ISC2-ISSAP Domain 4: Identity and Access Management (IAM) Architecture Welcome to your ISC2-ISSAP Domain 4: Identity and Access Management (IAM) Architecture 1. ISSAP: Identity and Access Management (IAM) Architecture In the context of IAM, what is the primary purpose of a federated identity management system? A. To centralize user authentication for a single domain. B. To enable users to access resources across multiple security domains without multiple logins. C. To restrict user access within an organizational boundary. D. To decentralize and distribute identity data across multiple databases. None 2. ISSAP: Identity and Access Management (IAM) Architecture Which of the following best describes the principle of least privilege in IAM? A. Granting users the maximum set of permissions they might need to perform their duties. B. Ensuring all users have equal access rights to resources. C. Assigning users only those permissions necessary to perform their job functions. D. Allowing temporary elevation of access rights for standard users. None 3. ISSAP: Identity and Access Management (IAM) Architecture In IAM, what is the primary function of multi-factor authentication (MF A. A) To provide a single sign-on (SSO) experience for users. B. To reduce the complexity of password management. C. To enhance security by requiring two or more verification factors. D. To streamline user provisioning and deprovisioning processes. None 4. ISSAP: Identity and Access Management (IAM) Architecture What role does attribute-based access control 'ABAC' play in IAM? A. It restricts access based solely on the roles assigned to a user. B. It grants access based on the attributes of users, resources, and the environment. C. It enables unrestricted access to resources within an organization. D. It delegates access control decisions to the resource owner. None 5. ISSAP: Identity and Access Management (IAM) Architecture In the context of IAM, what is a primary security concern of single sign-on (SSO) implementations? A. Increased complexity in managing user identities. B. The need for multiple sets of credentials for each user. C. Potential for a single point of failure compromising multiple systems. D. Decreased user satisfaction due to frequent authentication prompts. None 6. ISSAP: Identity and Access Management (IAM) Architecture How does role-based access control 'RBAC' differ from discretionary access control 'DAC'? A. RBAC assigns permissions to roles, while DAC allows users to control access to their own resources. B. RBAC is based on user attributes, while DAC is based on organizational roles. C. RBAC allows for dynamic access control decisions, while DAC uses static permissions. D. RBAC is less flexible than DAC in terms of access control customization. None 7. ISSAP: Identity and Access Management (IAM) Architecture Which IAM feature is primarily used to automate the process of user rights and privileges assignment based on their role in an organization? A. Privileged Access Management (PAM) B. Identity Governance and Administration 'IGA' C. Directory Services D. Access Review and Certification None 8. ISSAP: Identity and Access Management (IAM) Architecture What is the primary security benefit of using a centralized IAM system? A. It simplifies the process of password resets for individual accounts. B. It enables users to choose their own security questions. C. It provides a single point of management for identities and access across the organization. D. It allows for easier implementation of role-based access control. None 9. ISSAP: Identity and Access Management (IAM) Architecture What is the main challenge in implementing a privilege access management (PAM) solution? A. Ensuring seamless user experience across multiple platforms. B. Balancing the need for security with the requirement for rapid access by privileged users. C. Integrating with legacy systems that do not support modern authentication methods. D. Providing enough training for end users to understand the complexities of PAM. None 10. ISSAP: Identity and Access Management (IAM) Architecture In IAM, what mechanism is typically used to ensure that users' access rights and permissions are reviewed and updated to reflect their current roles and responsibilities? A. Password expiration policies B. Periodic access reviews and certifications C. Two-factor authentication D. Continuous monitoring and alerting None 11. ISSAP: Identity and Access Management (IAM) Architecture In the context of IAM, what is the significance of context-aware authentication mechanisms? A. They provide a static set of security questions for user verification. B. They adjust authentication requirements based on the user's location, device, or time of access. C. They simplify the login process by removing the need for passwords. D. They require users to change passwords after a set period. None 12. ISSAP: Identity and Access Management (IAM) Architecture How does a Public Key Infrastructure (PKI) support IAM? A. By providing a framework for digital signatures and encryption, enhancing non-repudiation and confidentiality. B. By simplifying the user provisioning process across cloud-based applications. C. By enabling passwordless authentication for all users. D. By decentralizing user access control to reduce administrative overhead. None 13. ISSAP: Identity and Access Management (IAM) Architecture In IAM, what is the primary advantage of using biometric authentication methods over traditional password-based methods? A. Biometric methods offer a more user-friendly authentication experience. B. They provide a higher level of security by verifying the user's physical or behavioral characteristics. C. They are less expensive to implement on a large scale. D. Biometric data is easier to manage and store securely. None 14. ISSAP: Identity and Access Management (IAM) Architecture In the context of IAM, what role does a Security Assertion Markup Language (SAML) play? A. It encrypts sensitive data at rest and in transit. B. It serves as a standard for exchanging authentication and authorization data between parties, particularly in web services. C. It provides a mechanism for password synchronization across multiple systems. D. It is used for conducting security audits and compliance checks. None 15. ISSAP: Identity and Access Management (IAM) Architecture What is the primary challenge when integrating IAM solutions with cloud-based services and applications? A. Ensuring the IAM solution can operate across different cloud platforms and services. B. Reducing the latency introduced by cloud-based authentication processes. C. Ensuring compatibility with on-premises legacy systems. D. Simplifying the user interface of cloud-based applications. None 16. ISSAP: Identity and Access Management (IAM) Architecture In IAM, what is the significance of the OAuth 2.0 framework? A. It is primarily used for encrypting data stored in the cloud. B. It provides a protocol for authorization, allowing secure delegated access. C. It is a password management tool for users across multiple websites. D. It standardizes the format of user access logs for audit purposes. None 17. ISSAP: Identity and Access Management (IAM) Architecture How does the principle of separation of duties 'SoD' apply to IAM? A. It mandates the use of multi-factor authentication for all users. B. It requires that no single individual has control over all aspects of an access control process. C. It ensures that all users have equal access rights to systems and data. D. It separates user authentication from authorization processes for better performance. None 18. ISSAP: Identity and Access Management (IAM) Architecture What is the primary function of a directory service in IAM? A. To act as a repository for storing user credentials and permissions. B. To encrypt data transmissions between users and applications. C. To monitor and log all user activity within the system. D. To provide real-time threat analysis and response. None 19. ISSAP: Identity and Access Management (IAM) Architecture In IAM, what is the impact of "privilege creep"? A. It leads to users accumulating unnecessary access rights over time. B. It simplifies the process of access review and certification. C. It enhances the security of privileged accounts. D. It reduces the complexity of managing user permissions. None 20. ISSAP: Identity and Access Management (IAM) Architecture How does dynamic access control 'DAC' enhance IAM systems? A. By providing static access rights that do not change over time. B. By allowing access decisions to be made based on predefined roles only. C. By adjusting access rights in real-time based on context, such as user location or device security posture. D. By eliminating the need for authentication mechanisms in secure environments. None 1 out of 20 Time is Up! Time's up
