Exam SY0-601 topic 1 question 414 discussion

A privileged access management system would meet the requirements. A privileged access management (PAM) system is a security solution that provides centralized control over the use of privileged accounts. It allows organizations to manage and monitor the use of privileged accounts, including administrator/root credentials and service accounts. PAM solutions typically include features such as check-in/checkout of credentials, the ability to use but not know the password, automated password changes, and logging of access to credentials. OAuth 2.0 is an authorization framework that enables third-party applications to obtain limited access to a web service. Secure Enclave is a hardware-based security solution that provides a secure environment for executing code and storing sensitive data on Apple devices. An OpenID Connect authentication system is an authentication protocol that enables users to authenticate with multiple websites using a single set of credentials.

Suggested answer, secure enclave, is wrong on so many levels. It doesn't offer really anything that is asked for. Check-in/checkout of credentials: PAM systems allow administrators to check out credentials for use during a session and then check them back in. This ensures that the use of privileged credentials is monitored and controlled. The ability to use but not know the password: PAM solutions can grant users the necessary privileges or access to systems without exposing the actual credentials. This is often done through session management or by using agents that inject credentials directly into login processes. Automated password changes: PAM systems can automate the rotation of passwords for service accounts and privileged user accounts, thereby ensuring that passwords are changed regularly and without manual intervention. Logging of access to credentials: PAM systems provide detailed logging and auditing capabilities, which record when credentials are accessed, by whom, and for what purpose. This helps in compliance and forensic analysis.

The answer is C: Privileged access management (PAM, sometimes called privileged account management) allows an organization to apply more stringent security controls over accounts with elevated privileges, such as administrator or root-level accounts. Some capabilities of PAM are: -Allow users to access the privileged account without knowing the password -Automatically change privileged account passwords periodically -Limit the time users can use the privileged account -Allow users to check out credentials -Log all access of credentials

PAM solution will cover this requirements

Privileged access management (PAM) is NOT in the SY0-601 Exam Objectives ???

Privileged access management (PAM, sometimes called privileged account management) allows an organization to apply more stringent security controls over accounts with elevated privileges, such as administrator or root-level accounts. PAM implements the concept of just- in-time administration. In other words, administrators don’t have administrative privileges until they need them. When they need them, their account sends a request for the elevated privileges. The underlying PAM system grants the request, typically by adding the account to a group with elevated privileges. After a pre-set time (such as 15 minutes), their account is automatically removed from the group, revoking the privileges. Some capabilities of PAM are: • Allow users to access the privileged account without knowing the password • Automatically change privileged account passwords periodically • Limit the time users can use the privileged account • Allow users to check out credentials • Log all access of credentials" -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson

What TheRoot9 said

Definitely C

-C is correct A privileged access management system would meet the requirements of the organization. A privileged access management (PAM) system provides a centralized solution for managing, securing, and monitoring privileged access to critical systems, applications, and data. It allows administrators to check-in and checkout privileged credentials, automate password changes, enforce strong authentication, and log access to credentials, while providing separation of duties and privileged session monitoring. OAuth 2.0 is an authorization framework for delegating access to resources between applications. Secure Enclave is a hardware-based secure environment for executing code and storing data on iOS devices. OpenID Connect is an authentication protocol built on top of the OAuth 2.0 framework.