CISSP Practice Set_01: Identity And Access Management_2

Home » CISSP Practice Set_01: Identity And Access Management_2

Identity And Access Management

Domain 05 Practice Set: 01

CISSP DOMAIN 05: Identity And Access Management (Assessment Mode)

CISSP Domain 5 : This domain focuses on granting and revoking privileges to access data or perform actions on systems. It encompasses identification, authentication, authorization, and accountability to ensure that the right entities have appropriate access to resources. This domain is critical for maintaining secure and efficient access control systems within an organization.

Domain 05: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

Page : 1/10

1. Which access control model is based on the sensitivity of information and clearance level of subjects?

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Attribute-Based Access Control (ABAC)

2. What is the main advantage of implementing multi-factor authentication (MFA)?

It simplifies the user authentication process

It reduces the complexity of password management

It increases security by requiring multiple forms of verification

It eliminates the need for passwords

3. Which of the following best describes the concept of "separation of duties"?

Ensuring that sensitive tasks are divided among multiple individuals to prevent fraud or errors

Allowing users to perform any task as long as they have the correct permissions

Ensuring that employees rotate through various job functions regularly

Allowing users to set their own security permissions

4. What is the primary function of a directory service in identity and access management?

To encrypt data for secure storage

To authenticate users and manage identities

To monitor network traffic for suspicious activity

To provide a firewall to protect against external threats

5. NAC’s posturing capability determines if a system is sufficiently secure and compliant enough to connect to a network. This is a form of what type of access control?

Discretionary access control

Rule-based access control

Task-based access control

Risk-based access control

Page : 2/10

6. Which of the following is an example of discretionary access control (DAC)?

An administrator assigns permissions based on job roles.

Users are allowed to decide who can access their own files.

Access is determined by the sensitivity of the information.

Access control is managed by a centralized authority based on rules.

7. Google’s identity integration with a variety of organizations and applications across domains is an example of which of the following?

PKI

Federation

Single sign-on

Provisioning

8. What is the primary benefit of using biometric authentication methods?

They are easy to share among users

They cannot be lost or forgotten

They are inexpensive to implement

They provide anonymity for the user

9. What is the purpose of an identity federation in a cloud environment?

To centralize user authentication within a single organization

To allow users to authenticate across multiple organizations using a single identity

To provide a backup authentication mechanism

To encrypt data stored in the cloud

10. What type of access control is typically used by firewalls?

Discretionary access controls

Rule-based access controls

Mandatory access controls

Task-based access control

Page : 3/10

11. In access control models, what is the main purpose of the "separation of duties" principle?

To ensure that no single individual has complete control over all aspects of a critical process

To assign access rights based on user roles

To encrypt sensitive data during transmission

To centralize access management

12. Which of the following is an example of two-factor authentication?

A username and password

A password and a fingerprint scan

A smart card and a PIN

A retina scan and voice recognition

13. Which of the following authentication factors is considered "something you have"?

Password

Smart card

Biometric fingerprint

14. Which access control model is based on the job function of the user?

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Mandatory Access Control (MAC)

Rule-Based Access Control

15. Amanda starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. What problem has she encountered?

Privilege creep

Rights collision

Least privilege

Excessive privileges

Page : 4/10

16. What is the main purpose of using a Public Key Infrastructure (PKI) in identity management?

To encrypt user passwords

To authenticate users using biometric data

To manage and distribute digital certificates for secure communications

To provide a backup authentication method

17. When you input a user ID and password, you are performing what important identity and access management activity?

Authorization

Validation

Authentication

18. What is the purpose of an Identity Provider (IdP) in federated identity management?

To store user credentials locally

To authenticate users and provide identity assertions

To manage user roles and permissions

To create and manage access policies

19. What is the primary purpose of Single Sign-On (SSO) in an enterprise environment?

To enforce multi-factor authentication

To provide a centralized logging mechanism

To allow users to authenticate once and gain access to multiple systems

To encrypt user credentials

20. What is a common method for implementing least privilege access control?

Assigning all users administrative rights

Regularly reviewing and updating user access rights

Allowing users to request additional access as needed

Granting access to all resources by default

Page : 5/10

21. Which of the following mechanisms is used to ensure that a user can be held accountable for their actions in an information system?

Role-based access control

Non-repudiation

Single sign-on

Encryption

22. Which of the following best describes an identity federation?

A single system that handles all authentication requests

A network of interconnected authentication systems

A centralized directory of all users in an organization

A framework that allows the sharing of identity information across different organizations

23. Which of the following is NOT a characteristic of Role-Based Access Control (RBAC)?

Users are assigned to roles based on their job functions

Access rights are dynamically adjusted based on user behavior

Roles are created based on the principle of least privilege

Permissions are assigned to roles rather than individual users

24. Which of the following is a common vulnerability associated with password-based authentication systems?

Strong password policies

Brute force attacks

Multi-factor authentication

Token-based authentication

25. What is the primary purpose of access control in an information security environment?

To ensure that users have limited access to systems

To verify the identity of users

To prevent unauthorized access to information

To monitor user activity

Page : 6/10

26. What type of access control model uses rules that can include the attributes of users, resources, and the environment?

Discretionary Access Control (DAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

Mandatory Access Control (MAC)

27. What is the principle of least privilege?

Users should have the minimum level of access—or permissions—necessary to perform their job functions.

Users should be granted access based on their seniority in the organization.

Users should have unrestricted access to resources to ensure productivity.

Users should share their access credentials with their supervisors.

28. Which of the following protocols is commonly used for directory services and can be used to implement Single Sign-On (SSO)?

LDAP (Lightweight Directory Access Protocol)

SNMP (Simple Network Management Protocol)

SMTP (Simple Mail Transfer Protocol)

HTTP (Hypertext Transfer Protocol)

29. Which of the following is a benefit of using a centralized identity and access management (IAM) system?

Increased complexity in managing user access

Simplified management and auditing of user access

Decentralized control of user permissions

Increased risk of single point of failure

30. What principle ensures that a user only has access to the information and resources necessary for their role?

Separation of duties

Least privilege

Need to know

Defense in depth

Page : 7/10

31. Which of the following is a common method for implementing access control lists (ACLs)?

Assigning access permissions to users based on their IP addresses

Defining access rules based on the roles of users within an organization

Allowing users to set their own access permissions for shared files

Specifying which users or system processes are granted access to objects such as files or directories

32. When Chris verifies an individual’s identity and adds a unique identifier like a user ID to an identity system, what process has occurred?

Identity proofing

Registration

Directory management

Session management

33. In the context of identity and access management, what does the term "provisioning" refer to?

The process of granting, modifying, or revoking access rights

The process of monitoring user activity

The process of authenticating users

The process of encrypting data

34. Which of the following best describes Role-Based Access Control (RBAC)?

Access decisions are based on the roles individual users have within the organization.

Access is granted based on user-specific attributes.

Access is determined by the user’s physical location.

Access is restricted based on the sensitivity of the information.

35. Which of the following best describes an identity federation?

A centralized system that handles user authentication within a single organization.

A distributed system where identity attributes are shared across multiple organizations.

security system that uses multifactor authentication.

A method of encrypting user credentials for secure transmission.

Page : 8/10

36. What is a major benefit of implementing multi-factor authentication (MFA)?

It reduces the need for password complexity

It increases the convenience of logging in for users

It provides an additional layer of security beyond just a password

It eliminates the need for any form of password

37. What type of attack involves an attacker gaining unauthorized access by using another person's credentials?

Brute force attack

Man-in-the-middle attack

Phishing attack

Impersonation attack

38. Which access control model is primarily used to enforce security policies within government and military environments?

Discretionary Access Control (DAC)

Mandatory Access Control (MAC)

Role-Based Access Control (RBAC)

Attribute-Based Access Control (ABAC)

39. Jim wants to implement an access control scheme that will ensure that users cannot delegate access. He also wants to enforce access control at the operating system level. What access control mechanism best fits these requirements?

Role-based access control

Discretionary access control

Mandatory access control

Attribute-based access control

40. Which of the following best describes the purpose of an audit trail in an identity and access management system?

To provide a list of all users in the system

To monitor and record user activities for accountability and forensic purposes

To allow users to change their passwords regularly

To store user credentials securely

Page : 9/10

41. What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API?

SAML

Shibboleth

OpenID Connect

Higgins

42. Which of the following describes a challenge-response authentication mechanism?

The system presents a challenge, and the user must respond with a specific password.

The user provides a password, and the system grants access immediately.

The system requires biometric data from the user for authentication.

The system presents a challenge, and the user must respond with a correct answer based on a shared secret.

43. What is the primary purpose of a security token in an authentication system?

To store user passwords securely

To provide an additional factor for verifying user identity

To encrypt communication between users and the system

To serve as a backup authentication method

44. What is the main advantage of implementing Single Sign-On (SSO)?

It reduces the complexity of managing multiple passwords.

It enhances network performance.

It provides granular access control.

It eliminates the need for strong authentication methods.

45. Which of the following describes "Just-In-Time (JIT) provisioning"?

Granting users access to resources only when needed and for a limited time

Pre-configuring user access rights based on their roles

Automatically updating user roles based on behavior

Enforcing strict password policies for all users

Page : 10/10

46. What is the primary role of an Access Control List (ACL) in an information system?

To manage user roles and permissions

To define which users or systems are granted access to specific resources

To monitor and log user activities

To enforce encryption policies

47. What is an example of an attribute-based access control (ABAC) system?

Access control based on user roles within an organization

Access control based on individual user identities

Access control based on user attributes, such as department, clearance level, or time of access

Access control based on the physical location of the user

48. What is the purpose of a user provisioning process?

To deactivate user accounts

To ensure users are educated about security policies

To create, manage, and disable user accounts as needed

To monitor user activity in real-time

49. Which of the following is considered a logical access control mechanism?

Biometric fingerprint scanner

Firewall rules

Security guards

Locked doors

50. Which of the following is a characteristic of a strong password policy?

Requiring passwords to be at least 6 characters long

Allowing users to reuse previous passwords

Requiring passwords to include a mix of upper and lower case letters, numbers, and special characters

Allowing passwords to remain unchanged indefinitely

CISSP Practice Test, Quiz & Flashcards

5

CISSP Practice Sets

250

Questions

5.8

Test Submited by Users

info@sajinshivdas.com

Abu Dhabi, UAE

twitter
facebook
youtube
behance

Close Menu

Home
Cybersecurity Blog
Cybersecurity Tools
Computer Forensics
AboutUs

Identity And Access Management

Domain 05 Practice Set: 01

CISSP DOMAIN 05: Identity And Access Management (Assessment Mode)

Domain 05: Practice Set 01

Disclaimer: The practice exam questions provided are representative of the certification exam, but not the actual questions you will see on the certification exam. Practice exams are for self-assessment.

CISSP Practice Test, Quiz & Flashcards

More practice question and flash cards

Risk & Security Management

Asset Security

Security Architecture & Engineering

Communication & Network Security

Identity & Access Management

CISSP Practice Sets Status

5

250

5.8

info@sajinshivdas.com