IAM Basics
Which of the following is a key component of IAM?
A) Firewall configuration
B) Identity lifecycle management
C) Network routing
D) Server maintenance
B) Identity lifecycle management
What is the difference between Authentication and Authorization?
A) Authentication is about access; Authorization is about identity
B) Authentication verifies identity; Authorization determines access rights
C) Both are the same
D) Authentication encrypts data; Authorization decrypts it
B) Authentication verifies identity; Authorization determines access rights
What is the main function of an Identity Governance solution?
A) Encrypt user data
B) Manage firewall rules
C) Ensure compliance through access reviews and certification
D) Provide antivirus protection
C) Ensure compliance through access reviews and certification
What is the first step in the IAM lifecycle?
A) Access review
B) Provisioning
C) Identity creation
D) De-provisioning
C) Identity creation
What is the purpose of an access review?
A) To create new user accounts
B) To verify if users still need the access they have
C) To reset passwords
D) To install software updates
B) To verify if users still need the access they have
What does IAM primarily manage?
A) Who can access what
B) Who can access when
C) Who can access where
D) Who can access why
A) Who can access what
Which of the following is NOT a method of Authentication?
A) Password
B) Biometric scan
C) Access approval by manager
D) OTP (One-Time Password)
C) Access approval by manager
What is the risk of not implementing IAM governance controls?
A) Increased system performance
B) Unauthorized access and data breaches
C) Faster onboarding
D) Reduced password complexity
B) Unauthorized access and data breaches
What does “birthright access” mean in IAM?
A) Access granted to users based on their birth date
B) Default access assigned to users based on their role or department
C) Access inherited from previous roles
D) Access granted only to senior employees
B) Default access assigned to users based on their role or department
Who is typically responsible for reviewing user access?
A) The IT Helpdesk
B) The HR department
C) The user's manager or application owner
D) The finance team
C) The user's manager or application owner
What is the principle of Least Privilege?
A) Users should have access to everything
B) Users should have access only to what they need
C) Admins should monitor all users
D) Users should be able to change their own roles
B) Users should have access only to what they need
Which IAM feature ensures users only access what they need to perform their job? 300
A) Single Sign-On
B) Least Privilege
C) Password Policy
D) Multi-Factor Authentication
B) Least Privilege
What is the role of Identity Governance in regulatory compliance?
A) It monitors internet usage
B) It ensures access policies align with regulations like SOX, GDPR, and HIPAA
C) It encrypts user credentials
D) It manages server performance
B) It ensures access policies align with regulations like SOX, GDPR, and HIPAA
What is the risk of not de-provisioning access promptly?
A) Reduced system performance
B) Unauthorized access to sensitive data
C) Increased password resets
D) Delayed software updates
B) Unauthorized access to sensitive data
How often should access reviews be conducted?
A) Once every 5 years
B) Only during onboarding
C) Periodically (e.g., quarterly or annually)
D) Never
C) Periodically (e.g, quarterly or annually)
What is the primary goal of IAM?
A) To monitor internet usage
B) To manage user identities and control access to resources
C) To encrypt all company data
D) To create user manuals
B) To manage user identities and control access to resources
Which of the following is an example of Authorization failure?
A) User enters wrong password
B) User tries to access a restricted file
C) User forgets their username
D) User logs in successfully
B) User tries to access a restricted file
What is the purpose of an IAM policy?
A) To define how users should behave online
B) To outline rules for identity creation, access, and management
C) To monitor internet usage
D) To encrypt user data
B) To outline rules for identity creation, access, and management
What is a common trigger for updating a user’s access?
A) System maintenance
B) Role change or department transfer
C) Password expiration
D) Software upgrade
B) Role change or department transfer
What is the best practice when conducting access reviews?
A) Approve all access without checking
B) Review only admin accounts
C) Validate access based on job role and necessity
D) Skip reviews for long-term employees
C) Validate access based on job role and necessity
What happens during user offboarding in IAM?
A) Access is reviewed and retained
B) Access is revoked
C) New access is granted
D) Passwords are reset
B) Access is revoked
Which of the following is an example of Authorization?
A) Logging in with MFA
B) Being allowed to download a file
C) Creating a new password
D) Verifying your identity
B) Being allowed to download a file
What is IAM Governance primarily concerned with?
A) Managing network traffic
B) Ensuring policies and controls are in place for identity and access
C) Installing antivirus software
D) Creating user manuals
B) Ensuring policies and controls are in place for identity and access
What is the benefit of integrating HR systems with IAM for lifecycle management?
A) Faster internet access
B) Automatic identity creation and updates based on employment status
C) Manual provisioning of access
D) Better antivirus protection
B) Automatic identity creation and updates based on employment status
What is an Access Review and why is it important?
A) A movie review about access
B) A periodic check of who has access to what
C) A way to remove unnecessary access
D) Both B and C
D) Both B and C