callers to leave you a message when the call is not picked up. You can call your home number and enter a secret number to listen to recorded messages. What kind of authentication is being used here?

1

• You have just started working at an advanced research centre. You learned that you need to swipe your card and enter a four-digit PIN whenever you want to use the elevator. Under which group does this authentication fall?

4

• The new policy states that the secretary should be able to send an email on the manager’s behalf. What is this policy dictating?

1

• You shared a document with your colleague and gave them view permissions so they could read without making changes. What would ensure that your file won’t be modified?

2

• The hotel management decided that the cleaning staff needed access to all the hotel rooms to do their work. What phase is this decision part of?

1

• What does IdM stand for?

Identity Management

• What does IAM stand for?

Identity and Access Management

• The attacker could authenticate using the user’s response when the authentication protocol required a password encrypted with a shared key. What is the name of the attack?

Replay Attack

• You are sharing a document via a network share and giving edit permission only to the accounting department. What example of access control is this?

2

• You published a post on a social media platform and made it only visible to three out of your two hundred friends. What kind of access control did you use?

1

• What does SSO stand for?

Single Sign-On

• Does SSO simplify MFA use as it needs to be set up once? (Yea/Nay

Yea

• Is it true that SSO can be cumbersome as it requires the user to remember and input different passwords for the various services? (Yea/Nay)

Nay

• Does SSO allow users to access various services after signing in once? (Yea/Nay)

Yea

• Does the user need to create and remember a single password when using SSO? (Yea/Nay)

Yea

• Click on View Site and follow the exercise to get a flag.

{THM_ACCESS_CONTROL}