IAM Basics
Authentication & Authorization
Governance
LCM
Access Reviews
10

Which of the following is a key component of IAM?

A) Firewall configuration

B) Identity lifecycle management

C) Network routing

D) Server maintenance

B) Identity lifecycle management

10

What is the difference between Authentication and Authorization? 

A) Authentication is about access; Authorization is about identity

B) Authentication verifies identity; Authorization determines access rights

C) Both are the same

D) Authentication encrypts data; Authorization decrypts it

B) Authentication verifies identity; Authorization determines access rights

10

What is the main function of an Identity Governance solution?   

A) Encrypt user data

B) Manage firewall rules

C) Ensure compliance through access reviews and certification

D) Provide antivirus protection

C) Ensure compliance through access reviews and certification

 

10

What is the first step in the IAM lifecycle?  

A) Access review

B) Provisioning

C) Identity creation

D) De-provisioning


C) Identity creation

10

What is the purpose of an access review? 

A) To create new user accounts

B) To verify if users still need the access they have

C) To reset passwords

D) To install software updates

B) To verify if users still need the access they have

20

What does IAM primarily manage? 

A) Who can access what 

B) Who can access when 

C) Who can access where 

D) Who can access why 

A) Who can access what

20

Which of the following is NOT a method of Authentication?  

A) Password

B) Biometric scan

C) Access approval by manager

D) OTP (One-Time Password)

C) Access approval by manager

20


What is the risk of not implementing IAM governance controls?   

A) Increased system performance

B) Unauthorized access and data breaches

C) Faster onboarding

D) Reduced password complexity

B) Unauthorized access and data breaches

 

20

What does “birthright access” mean in IAM?  

A) Access granted to users based on their birth date

B) Default access assigned to users based on their role or department

C) Access inherited from previous roles

D) Access granted only to senior employees

 B) Default access assigned to users based on their role or department


20

Who is typically responsible for reviewing user access? 

A) The IT Helpdesk

B) The HR department

C) The user's manager or application owner

D) The finance team

C) The user's manager or application owner

 

30

What is the principle of Least Privilege? 

A) Users should have access to everything

B) Users should have access only to what they need

C) Admins should monitor all users

D) Users should be able to change their own roles

B) Users should have access only to what they need

30

Which IAM feature ensures users only access what they need to perform their job? 300

A) Single Sign-On

B) Least Privilege

C) Password Policy

D) Multi-Factor Authentication

 B) Least Privilege

30

What is the role of Identity Governance in regulatory compliance?  

A) It monitors internet usage

B) It ensures access policies align with regulations like SOX, GDPR, and HIPAA

C) It encrypts user credentials

D) It manages server performance

B) It ensures access policies align with regulations like SOX, GDPR, and HIPAA

30

What is the risk of not de-provisioning access promptly?  

A) Reduced system performance

B) Unauthorized access to sensitive data

C) Increased password resets

D) Delayed software updates

B) Unauthorized access to sensitive data

30

How often should access reviews be conducted? 

A) Once every 5 years

B) Only during onboarding

C) Periodically (e.g., quarterly or annually)

D) Never

 

C) Periodically (e.g, quarterly or annually)  

40

What is the primary goal of IAM?

A) To monitor internet usage

B) To manage user identities and control access to resources

C) To encrypt all company data

D) To create user manuals

 B) To manage user identities and control access to resources

40

Which of the following is an example of Authorization failure? 

A) User enters wrong password

B) User tries to access a restricted file

C) User forgets their username

D) User logs in successfully

B) User tries to access a restricted file

40

What is the purpose of an IAM policy? 

A) To define how users should behave online

B) To outline rules for identity creation, access, and management

C) To monitor internet usage

D) To encrypt user data

B) To outline rules for identity creation, access, and management

40

What is a common trigger for updating a user’s access?  

A) System maintenance

B) Role change or department transfer

C) Password expiration

D) Software upgrade

B) Role change or department transfer

 

40

What is the best practice when conducting access reviews? 

A) Approve all access without checking

B) Review only admin accounts

C) Validate access based on job role and necessity

D) Skip reviews for long-term employees

C) Validate access based on job role and necessity

50

What happens during user offboarding in IAM?

A) Access is reviewed and retained

B) Access is revoked

C) New access is granted

D) Passwords are reset

B) Access is revoked

50

Which of the following is an example of Authorization?  

A) Logging in with MFA

B) Being allowed to download a file

C) Creating a new password

D) Verifying your identity

B) Being allowed to download a file

50

What is IAM Governance primarily concerned with? 

A) Managing network traffic

B) Ensuring policies and controls are in place for identity and access

C) Installing antivirus software

D) Creating user manuals

B) Ensuring policies and controls are in place for identity and access

 

50

What is the benefit of integrating HR systems with IAM for lifecycle management? 

A) Faster internet access

B) Automatic identity creation and updates based on employment status

C) Manual provisioning of access

D) Better antivirus protection

 B) Automatic identity creation and updates based on employment status


50
  1. What is an Access Review and why is it important?
    A) A movie review about access
    B) A periodic check of who has access to what
    C) A way to remove unnecessary access
    D) Both B and C


D) Both B and C