WEBVTT

1
00:00:00.000 --> 00:00:01.180
foreign [Music]

2
00:00:21.180 --> 00:00:24.480
good evening everyone and welcome I'm Dr Mann we

3
00:00:24.480 --> 00:00:30.120
are going to be reviewing some
Security Plus exam questions

4
00:00:30.960 --> 00:00:40.800
tonight's topic is authentication controls
Parts one and two let's get started with AAA

5
00:00:43.620 --> 00:00:50.100
what does AAA refer to when concerning
enforcing security policies take a

6
00:00:50.100 --> 00:00:55.020
moment look over the answers and
let's see what you're thinking

7
00:01:00.540 --> 00:01:02.340
I think this one's fairly easy

8
00:01:04.440 --> 00:01:07.020
you can put your responses in the chat

9
00:01:12.900 --> 00:01:15.420
okay we've got responses coming in

10
00:01:22.260 --> 00:01:25.260
okay so let's see what people are thinking

11
00:01:27.960 --> 00:01:37.920
okay looks like we have a lot of votes exclusively
folks for B Authentication authorization and

12
00:01:37.920 --> 00:01:47.280
accounting and this is the correct answer the
answers that would be hopefully eliminated fairly

13
00:01:47.280 --> 00:01:54.360
quickly would be C and D access authentication and
accounting access is definitely not part of AAA

14
00:01:56.040 --> 00:02:03.900
and then amelioration that one doesn't fit
either and that leaves questions answers

15
00:02:05.880 --> 00:02:15.540
that leaves responses a and B so my question
to you is why is a not the correct answer

16
00:02:21.240 --> 00:02:26.100
the first pay in the acronym stands
for authentication and not accounting

17
00:02:27.060 --> 00:02:34.380
okay I mean and that's straight up knowledge
yes um what else can you think of order matters

18
00:02:34.380 --> 00:02:40.920
okay so that came in the chat order
matters and it does this is backwards

19
00:02:42.120 --> 00:02:50.700
right first you have to be authenticated
than authorization says what you can do and

20
00:02:50.700 --> 00:02:59.700
then accounting comes after the fact okay all
right very good let's go to the next question

21
00:03:08.040 --> 00:03:21.360
okay back in our back which comparison between
attribute based access control or ABAC ABAC and

22
00:03:21.360 --> 00:03:27.960
role-based access control or our back is a true
statement take a moment look over the responses

23
00:03:33.600 --> 00:03:39.240
Okay so we've got some responses coming in
the chat let's see what people are thinking

24
00:03:42.240 --> 00:03:50.100
okay A and C and A okay and
I'm not sure and that's okay

25
00:03:51.660 --> 00:04:02.760
okay so the correct answer here is C Choice
C attributes based access control is the most

26
00:04:02.760 --> 00:04:12.300
fine-grained type of Access Control where role
based is not as precise and you may recall that um

27
00:04:12.840 --> 00:04:21.240
role base of course allows access to resources
and privileges um however a role is like a

28
00:04:21.240 --> 00:04:34.320
container object and um the object has predefined
privileges in the system so a user going into that

29
00:04:34.320 --> 00:04:44.940
role also receives those privileges or Access
Control permissions now a b a c configuration

30
00:04:44.940 --> 00:04:50.100
covers more broad access controls and that's
just not true that is just not the definition

31
00:04:51.600 --> 00:05:00.420
um uh attributes-based Access Control assigns
attributes or properties to users and resources

32
00:05:00.420 --> 00:05:11.040
and then uses those attributes so for example you
could configure a rule that specifies if the user

33
00:05:11.040 --> 00:05:19.920
has a department attribute of say accounting and
the city attribute of Boston then then perhaps

34
00:05:19.920 --> 00:05:27.540
they can access a file okay this differs from
role-based or even group based in the sense that

35
00:05:27.540 --> 00:05:34.860
role-based and group based only check whether
the user is in a role or a group so that's a

36
00:05:34.860 --> 00:05:46.740
much wider thing than attributes based which is
more fine-grained type of control okay all right

37
00:05:48.600 --> 00:05:54.420
um role-based and attribute based are the
same level of access but they just look

38
00:05:54.420 --> 00:06:01.980
at two different parts and that's not true
so again correct answer here is C attribute

39
00:06:01.980 --> 00:06:08.640
based is the most fine-grained type of Access
Control whereas role-based is not as precise

40
00:06:09.960 --> 00:06:15.360
okay let's move on to the next question

41
00:06:17.880 --> 00:06:26.340
account policy settings while attempting
to log into your account a message pops

42
00:06:26.340 --> 00:06:32.340
up telling you that your password is about to
expire and you need to create a new one soon

43
00:06:33.420 --> 00:06:39.960
after clicking the prompt to change your current
password you attempt to enter a password you

44
00:06:39.960 --> 00:06:47.940
have previously used before which user password
setting would be the reason that another message

45
00:06:47.940 --> 00:06:55.080
pops up saying that the password you entered
does not meet the password policy requirements

46
00:06:56.340 --> 00:06:58.440
okay take a look at the responses

47
00:07:01.920 --> 00:07:04.020
and put your responses in your chat

48
00:07:09.720 --> 00:07:13.320
okay we have several responses coming into chat

49
00:07:17.580 --> 00:07:26.700
and their votes or Choice C password history
and this is correct maximum password age

50
00:07:26.700 --> 00:07:32.940
policy determines the period of time and days
that a password can be used before the system

51
00:07:32.940 --> 00:07:41.580
requires the user to change it account lockout
not the correct answer nor is password complexity

52
00:07:42.420 --> 00:07:49.260
okay those are kind of obvious very good
and let's go on to the next question

53
00:07:56.280 --> 00:08:07.200
okay authentication title when a user is logging
onto a service via their desktop computer they

54
00:08:07.200 --> 00:08:14.400
have the options to choose between being sent to
push notification or getting a phone call after

55
00:08:14.400 --> 00:08:21.360
entering their username and password what
type of authentication is being used okay

56
00:08:27.300 --> 00:08:30.720
Okay so we've got some
responses coming in the chat

57
00:08:32.880 --> 00:08:50.100
let's see what's on your mind okay so a b okay B
but not sure okay all right so a p k i is public

58
00:08:50.100 --> 00:08:57.300
key infrastructure which is a system for creating
storing and distribution of digital certificates

59
00:08:59.040 --> 00:09:01.200
um that really does not apply here

60
00:09:02.280 --> 00:09:10.320
and that leaves us with out-of-band authentication
digital signature and Mac and seems the rest of

61
00:09:10.320 --> 00:09:18.960
the responses were for being and that is
correct B is the correct choice okay so

62
00:09:21.540 --> 00:09:29.700
when you put in your password your username
and your password you are on a system

63
00:09:31.260 --> 00:09:41.460
but when you get a push notification or even a
phone call we call that out of band authentication

64
00:09:41.460 --> 00:09:50.700
because it is going to another device that is not
in the data path so to speak of the same system

65
00:09:50.700 --> 00:09:57.540
that you entered your username and password on
okay so we call it out of band Authentication

66
00:09:58.860 --> 00:10:07.020
um this description does not align with the
response digital signature nor does it align with

67
00:10:07.020 --> 00:10:14.400
the response mandatory Access Control so again
the correct answer out of band Authentication

68
00:10:17.160 --> 00:10:17.700
okay

69
00:10:24.000 --> 00:10:25.920
okay next question

70
00:10:30.660 --> 00:10:32.340
conditional access

71
00:10:34.680 --> 00:10:41.460
which of the following is the best
example of conditional Access Control

72
00:10:41.460 --> 00:10:46.140
take a moment and review the responses
and then put your response in the chat

73
00:10:50.820 --> 00:10:53.880
Okay so we've got some responses coming in

74
00:10:57.360 --> 00:10:58.800
let's see what you're thinking

75
00:11:01.380 --> 00:11:09.060
okay you have a choice for d a vote
for D and several votes that could be

76
00:11:10.200 --> 00:11:18.180
answer B okay a user is given access to a
certain level of sensitive files based on the

77
00:11:18.180 --> 00:11:23.280
project they have been assigned to and this
is in fact an example of conditional access

78
00:11:24.120 --> 00:11:31.200
take a look at the first response a government
employee is only allowed to access information

79
00:11:31.200 --> 00:11:37.260
that their security clearance allows
them to access what is that an example of

80
00:11:44.100 --> 00:11:52.980
role-based access say again please on
role base access role-based yes okay um

81
00:11:55.380 --> 00:12:00.060
could be but the wider access

82
00:12:06.120 --> 00:12:12.360
in the resources for this exam and notably I
believe the book that you're going to be getting

83
00:12:13.320 --> 00:12:22.680
the um they make a point of stating that
Mac involves employees gaining access to

84
00:12:22.680 --> 00:12:30.720
resources based on their clearance level and
the data classification of the resource and

85
00:12:30.720 --> 00:12:39.000
they have to match up so the response a
would be more correctly described as Mac

86
00:12:41.160 --> 00:12:45.240
um what about seed an individual who created

87
00:12:45.240 --> 00:12:48.120
a document gives access to
their friend for peer review

88
00:12:52.200 --> 00:12:53.400
what does that sound like

89
00:13:00.480 --> 00:13:00.980
okay

90
00:13:04.680 --> 00:13:07.380
temporary access okay

91
00:13:10.380 --> 00:13:17.640
in terms of the main types of
controls what do you think it would be

92
00:13:27.660 --> 00:13:36.900
direct access control okay so it is discretionary
accessible discretionary yes absolutely and this

93
00:13:36.900 --> 00:13:46.260
is the definition um because the access is
determined by the owner of the resource and it

94
00:13:46.260 --> 00:13:53.220
says an individual who created a document that's
the owner okay and the owner of the resource can

95
00:13:53.220 --> 00:14:00.000
decide who gets access and who does not get access
and then of course what kind of access they get

96
00:14:00.960 --> 00:14:06.000
all right and then take a look at the
last response a subject's account approval

97
00:14:06.600 --> 00:14:10.200
is evaluated based on your
current operating system

98
00:14:12.420 --> 00:14:13.380
what do you think there

99
00:14:27.960 --> 00:14:35.280
okay so these examples and associated
with Access Control can be a little tricky

100
00:14:36.600 --> 00:14:45.120
um so this sounds very much um
again like mandatory Access Control

101
00:14:46.740 --> 00:14:54.000
um and in this type of environment a
Mac and environment okay so access to

102
00:14:54.000 --> 00:15:02.640
research resource objects is controlled by the
settings defined by say a system administrator

103
00:15:03.480 --> 00:15:12.120
and so that would mean that access to Resource
objects controlled by the operating system is

104
00:15:12.120 --> 00:15:17.100
going to be based on what the sysadmin
has already configured in the system

105
00:15:19.500 --> 00:15:20.040
okay

106
00:15:22.680 --> 00:15:24.960
let's go ahead on to the next question

107
00:15:30.000 --> 00:15:39.480
describing MFA when signing into an account you
are told to enter a pin and the last four digits

108
00:15:39.480 --> 00:15:47.340
of your Social Security number to be authenticated
does this describe multi-factor Authentication

109
00:15:57.000 --> 00:15:57.500
okay

110
00:16:00.180 --> 00:16:05.160
read over the responses and
put your choice in the chat

111
00:16:10.200 --> 00:16:14.460
okay we have a few responses let's
wait a second and get a few more

112
00:16:18.360 --> 00:16:21.900
okay all right let's see what you're thinking

113
00:16:24.900 --> 00:16:28.980
okay so we have votes for d C

114
00:16:32.700 --> 00:16:39.780
okay all right so the correct
answer here is Choice d

115
00:16:41.460 --> 00:16:47.100
does this describe MFA and the answer is
no because it is not using a combination

116
00:16:47.100 --> 00:16:55.860
of different authentication types okay the
response a yes because it is requiring the

117
00:16:55.860 --> 00:17:03.120
user to present at least two different credentials
doesn't hold up okay that is an incorrect response

118
00:17:05.580 --> 00:17:09.000
you enter a pin and the last four digits of your

119
00:17:09.000 --> 00:17:13.200
Social Security number what
are those both examples of

120
00:17:17.880 --> 00:17:19.020
foreign

121
00:17:22.320 --> 00:17:30.360
something you know that's correct and
so that does not qualify as multi-factor

122
00:17:31.320 --> 00:17:36.960
response B no because it is not requiring the user
to present more than two different credentials

123
00:17:37.680 --> 00:17:43.200
two different credentials is fine as long
as the types are different and can be more

124
00:17:44.700 --> 00:17:51.000
um response C yes because it is adding a
layer of protection to the authentication no

125
00:17:51.720 --> 00:17:59.520
incorrect answer okay very good
let's move on to the next question

126
00:18:04.380 --> 00:18:11.160
directory service which of the
following describes a directory service

127
00:18:12.120 --> 00:18:17.880
take a moment read the responses carefully
and then put your choice in the chat

128
00:18:23.880 --> 00:18:28.620
okay wow great we've got a lot of responses okay

129
00:18:31.920 --> 00:18:34.260
and the majority are for Choice d

130
00:18:35.520 --> 00:18:41.460
a network service that stores all user account
information on a centralized database and

131
00:18:41.460 --> 00:18:48.960
that is the correct choice take a look at
response a a technology service that allows

132
00:18:48.960 --> 00:18:56.100
a user to authenticate once then passes over to
multiple other services what is that describing

133
00:19:08.100 --> 00:19:12.660
okay single layer Authentication

134
00:19:13.680 --> 00:19:23.040
single sign-on SSO right okay um response
B A protocol that can be implemented

135
00:19:23.040 --> 00:19:30.840
as special types of oauth flows with precisely
defined token Fields anybody know what that is

136
00:19:39.660 --> 00:19:46.260
okay so what's being described there
is open ID connect let's take a look

137
00:19:46.260 --> 00:19:54.600
at the chain no clue okay all right yeah so
open ID connect and that is the definition

138
00:19:55.980 --> 00:20:06.900
okay and response C a data format service
based on XML that is used to exchange user

139
00:20:06.900 --> 00:20:14.040
information between a client and a service
and this is simply an XML web service

140
00:20:14.700 --> 00:20:22.200
okay so again the correct answer D Choice D and
network service that stores all user account

141
00:20:22.200 --> 00:20:29.340
information on a centralized database very good
all right let's move on to the next question

142
00:20:33.000 --> 00:20:34.440
document workflow

143
00:20:38.400 --> 00:20:42.900
you are helping Implement
a document workflow system

144
00:20:44.100 --> 00:20:51.900
and need each document to be legally traceable
to its creator using your corporate pki system

145
00:20:52.800 --> 00:20:58.740
which of the following solutions
would best provide this form of

146
00:20:58.740 --> 00:21:06.600
non-repudiation at the file level okay
take a moment put your choices in the chat

147
00:21:21.480 --> 00:21:29.100
okay got some choices in there all
right and it looks like most are poor

148
00:21:29.760 --> 00:21:36.900
in fact all of them are for response B document
digital signatures this is the correct response

149
00:21:37.560 --> 00:21:42.720
document encryption does
not provide non-repudiation

150
00:21:43.500 --> 00:21:54.600
okay s mime encryption secure multi-purpose
internet mail extensions okay so this is a

151
00:21:55.920 --> 00:22:02.700
widely accepted and used protocol for sending
it digitally signed and encrypted messages

152
00:22:03.900 --> 00:22:09.240
so not really involved with
non-repudiation at the bile level

153
00:22:09.900 --> 00:22:18.060
and then the last Choice document hashing
is incorrect as well okay why would that be

154
00:22:23.100 --> 00:22:24.660
what is the hash used for

155
00:22:30.120 --> 00:22:37.620
okay so if we do some type of hashing what
we're really trying to do is let's check the

156
00:22:37.620 --> 00:22:42.780
chat we've got some responses in would just
be able to tell if the document has changed

157
00:22:42.780 --> 00:22:52.140
exactly does not prove who it belongs to correct
so what we're doing is trying to ensure that the

158
00:22:52.140 --> 00:23:00.300
original data has been preserved okay all right
that's very good everybody is doing very well

159
00:23:03.420 --> 00:23:08.220
hey let's go on to the next question Dynamic code

160
00:23:11.280 --> 00:23:18.000
after entering your username and password
in the login screen for your cloud account

161
00:23:18.900 --> 00:23:26.520
you click submit and then a special code
that changes every minute is created for

162
00:23:26.520 --> 00:23:33.060
you to authenticate yourself what security
measure is deploying this Dynamic code

163
00:23:40.560 --> 00:23:43.560
okay so we have several responses in the chat

164
00:23:45.960 --> 00:23:47.580
and they are

165
00:23:52.200 --> 00:24:01.680
okay a couple for a three for B so the correct
answer here is Choice feed and that is a

166
00:24:01.680 --> 00:24:09.180
time-based one-time password code generated by an
authentication system this is the correct response

167
00:24:10.020 --> 00:24:18.300
in the First Response TGT this involves Kerberos
authentication and we're talking about ticket

168
00:24:18.300 --> 00:24:25.560
granting tickets so that's user authentication
token issued by the key distribution center

169
00:24:26.220 --> 00:24:32.100
that is used to request access tokens
from the ticket granting service

170
00:24:32.700 --> 00:24:37.140
for specific resources or
systems joined to The Domain

171
00:24:38.220 --> 00:24:47.880
and then response C short message service I think
we all know what that is yeah why is that wrong

172
00:24:52.980 --> 00:24:59.460
I'm sure you send and receive these things all the
time it's not it's not a text message yeah exactly

173
00:25:00.060 --> 00:25:09.720
so SMS involves settings text messages so no and
certificate or authority certificate Authority

174
00:25:09.720 --> 00:25:16.620
a CA is used or responsible for creation and
management of digital certificates in public

175
00:25:16.620 --> 00:25:24.180
key infrastructure so the best answer the one that
is correct here is time-based one-time password

176
00:25:25.920 --> 00:25:30.000
okay all right let's go on to the next

177
00:25:37.920 --> 00:25:43.980
okay geotagging which of the following
is the best example of geotagging

178
00:25:44.640 --> 00:25:48.600
take a moment look at the responses
you put your choice in the chat

179
00:25:59.040 --> 00:26:02.760
like this we have some responses coming in we'll

180
00:26:02.760 --> 00:26:06.000
wait just a few seconds let's see
if we can get some more responses

181
00:26:10.020 --> 00:26:13.080
okay so we have some responses in the chat

182
00:26:15.240 --> 00:26:23.640
and it looks like they are for Choice a
Choice a a user takes a photo that gets

183
00:26:23.640 --> 00:26:27.780
GPS coordinates embedded into
it this is the correct answer

184
00:26:29.580 --> 00:26:37.620
if we look at response B someone can locate
a person's location in real time by tracking

185
00:26:37.620 --> 00:26:44.520
the coordinates of their mobile device so
what does that describe what do we call that

186
00:26:50.820 --> 00:26:56.520
I don't see any responses um
that describes geolocation

187
00:26:58.380 --> 00:27:07.620
Choice C a device that can report its location
very accurately while Outdoors what is that

188
00:27:09.720 --> 00:27:10.980
what does that describe

189
00:27:16.080 --> 00:27:24.420
okay everybody some responses yeah GPS
that's correct global positioning system

190
00:27:25.680 --> 00:27:34.380
and in the last response a storefront can send
push notifications when you are driving past it

191
00:27:36.420 --> 00:27:40.440
what do we call that what is that an example of

192
00:27:45.840 --> 00:27:56.820
a response in the chat NFC definitely
involves NFC or can involve NFC yes

193
00:27:59.760 --> 00:28:01.980
and RFID yeah

194
00:28:08.760 --> 00:28:11.280
and so it's one of those Geo names

195
00:28:14.100 --> 00:28:15.660
anybody want to take a guess

196
00:28:27.480 --> 00:28:37.740
Okay so Choice D is referring to geofencing
and it's a location-based service and as you've

197
00:28:37.740 --> 00:28:49.560
mentioned yes it can use GPS Wi-Fi cellular RFID
to create a boundary around a real geographic area

198
00:28:50.160 --> 00:28:59.760
and then when somebody enters or exits
this boundary okay it can trigger an

199
00:28:59.760 --> 00:29:07.020
event such as a push notification
okay let's go to the next question

200
00:29:14.700 --> 00:29:20.700
ivp what does an identity provider
do in a better rated Network

201
00:29:21.960 --> 00:29:27.300
okay take a look at the responses
put your choice in the chat

202
00:29:33.840 --> 00:29:36.180
okay we have several responses

203
00:29:38.700 --> 00:29:41.880
and it looks like they're all for Choice C

204
00:29:44.400 --> 00:29:49.020
stores identity information about all
the objects in a particular Network

205
00:29:49.020 --> 00:29:55.560
including users groups servers
client computers and printers hmm

206
00:29:58.260 --> 00:30:06.900
so Choice C is actually referring to
a directory service it's all inclusive

207
00:30:09.000 --> 00:30:16.920
so we're going to obviously eliminate Choice
C that leaves a b and d let's try this again

208
00:30:22.380 --> 00:30:24.960
and we have a few responses in the chat

209
00:30:29.280 --> 00:30:37.440
okay let's see what you're thinking hey and one
vote for deed so the correct answer here is a

210
00:30:38.100 --> 00:30:43.980
an identity provider holds user account
information and performs Authentication

211
00:30:45.840 --> 00:30:53.580
Choice B stores metadata data about when
files were created accessed and modified

212
00:30:55.500 --> 00:31:04.620
okay so this is response B stores metadata about
when files were created accessed and modified

213
00:31:05.460 --> 00:31:16.560
and metadata is created when you basically create
documents or files the information is included now

214
00:31:16.560 --> 00:31:26.040
there are tools that you can use to access and
edit metadata such as metadata plus plus or e x

215
00:31:26.040 --> 00:31:38.700
i f tool okay finally response d securely holds
the key used to encrypt network drive contents

216
00:31:38.700 --> 00:31:44.880
this is describing data encryption
key encrypted hard drives utilize

217
00:31:44.880 --> 00:31:50.580
two encrypted keys on the device to control
the Locking and unlocking of data on a drive

218
00:31:51.360 --> 00:31:56.100
these encryption keys are the data
encryption key and the authentication key

219
00:31:56.760 --> 00:32:04.140
the data encryption key is the key used to
encrypt all of the data on the drive all right

220
00:32:06.660 --> 00:32:08.100
let's go on to the next question

221
00:32:13.620 --> 00:32:16.740
Microsoft active directory domain services

222
00:32:18.060 --> 00:32:24.420
Microsoft active directory domain services
use the blank Authentication Protocol

223
00:32:25.320 --> 00:32:31.500
so this is going to be a straight up
knowledge based question what do you think

224
00:32:36.480 --> 00:32:39.180
you have responses coming in

225
00:32:42.540 --> 00:32:48.780
and looks like everybody is choosing
D Kerberos and that is correct

226
00:32:51.840 --> 00:32:59.940
response a security assertion markup
language XML standard to Designed

227
00:32:59.940 --> 00:33:05.460
or designed to allow systems to exchange
authentication and authorization information

228
00:33:06.720 --> 00:33:14.520
radius remote authentication dial-in user service
networking protocol that provides centralized

229
00:33:14.520 --> 00:33:23.280
authentication authorization and accounting for
what we call AAA management for users who connect

230
00:33:23.280 --> 00:33:33.780
and use a network service and 802.1 X this is
response C common Authentication Protocol that

231
00:33:33.780 --> 00:33:41.760
controls who gains access to a wired or wireless
network by requiring the client to authenticate

232
00:33:41.760 --> 00:33:53.880
against a central authentication database
okay okay all right doing good next question

233
00:33:57.780 --> 00:34:06.840
a multi-factor Authentication which of
the following terms most closely relates

234
00:34:06.840 --> 00:34:14.100
to multi-factor Authentication okay take a
moment and let's see what you're thinking

235
00:34:21.120 --> 00:34:23.880
okay we have several responses in the chat

236
00:34:28.080 --> 00:34:34.560
yeah it looks like everybody's chosen response
a token key and that is the correct response

237
00:34:35.520 --> 00:34:45.120
SSO single sign-on that is not what
we're talking about Pap what is pap

238
00:34:52.920 --> 00:35:00.000
is it password Authentication Protocol
yes it is and what's the problem with pep

239
00:35:07.560 --> 00:35:17.880
it's not necessarily multi-factor and when we
use password Authentication Protocol the big

240
00:35:17.880 --> 00:35:27.000
problem is that information is sent in plain
text so kind of really cool okay and response

241
00:35:27.000 --> 00:35:37.260
D HSM is also incorrect HSM is a Hardware
security module okay so that's not correct

242
00:35:39.240 --> 00:35:46.320
what is the difference between HSM and TPM

243
00:35:58.560 --> 00:36:01.080
okay so what is a TPM

244
00:36:04.080 --> 00:36:05.640
okay we have a response

245
00:36:07.740 --> 00:36:19.080
trusted platform module okay great so TPMS
are typically chips included in the laptop

246
00:36:19.980 --> 00:36:25.260
and they can you know work to
provide full disk encryption

247
00:36:26.820 --> 00:36:35.100
um a Hardware security module is
either removable or an external device

248
00:36:35.820 --> 00:36:45.000
that can generate store and manage RSA Keys okay
so I guess the noteworthy difference between the

249
00:36:45.000 --> 00:36:55.740
two is that again hsms are removable or external
and TPMS aren't embedded into the device okay

250
00:36:58.080 --> 00:37:00.720
I don't know let's go on to the next question

251
00:37:08.700 --> 00:37:18.060
on premises to Cloud companies are starting
to shift from using on-premises authorization

252
00:37:18.060 --> 00:37:25.320
solutions to public cloud provider
authorization Services Solutions

253
00:37:26.160 --> 00:37:33.120
how might the change in processes be depicted take
a moment and carefully read through these choices

254
00:37:34.080 --> 00:37:36.300
and then put your choice in the chat

255
00:37:41.400 --> 00:37:46.620
okay so two for D1 for C and
the correct Choice here is d

256
00:37:47.400 --> 00:37:54.780
many organizations originally used lightweight
directory access protocol Technologies

257
00:37:55.500 --> 00:38:01.320
but are now using some type of federation
technology and that is the correct response

258
00:38:02.100 --> 00:38:10.380
so on-premises authorization refers to a system
where authentication and authorization services

259
00:38:10.380 --> 00:38:17.880
are hosted locally within the organization's
infrastructure cloud-based authorization

260
00:38:17.880 --> 00:38:24.120
services are delivered from the cloud and
do not require as many resources as an

261
00:38:24.120 --> 00:38:33.180
on-premises multi-factor authentication
surface okay all right so response a

262
00:38:33.780 --> 00:38:42.480
not correct response B administration of accounts
and devices change from being decentralized to

263
00:38:42.480 --> 00:38:49.380
centralized not the best answer businesses start
using bold disk encryption with cloud-based

264
00:38:49.380 --> 00:38:55.740
virtual machines instead of on-premises
virtual machines again not the best answer