Access Management: Introduction and Process Activities by IT Training Zone

About the Lecture

The lecture Access Management: Introduction and Process Activities by IT Training Zone is from the course ITIL® OSA - Operational Support and Analysis . It contains the following chapters:

Lesson Contents
Purpose, Objectives
Policies
AM Process Flow
Exercise – Granting Access
Exercise – Identity
Removal of Access

Included Quiz Questions

Which of the following statements BEST describes Access Management?

The process which grants access to authorised users
The process of authorising access to data
The process which defines security policies
The process which decides what level of authorisation is required before access is granted

Which of the following statements is TRUE?

Access Management is responsible for setting up new users and deleting them when the staff members leave
It is the responsibility of the business to decide what access is appropriate
Neither

Which of the following is Access Management NOT responsible for protecting?

The classification of data
The integrity of data
The confidentiality of data
The availability of data

Which of the following statements is TRUE?

Rights define whether a user can read, write, change or delete data
Privileges defines the level and extent of a service’s functionality that a user is entitled to use
Neither

Which of the following situations would effective Access Management prevent?

Inexperienced staff being wrongly granted high levels of authority
Staff under suspension for suspected abuse of access to systems being able to destroy evidence of their actions
Data being hacked by unknown individuals
Data being incorrectly classified

Which of the following statements about Access Management is CORRECT?

Access Management monitors access for abuses
Access Management decides when access should be revoked
Neither

Which of the following statements is TRUE?

Access Management must be provided with accurate information to enable it to adjust access rights when staff leave or move between departments
Access Management investigates security breaches
Neither

Which of the following is a specific type of tool that is used to manage access and rights?

Directory Services
Directory Access
Active Access
Service Groups

Which of the following basic concepts are included in access management?

Verifying the identity of users requesting access to services
Ensuring access granted keeps in step with users changing roles and responsibilities
Deciding which rights or privileges should be granted to authorised users
Defining security policies for system access

Which of the following statements about Access Management is CORRECT?

Access Management would ensure that 3rd party access to data was in line with security policies
Once Access Management has received the required authorisation and granted access, it has no interest in how the user uses that access
Neither

Which of the following shows the correct order of activities in the Access Management process?

Receiving the request, verification, authorisation, provision, monitoring changing requirements, logging and tracking, removal and restriction of rights
Receiving the request, authorisation, verification, provision, logging and tracking, monitoring changing requirements, removal and restriction of rights
Receiving the request, provision, verification, authorisation, logging and tracking, removal and restriction of rights, monitoring changing requirements
Monitoring changing requirement, receiving the request, provision, logging and tracking, verification, authorisation, removal and restriction of rights

Which of the following statements is NOT a valid access request type?

To allow 2 users to share the same identity
To provide a user with access to data
To change a user’s existing access to data
To remove access to data that a user currently has

Which of the following may authorise an access request?

The user’s line manager
The Human Resources department
The user themselves
The Access Management process owner

Which of the following statements is TRUE?

An access request may be received via the Service Desk
Access requests may be recorded and authorised automatically
Neither

How can a user’s identity be verified?

If the request is made through a secure website, that the user has signed onto using their password
If the user provides correct answers to secret questions such as their mother’s maiden name
If the user satisfies biometric tests
If the user is vouched for by a verified and authorised person
None of them

How can the legitimacy of the request be verified?

If Human Resources confirm the change in role which requires a change in access
If the organisation has a policy allowing access to the particular service on request
If the user’s manager authorises the request
If the request is confirmed by the user’s colleague

Which of the following statements about roles is TRUE?

Defining the appropriate access for specific roles is a technique used by Access Management to simplify and standardise the provision of access
Where there is a “role conflict”, the role providing the greater access should be used
Neither

Which of the following changes should be monitored to assess if access rights may need to be changed?

Promotions
Departmental re-organisations
Suspensions
Resignations
Long service awards

Which of the following actions should be taken if an abuse of access is suspected?

An incident should be raised using a specific incident model, which is not easily visible to users of the incident system
Evidence should be gathered and preserved
Neither

Which of the following statements about Access Management is CORRECT?

Access must ensure that records are kept of who accessed what services, or who attempted and failed to access it
Access Management is responsible for investigating security breaches and taking action to close any loopholes
Neither

Author of lecture Access Management: Introduction and Process Activities

IT Training Zone

Customer reviews

(1)
5,0 of 5 stars

5 Stars		5
4 Stars		0
3 Stars		0
2 Stars		0
1 Star		0