Identity and Access Management Flashcards

1
Q

What is the primary goal of access control?

A. To encrypt all data.
B. To manage who has access to resources.
C. To monitor network activity.
D. To ensure high availability of systems.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is an access control subject?

A. A file in a database.
B. A user attempting to access a resource.
C. An operating system’s memory.
D. A log file entry.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which principle ensures only authorized users access specific resources?

A. Confidentiality.
B. Availability.
C. Least Privilege.
D. Accountability.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three key objectives of access control?

A. Confidentiality, Integrity, Availability.
B. Identification, Authentication, Authorization.
C. Passwords, Tokens, Biometrics.
D. Encryption, Decryption, Storage.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of these is an example of a logical control?

A. Firewall.
B. Security guard.
C. CCTV system.
D. Key management policy.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which type of control involves organizational policies and procedures?

A. Administrative.
B. Logical.
C. Physical.
D. Cryptographic.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which control would best mitigate physical threats?

A. Firewall.
B. Security guard.
C. Password policy.
D. Encryption.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the focus of logical/technical controls?

A. Protecting physical assets.
B. Implementing hardware and software solutions.
C. Managing user behavior.
D. Enforcing administrative rules.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the first step in an access control process?

A. Authorization.
B. Authentication.
C. Identification.
D. Accountability.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is required for multi-factor authentication?

A. Two or more types of authentication factors.
B. Biometric identification only.
C. A password and a security token.
D. A private and public key pair.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which factor does a biometric authentication method fall under?

A. Something you have.
B. Something you are.
C. Something you know.
D. Something you share.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following ensures accountability in access control?

A. Role-based access.
B. Audit logs.
C. Strong encryption.
D. Centralized access management.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the key characteristic of discretionary access control (DAC)?

A. Access is based on the user’s role.
B. Users can grant access to resources they own.
C. Access is determined by attributes.
D. It is implemented by mandatory policies.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which access control model uses security classifications like “Confidential”?

A. DAC.
B. MAC.
C. RBAC.
D. ABAC.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does RBAC assign permissions based on?

A. Attributes of the user.
B. Security classifications.
C. Roles within an organization.
D. User preferences.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which access control model uses attributes to determine access?

A. ABAC.
B. DAC.
C. MAC.
D. RBAC.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which is an example of a one-time password (OTP)?

A. A memorized PIN.
B. A randomly generated code sent to a device.
C. A passphrase stored on a device.
D. A key stored in a hardware token.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is a common defense against dictionary attacks?

A. Using complex passwords.
B. Biometric authentication.
C. Encrypting passwords.
D. Disabling account recovery.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a major drawback of using static passwords?

A. They are difficult to remember.
B. They can be reused and stolen.
C. They are incompatible with biometrics.
D. They require hardware tokens.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which is a best practice for creating strong passwords?

A. Use at least 8 characters with a mix of upper/lowercase letters, numbers, and symbols.
B. Use your birthdate for easy recall.
C. Share the password with trusted users.
D. Only use numeric characters.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is an example of a synchronous token?

A. A USB security key.
B. A time-based one-time password generator.
C. A magnetic swipe card.
D. A retina scan.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which biometric method uses the unique patterns of an individual’s iris?

A. Retina scan.
B. Fingerprint scan.
C. Voice recognition.
D. Iris recognition.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a common disadvantage of biometric authentication?

A. Requires regular password changes.
B. Can be easily shared with others.
C. May raise privacy concerns.
D. Cannot be revoked once compromised.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What type of token uses physical characteristics for authentication?

A. Static token.
B. Biometric token.
C. Asynchronous token.
D. Time-based token.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which access control system uses centralized authentication?

A. RADIUS.
B. Biometric control.
C. Decentralized system.
D. Local authentication.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a key feature of decentralized access control?

A. Centralized management of access rights.
B. Each system manages its own access rights.
C. Use of biometric-only authentication.
D. Dynamic token synchronization.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which access control system uses encrypted protocols like PAP and CHAP?

A. TACACS+.
B. LDAP.
C. RADIUS.
D. OAuth.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the role of TACACS+ in access control?

A. To manage federated identities.
B. To provide token-based authentication.
C. To centralize access control for network devices.
D. To monitor biometric authentication logs.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which protocol is commonly used in federated identity management?

A. SAML.
B. RADIUS.
C. TACACS.
D. SSH.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is an advantage of SSO systems?

A. Reduces the risk of password reuse.
B. Provides hardware-based encryption.
C. Prevents all access control failures.
D. Requires less frequent password changes.

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is a potential drawback of Single Sign-On?

A. Requires biometric authentication for all systems.
B. A breach in one account compromises all linked accounts.
C. It cannot integrate with third-party services.
D. It eliminates centralized logging.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following is a federated identity standard?

A. OAuth.
B. X.509.
C. SAML.
D. DES.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the primary feature of IDaaS platforms?

A. Provides cloud-based identity and access management.
B. Manages physical security systems.
C. Creates passwords for remote users.
D. Encrypts local hard drives.

A

A

34
Q

What feature does IDaaS commonly support?

A. Single Sign-On (SSO).
B. Biometric authentication only.
C. Hardware token integration.
D. Asynchronous encryption.

A

A

35
Q

Which IDaaS capability automates user provisioning and de-provisioning?

A. Role management.
B. User lifecycle management.
C. Token synchronization.
D. Biometric enrollment.

A

B

36
Q

What is a key advantage of IDaaS solutions?

A. Requires no connection to the internet.
B. Provides scalability for large organizations.
C. Eliminates the need for role-based access control.
D. Removes the need for authentication entirely.

A

B

37
Q

What is a common computational threat to access control systems?

A. Brute force attacks.
B. Lack of encryption.
C. Biometric misidentification.
D. Physical tampering.

A

A

38
Q

Which of the following is a social engineering threat?

A. Man-in-the-middle attacks.
B. Phishing emails.
C. Brute force attacks.
D. Distributed denial of service.

A

B

39
Q

Which countermeasure can mitigate physical threats to access control?

A. Strong passwords.
B. CCTV monitoring.
C. Encryption algorithms.
D. SSO systems.

A

B

40
Q

What is a major risk associated with weak passwords?

A. Increased system availability.
B. Greater susceptibility to brute force attacks.
C. Incompatibility with token systems.
D. Inability to log events.

A

B

41
Q

What is the first stage in the IAM lifecycle?

A. Provisioning.
B. De-provisioning.
C. Authorization.
D. Role assignment.

A

A

42
Q

Which principle ensures users only have access to the information necessary for their roles?

A. Need-to-Know.
B. Accountability.
C. Availability.
D. Biometric Access.

A

A

43
Q

What is the process of removing a user’s access rights called?

A. Provisioning.
B. Maintenance.
C. De-provisioning.
D. Revocation.

A

C

44
Q

Which IAM stage involves updating user access as roles change?

A. Authorization.
B. Maintenance.
C. Provisioning.
D. Monitoring.

A

B

45
Q

Which of the following is an open standard for authentication?

A. OpenID.
B. LDAP.
C. TACACS+.
D. Kerberos.

A

A

46
Q

What does OAuth primarily enable?

A. Access delegation without sharing credentials.
B. Password synchronization across systems.
C. Biometric verification for single sign-on.
D. Role-based access control.

A

A

47
Q

What does JSON Web Token (JWT) primarily facilitate?

A. Token-based authentication.
B. Password generation.
C. Certificate revocation.
D. Encryption key exchange.

A

A

48
Q

What is Kerberos primarily used for?

A. Time-synchronized password management.
B. Secure network authentication.
C. Hashing data for integrity verification.
D. Generating encryption keys.

A

B

49
Q

What component stores and manages user identities in IAM?

A. Directory services.
B. Single Sign-On (SSO).
C. Tokens.
D. Audit logs.

A

A

50
Q

Which architecture supports cross-organizational authentication?

A. Federated IAM.
B. Centralized IAM.
C. Decentralized IAM.
D. Role-based IAM.

A

A

51
Q

What is a benefit of centralized IAM?

A. Reduced reliance on biometric authentication.
B. Simplified management of access rights.
C. Eliminates the need for encryption.
D. Distributes control across multiple systems.

A

B

52
Q

Which of the following is critical for IAM audit compliance?

A. Multi-factor authentication.
B. Accurate and up-to-date logging.
C. Password length requirements.
D. Token-based authentication.

A

B

53
Q

Which system detects unauthorized access to resources?

A. Intrusion Detection System (IDS).
B. Firewall.
C. Biometric scanner.
D. Federated identity system.

A

A

54
Q

What type of IDS monitors system-level activities?

A. Network-based IDS.
B. Application-based IDS.
C. Host-based IDS.
D. Role-based IDS.

A

C

55
Q

What is the main purpose of an Intrusion Prevention System (IPS)?

A. Log access attempts.
B. Prevent malicious activities.
C. Detect phishing attempts.
D. Monitor biometric authentication.

A

B

56
Q

Which of the following can improve IDS effectiveness?

A. Using stronger encryption algorithms.
B. Regularly updating IDS signatures.
C. Implementing decentralized access control.
D. Enforcing password policies.

A

B

57
Q

What is a common mitigation for brute force attacks?

A. Biometric authentication.
B. Account lockout policies.
C. Token-based encryption.
D. Intrusion Prevention Systems.

A

B

58
Q

Which defense reduces susceptibility to phishing?

A. Multi-factor authentication.
B. Role-based access control.
C. Centralized identity management.
D. Password complexity requirements.

A

A

59
Q

What is a primary countermeasure for social engineering attacks?

A. Employee training.
B. Strong encryption.
C. Physical tokens.
D. Biometric access control.

A

A

60
Q

Which mechanism prevents unauthorized physical access?

A. CCTV surveillance.
B. Password policies.
C. OAuth protocols.
D. Federated IAM.

A

A

61
Q

Which protocol is commonly used for directory services in IAM?

A. LDAP
B. RADIUS
C. OAuth
D. Kerberos

A

A

62
Q

What does SAML stand for in federated identity management?

A. Secure Access Management Layer
B. Security Assertion Markup Language
C. Simple Authentication Markup Language
D. Secure Authorization Management Language

A

B

63
Q

Which tool provides centralized access management for network devices?

A. RADIUS
B. OAuth
C. TACACS+
D. OpenID

A

C

64
Q

What does OAuth primarily enable?

A. Delegated access to resources.
B. Directory-based authentication.
C. Biometric authentication.
D. Secure token synchronization.

A

A

65
Q

Which IAM component is most useful for large-scale enterprise authentication?

A. SSO systems
B. Decentralized IAM
C. Federated identity
D. Host-based IDS

A

C

66
Q

What type of IAM system is ideal for organizations with multiple, separate systems?

A. Federated IAM
B. Centralized IAM
C. Attribute-based IAM
D. Decentralized IAM

A

A

67
Q

What is a common challenge of decentralized IAM systems?

A. Lack of centralized policy enforcement.
B. Inability to support multi-factor authentication.
C. Reliance on biometric tokens.
D. Excessive use of encryption.

A

A

68
Q

Which IAM process is most important during an employee’s termination?

A. Provisioning
B. De-provisioning
C. Role assignment
D. Role escalation

A

B

69
Q

Which issue is most common in poorly managed IAM systems?

A. Role creep
B. Biometric errors
C. Lack of encryption
D. Overuse of centralization

A

A

70
Q

What is the risk of weak password policies?

A. Increased social engineering attacks.
B. Susceptibility to brute force attacks.
C. Biometric token failures.
D. Lack of access to centralized systems.

A

B

71
Q

What is a major vulnerability in federated identity systems?

A. Single point of failure.
B. Excessive encryption requirements.
C. Inability to integrate with legacy systems.
D. Dependence on physical tokens.

A

A

72
Q

What threat does phishing primarily exploit?

A. Human error
B. Weak encryption protocols
C. Physical access vulnerabilities
D. Role-based permissions

A

A

73
Q

Which principle minimizes security risks in IAM?

A. Separation of duties
B. Single Sign-On
C. Continuous auditing
D. Need-to-know

A

D

74
Q

What is the main advantage of automated provisioning systems?

A. Improved role assignment accuracy.
B. Reduced user accountability.
C. Elimination of password-based authentication.
D. Increased token generation.

A

A

75
Q

What is the purpose of continuous monitoring in IAM?

A. To prevent unauthorized access.
B. To ensure compliance and detect anomalies.
C. To replace multi-factor authentication.
D. To synchronize biometric data.

A

B

76
Q

What ensures data integrity in access control systems?

A. Use of hash functions.
B. Role-based access control.
C. Continuous de-provisioning.
D. Federated identity systems.

A

A

77
Q

Which emerging IAM mechanism uses decentralized technologies like blockchain?

A. Self-sovereign identity
B. Role-based access control
C. OAuth tokens
D. RADIUS

A

A

78
Q

What is the focus of Zero Trust Architecture in IAM?

A. Never trust any user or system by default.
B. Biometric-only authentication.
C. Centralized management of all systems.
D. Eliminating encryption requirements.

A

A

79
Q

What is a potential challenge of Zero Trust implementation?

A. Increased complexity in policy management.
B. Lack of biometric integration.
C. Dependence on physical security tokens.
D. Incompatibility with SSO systems.

A

A

80
Q

Which IAM technology is best suited for cloud-native applications?

A. Identity as a Service (IDaaS)
B. Decentralized IAM
C. RADIUS
D. TACACS+

A

A