Identity Security Questions

A privileged user connects through a controlled gateway rather than directly exposing the target system. Which component best fits?

A database administrator needs elevated access for a one-hour maintenance window, then access should disappear. Which control best fits?

Administrative rights are granted only for an approved task and expire after completion. Which component fits?

An admin receives only the rights needed to restart a service, not database deletion rights. Which principle fits?

A user signs in once and accesses multiple applications with that authentication. Which component fits?

A login requires more than one type of proof before access is granted. Which component fits?

A recipient verifies that data was signed by the holder of a private key. Which component fits?

An entity issues certificates that others rely on for trust. Which component fits?

A CI/CD job needs a token to deploy, but storing it in a repository would expose it. Which control should be used?

A key must be kept secret by its owner to decrypt or create signatures. Which component fits?

A key is shared in a certificate so others can verify signatures or encrypt to the holder. Which component fits?

Separate organizations or domains trust identity assertions between them. Which component fits?

A certificate is trusted because each issuer links back to a trusted root. Which component fits?

An application uses a token to call another service and the value must be protected. Which component fits?

An automated process uses a key pair for secure shell access and the credential must be protected. Which component fits?