SE Identity and Access Management

Question 1

Which access control model grants permissions based on a user's role within an organization?

Accepted Answer

Role-Based Access Control (RBAC)

Answer

Discretionary Access Control (DAC)

Answer

Mandatory Access Control (MAC)

Answer

Attribute-Based Access Control (ABAC)

Question 2

What is the principle of least privilege?

Accepted Answer

Users should have only the minimum access required to perform their job

Answer

Users receive all permissions by default

Answer

Admins should not require passwords

Answer

All data is publicly readable

Question 3

Which authentication factor category does a hardware security key (e.g., YubiKey) belong to?

Accepted Answer

Something you have

Answer

Something you know

Answer

Something you are

Answer

Somewhere you are

Question 4

What is the primary security purpose of multi-factor authentication (MFA)?

Accepted Answer

Require attackers to compromise multiple independent factors to gain access

Answer

Speed up login

Answer

Eliminate the need for passwords

Answer

Encrypt user sessions

Question 5

Which protocol is commonly used to centralize authentication and authorization for network devices and VPNs?

Accepted Answer

RADIUS

Answer

LDAP

Answer

SAML

Answer

OAuth 2.0

Question 6

What is privilege creep, and why is it a security concern?

Accepted Answer

The gradual accumulation of excessive access rights over time, beyond what a role requires

Answer

A bug that crashes privilege management systems

Answer

A brute-force attack on privileged accounts

Answer

Unauthorized privilege escalation via malware