Case Study: Identity and Access Management (IAM) Quiz Answer
In this article i am gone to share Coursera Course: Technical Support Case Studies and Capstone Week 5 Practice Quiz | Case Study: Identity and Access Management (IAM) Quiz Answer with you..
Enroll Link: Technical Support Case Studies and Capstone
Also visit: Case Study: Cloud Networking Using VPCs Quiz Answer
Case Study: Identity and Access Management (IAM) Quiz Answer
Jeff is a tech support team member, logging in for his work day. First, he answers a call from Surya, another employee at the company.
Surya: Hi, Jeff! I have some questions about security and access management.
Jeff: Thanks for calling, Surya – how can I help?
Surya: First of all, I’m wondering about passwords.
Jeff: That’s an important concern. One common way that sites are breached is through weak passwords that are easily guessed or obtained from dictionary orbrute force attacks. The organization’s current policy mandates the need for strong passwords.
Surya: Can you advise me about what constitutes a strong password? Also, are there additional security measures that I can implement?
Question 1)
What option should Jeff suggest to Surya?
- Implement MFA and use the Employee ID as the password since it is unique within the organization.
- Implement MFA and create a strong password with at least 3 factors required (a minimum length of 8 characters, one uppercase character, one lowercase character, and a number or special character).
- Implement MFA and create a strong password with at least 4 factors required (a minimum length of 8 characters, one uppercase character, one lowercase character, a number, and a special character).
- Don’t implement MFA, but create a strong password with at least 4 factors required (a minimum length of 8 characters, one uppercase character, one lowercase character, a number, and a special character).
Surya: Is it possible to disable deletion of our asset information? It contains PII and confidential information, and we don’t want anyone to accidentally delete it.
Jeff: Sure, we can do that.
Question 2)
Which policy action should Jeff suggest?
- GRANT
- REVOKE
- ALLOW
- DENY
Next, Jeff answers a call from Bret.
Bret: Hi, Jeff. I am unable to change my password. I don’t want you to reset my password, though – can you provide me access so I can change it myself?
Jeff: Hello, Bret. Hold on for a minute and let me check on that.
Question 3)
What is the MOST effective action for Jeff to take at this point?
- Tell Bret that he cannot provide Bret the access to change his own password.
- Consult the administrator of Bret’s group to check if Bret is allowed to change his own password.
- Check the organization’s policy about allowing employees to change their own passwords.
- Provide Bret the access to change his own password.
Jeff’s next call is from Janelle.
Janelle: Good afternoon, Jeff. I’m a team leader and one of my developers has resigned. How do I ensure that all his future access has been removed so that he can’t log into his account anymore and get to our information?
Jeff: Yes, we need to ensure that he has no further access to his accounts or resources.
Jeff revokes all the user’s permissions, removes all the user’s assigned roles and policies, resets the user’s password, and deprovisions the user’s active resources.
Question 4)
What else should Jeff do to keep the company secure?
- Delete the user’s account and all associated privileges.
- Assign the user’s ID to a new user who has just joined the organization.
- Add a policy to the user that denies all actions on all resources.
- Block all known email addresses for the former employee.
Jeff: Is there anything else I can help you with, Janelle?
Janelle: Actually, yes. I have five developers in my team and they have access to certain services through a group access account. However, I need one (and only one) of these users to also have additional access to a separate service. Can you guide me on how to give this access to that developer?
Jeff: Sure, we can do that. First, log into your account and go to IAM. When you get there, select Users. A list of users created will appear. For the user who needs individual access, click the three dots at the end of the user’s name. You should see the options Manage User and Assign Access.
Janelle:Yes, I see them.
Jeff: Great! Click on Assign Access. You will see a new screen with two options – Access groups and Access Policy. Select Access Policy.
Question 5)
What are the next series of actions Jeff should tell Janelle to take?
- Select the scope of the access and select the role you want to assign the user, then click Review, then click Add.
- For Service, select Databases for MySQL, then click Next. Select the scope of the access and select the role that you want to assign the user. Then click Review, and then click Add.
- For Service, select Databases for MySQL, then click Next, then click Review, then click Add.
- For Service, select Databases for MySQL, then click Next. Select the user again, and then select their department. Select the scope of the access and select the role you want to assign the user. Then click Review, and then click Add.
Janelle: Yes, I selected the options you mentioned and clicked the Add button.
Jeff: Wonderful. Now, all you need to do is to click the Assign button. You should see a successfully assigned message. Also, under the Access Policies section, you should be able to see the new policy assigned to the user.
Janelle: Yes, I see it.
Jeff: Congratulations! You have successfully granted access to your developer. Is there anything else I can help you with?
Janelle: Thank you very much for your guidance and support. I have no other issues. Have a nice day!
Jeff: Thanks. You have a great day too!