Identity and Access Management

Correct Answer: Knowledge factor

In the context of authentication, ensuring that users are who they claim to be involves checking something that the user knows, has, or is. This is known as multi-factor authentication. In the case of improving security against phishing, enhancing the 'Knowledge factor', which refers to something the user knows (like a password or a PIN), is often the first step because phishing attacks typically aim to steal these kinds of credentials. By strengthening knowledge factor requirements, such as implementing stronger password policies or the use of security questions, an organization can improve its defenses against phishing attempts. The 'Ownership factor', which involves something the user has (like a token or a smartphone with an authentication app), is also important, but it is not the factor directly associated with the validation of an asserted identity against a known piece of information. The 'Inherence factor' adds another layer of security by using something the user is (such as a fingerprint or iris scan), but again, it is not primarily about the asserted identity against known information. The 'Location factor' typically refers to the user's physical location, which can be used as a part of contextual authentication but does not directly validate a user's identity against a known piece of information.

Correct Answer: Implementing Single Sign-On (SSO)

Single Sign-On (SSO) allows users to access multiple applications with a single set of credentials, reducing the number of passwords and associated fatigue. Frequent password changes, complex requirements, or insecure methods can increase fatigue and pose security risks.

Correct Answer: Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) offers the greatest granularity in assigning privileges, as it is based on individual roles and their associated privileges rather than users or groups. DAC, MAC, and other access control models do not offer the same level of granularity.