Identity management
⏱ ~3-min readAceMark GuideWhat this topic is really about
The principle of least privilege limits user access rights to only the absolute minimum necessary to perform their specific job duties, which reduces the potential damage of a compromised account. Granting unlimited access for efficiency (Option C) is incorrect because it vastly increases the organization's attack surface and insider threat risk.
Hashing passwords with a unique salt per user prevents attackers from using precomputed rainbow tables and ensures that identical passwords produce different hash values. Encryption with a static key still requires key protection, and plain‑text storage offers no protection. Base64 encoding is merely an encoding scheme, not a security measure.
See the mechanism
Multi-Factor Authentication (MFA) requires users to provide two or more distinct verification factors to gain access, which significantly enhances security beyond a simple password. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
MFA stands for:
- Identify what the question tests: MFA stands for:.
- Multi-Factor Authentication (MFA) requires users to provide two or more distinct verification factors to gain access, which significantly enhances security beyond a simple password.
- In contrast, Main Firewall Access is a made-up term that does not describe this identity management process.
Traps the examiner sets
- In contrast, 'P@ssw0rd' is weak because it relies on simple, predictable character substitutions of a common dictionary word.
- Granting unlimited access for efficiency (Option C) is incorrect because it vastly increases the organization's attack surface and insider threat risk.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Identity management and see it stick.
Practice more of this topic →