ISC2-CISSP Domain 5: Identity and Access Management (IAM) Welcome to your ISC2-CISSP Domain 5: Identity and Access Management (IAM) 1. CISSP: Identity and Access Management In the context of digital identity verification, which of the following techniques is MOST effective in preventing identity spoofing in a multi-factor authentication system? A. Passwords and PINs B. Security questions C. Biometric authentication D. SMS-based one-time passwords None 2. CISSP: Identity and Access Management When implementing an identity and access management (IAM) system, which of the following is the MOST critical consideration to ensure scalability and flexibility in a rapidly growing organization? A. The use of role-based access control RBAC B. The implementation of single sign-on (SSO) C. The integration capability with existing systems D. The adoption of least privilege principle None 3. CISSP: Identity and Access Management In the deployment of federated identity management, which of the following protocols is MOST critical for enabling secure, cross-domain authentication? A. LDAP B. OAuth C. SAML D. Kerberos None 4. CISSP: Identity and Access Management When assessing the security of an IAM solution, which of the following represents the GREATEST risk to the integrity of the system? A. Lack of regular system audits B. Inadequate password policies C. Insufficient encryption for data at rest D. Failure to implement multi-factor authentication None 5. CISSP: Identity and Access Management In an organization implementing IAM, which of the following would be the MOST effective in preventing unauthorized access through privilege escalation? A. Periodic user access reviews B. Implementing strong password policies C. Enforcing encryption for data transmission D. Deploying antivirus software on all systems None 6. CISSP: Identity and Access Management In the context of IAM, which of the following best ensures that users can only access resources necessary for their job functions? A. Mandatory access control MAC B. Discretionary access control DAC C. Role-based access control RBAC D. Attribute-based access control ABAC None 7. CISSP: Identity and Access Management When evaluating the security of cloud-based IAM services, which of the following is the MOST critical factor to consider for protecting against data breaches? A. The physical security of data centers B. The encryption methods used for data at rest and in transit C. The availability of customer support D. The cost of the service None 8. CISSP: Identity and Access Management In implementing access controls, which of the following is MOST important for ensuring the timely revocation of access rights when an employee leaves the organization? A. Automated provisioning and de-provisioning of access rights B. Manual review of access rights on a monthly basis C. Use of complex passwords D. Regular training on security awareness None 9. CISSP: Identity and Access Management When integrating an IAM system with legacy applications, which of the following presents the GREATEST challenge? A. Ensuring compatibility with existing authentication methods B. Maintaining a user-friendly interface C. Scaling the IAM system for future growth D. Adhering to budget constraints None 10. CISSP: Identity and Access Management For federated identity systems, which of the following standards primarily allows web-based applications to perform cross-domain single sign-on (SSO)? A. LDAP B. OAuth 2.0 C. SAML 2.0 D. XACML None 11. CISSP: Identity and Access Management In an identity-as-a-service (IDaaS) solution, which feature is MOST critical for enabling secure access to cloud applications from any location? A. Local user repositories B. Network firewall integration C. Conditional access policies D. Physical biometric devices None 12. CISSP: Identity and Access Management When implementing a privileged access management (PAM) solution, which of the following is the BEST method to mitigate the risk of privilege abuse? A. Periodic password rotation B. Enforcing session recording and monitoring C. Implementing shared accounts D. Using role-based email addresses None 13. CISSP: Identity and Access Management Which of the following authentication mechanisms provides the STRONGEST security for high-risk transactions over the internet? A. SMS-based one-time passcodes B. Hardware security tokens C. Knowledge-based authentication D. Email verification links None 14. CISSP: Identity and Access Management In the context of access control, which approach is BEST suited for organizations that require dynamic access decisions based on real-time data? A. Discretionary access control DAC B. Mandatory access control MAC C. Role-based access control RBAC D. Attribute-based access control ABAC None 15. CISSP: Identity and Access Management For an enterprise deploying a new IAM system, which factor is MOST crucial in ensuring the system's resilience against targeted cyber attacks? A. The use of a popular IAM product B. Regular penetration testing and vulnerability assessments C. Deployment on a high-availability infrastructure D. End-user training on phishing prevention None 16. CISSP: Identity and Access Management In IAM, which of the following is considered the BEST practice for managing access rights during a user's employment lifecycle? A. Assigning all users to a default group with general access B. Using automated identity governance to manage access rights C. Manually updating access rights at regular intervals D. Granting access rights based on seniority within the organization None 17. CISSP: Identity and Access Management Which protocol is MOST effective for single sign-on (SSO) authentication in mobile applications integrating with social media platforms? A. LDAP B. SAML C. OAuth 2.0 D. RADIUS None 18. CISSP: Identity and Access Management When designing an IAM system for a global enterprise, which strategy is MOST effective in minimizing the risk of regulatory non-compliance across different regions? A. Centralizing all IAM operations in the headquarters B. Deploying separate IAM systems for each region C. Customizing IAM policies to meet local regulatory requirements D. Standardizing IAM policies across all regions without customization None 19. CISSP: Identity and Access Management In the implementation of an IAM system, which of the following is the MOST effective countermeasure against credential stuffing attacks? A. Password complexity requirements B. Account lockout mechanisms C. Regular password changes D. Multi-factor authentication 'MFA' None 20. CISSP: Identity and Access Management In the management of digital identities, which of the following provides the BEST framework for ensuring non-repudiation in online transactions? A. Digital signatures B. Username and password authentication C. Security questions D. Biometric authentication None 1 out of 20 Time is Up! Time's up
