Chapter 5 ■ dentity and Access Management (Domain 5)I 117
- In a Kerberos environment, when a user needs to access a network resource, what is sent
to the TGS?
A. A TGT
B. An AS
C. The SS
D. A session key - Which objects and subjects have a label in a MAC model?
A. Objects and subjects that are classified as Confidential, Secret, or Top Secret have a
label.
B. All objects have a label, and all subjects have a compartment.
C. All objects and subjects have a label.
D. All subjects have a label and all objects have a compartment.
Chris is the identity architect for a growing e-commerce website that wants to lever-
age social identity. To do this, he and his team intend to allow users to use their existing
Google accounts as their primary accounts when using the e-commerce site. This means
that when a new user initially connects to the e-commerce platform, they are given the
choice between using their Google account using OAuth 2.0 or creating a new account on
the platform using their own email address and a password of their choice.
Use this information and the following diagram of an example authentication flow to
answer questions 66–68.
E-commerce
Application Servers
- Anti-forgery
token created - User login and
consent to data
release - Token confirmed and
authorization code sent - Exchange code for
access and ID token
Client
- Token
response - Call Google API
using token
Google Servers