Domain 5 CISSP Exam: Identity and Access Management

DOMAIN 5: Identity and Access Management

1 / 90

Which of the following is an example of access in the context of access control?

2 / 90

Which model is based on a list of predefined rules to determine authorization?

3 / 90

Which of the following is a function supported by an Identity management (IdM) system throughout the access management lifecycle?

4 / 90

Which model can be helpful for identifying common need-to-know criteria in granting appropriate but not excessive access to applications?

5 / 90

What is session management?

6 / 90

What is the highest level of assurance for identity proofing according to NIST SP 800-63-3?

7 / 90

What is an important consideration for device IAM?

8 / 90

Which of the following tasks is supported by an Identity Management (IdM) system in the access management lifecycle?

9 / 90

Which of the following is a weakness of biometrics that must be considered by security practitioners?

10 / 90

Which of the following is NOT a process that a credential management system (CMS) should support?

11 / 90

What is one of the primary use cases for Just-In-Time (JIT) identity and access management?

12 / 90

Which security objective of critical information can be supported through access controls by preventing unauthorized users from making changes to information?

13 / 90

According to the updated guidance in NIST SP 800-63B, what is preferred for Type 1 authentication factors, and why?

14 / 90

What is the advantage of using a hybrid approach for Identity and Access Management?

15 / 90

What is one of the main challenges of biometric authentication that security practitioners must consider?

16 / 90

Which of the following scenarios carries higher risk and requires faster deprovisioning and more oversight according to the text above?

17 / 90

Which of the following is an example of a Type 2 authentication factor?

18 / 90

What is the minimum requirement for identity proofing in IAL1?

19 / 90

Which of the following is an effective way to isolate organization data from other apps on a personal device?

20 / 90

In a discretionary access control (DAC) model, who makes access decisions?

21 / 90

Which model can be helpful in identifying common need-to-know criteria and granting appropriate access, but not excessive, to applications?

22 / 90

What are objects within the context of access control models?

23 / 90

What is the Identity Assurance Level (IAL) that only requires the user to self-assert their identity without requiring a link to a verified real-life identity and is appropriate for systems where accountability does not extend to real-world consequences such as criminal action?

24 / 90

Which model can be helpful in identifying common need-to-know criteria and granting access that is appropriate but not excessive to applications?

25 / 90

Which of the following is a key functionality of Identity Management (IdM)?

26 / 90

What is the purpose of the Key Distribution Center (KDC) in a Kerberos realm?

27 / 90

What is a common method for identifying people entering or leaving a secured area?

28 / 90

What is Open Authorization (OAuth)?

29 / 90

What is the updated guidance for managing Type 1 authentication factors according to NIST SP 800-63B?

30 / 90

What are the two popular approaches for implementing SSO?

31 / 90

What is the purpose of intrusion detection sensors in a Physical Access Control System?

32 / 90

Which of the following is a weakness of biometrics that requires the security practitioner to balance the needs for authentication and acceptance of a biometric solution in relation to cultural requirements?

33 / 90

What is the difference between deprovisioning under hostile/involuntary circumstances and friendly/voluntary circumstances?

34 / 90

Which security control can be used to enforce security policy restrictions such as the use of a complex passcode or encryption on a user device?

35 / 90

Which type of authentication system provides access to a set of files or one computer only?

36 / 90

Which of the following access control models provides specific permissions based on job functions?

37 / 90

In Kerberos, what is the function of the Key Distribution Center (KDC)?

38 / 90

Which of the following functionalities of an IdM supports oversight of identities and access by providing key details about the authorizations that are granted to an identity?

39 / 90

What is the purpose of intrusion detection sensors in Physical Access Control Systems (PACSs)?

40 / 90

What is a primary advantage of federating identity management across organizations in a FIM scheme?

41 / 90

What is the purpose of preventing toxic role combinations in a properly designed RBAC model?

42 / 90

What makes risk-based access control models different from other models?

43 / 90

What does IAL3 require for identity proofing?

44 / 90

What is a primary concern in device IAM?

45 / 90

What is the updated guidance for managing Type 1 authentication factors in NIST SP 800-63B?

46 / 90

Which one of the following is NOT one of the four foundational elements of Identity and Access Management (IAM)?

47 / 90

Which is a fundamental requirement for the security practitioner when it comes to information access control in order to protect specific pieces of information with different requirements over time?

48 / 90

What is one of the primary risks associated with using a third-party IDaaS provider for access control?

49 / 90

Which of the following is an implementation of confidentiality control in system-level Identity and Access Management (IAM)?

50 / 90

Which of the following is an example of Type 2 authentication?

51 / 90

What does IAM consist of?

52 / 90

What is the purpose of physical access controls like turnstiles and mantraps?

53 / 90

What is session hijacking?

54 / 90

What is the main difference between single-factor authentication and multifactor authentication?

55 / 90

What is the role of the Ticket Granting Server (TGS) in a Kerberos environment?

56 / 90

Which of the following is true regarding physical security measures for information system security within facilities?

57 / 90

Which of the following best describes the mandatory access control (MAC) model?

58 / 90

What is an emphasis of the updated guidance for managing Type 1 authentication factors?

59 / 90

Which principle is important to consider when defining roles for access management?

60 / 90

What is deprovisioning?

61 / 90

Which of the following attacks occurs when a user on the same network performs packet sniffing to steal session cookie information, which allows the attacker to impersonate the authorized user?

62 / 90

Which of the following physical control elements is designed to explicitly limit the rate of access to a facility?

63 / 90

What is one advantage of using a cloud-based IDaaS solution for IAM in organizations with a cloud-first or cloud-native approach?

64 / 90

What is the most common way of enforcing accountability in a system?

65 / 90

What is the purpose of turnstiles and mantraps in physical access control systems?

66 / 90

What security objective does nonrepudiation support in IAM systems?

67 / 90

What is the difference between centralized and decentralized IAM administration?

68 / 90

Which access control model can be helpful in identifying common need-to-know criteria for granting access to applications appropriately?

69 / 90

What is a common practice for countering risks to devices and the data they contain?

70 / 90

Which of the following statements best describes attribute-based access control (ABAC)?

71 / 90

Which protocol is generally implemented for controlling access to network infrastructure resources like routers?

72 / 90

Which of the following physical access control methods is designed to explicitly limit the rate of access to a facility?

73 / 90

Which of the following functionalities of an IdM system supports oversight of identities and access by providing key details about the authorizations that are granted to an identity?

74 / 90

Which of the following is a weakness of biometric authentication that requires security practitioners to balance user and cultural requirements when designing authentication schemes?

75 / 90

What is the crossover error rate (CER) in access control systems?

76 / 90

Which of the following is an example of a logical access control?

77 / 90

What is vertical privilege escalation?

78 / 90

What is the purpose of device identification in Physical Access Control Systems (PACSs)?

79 / 90

What is the purpose of deprovisioning as it relates to account access?

80 / 90

Which of the following elements of Physical Access Control Systems (PACSs) allows for making an access decision by granting or denying access to authorized and unauthorized users?

81 / 90

Which of the following processes is not supported by an Identity Management (IdM) system?

82 / 90

Which component of a Kerberos environment is responsible for performing registration for new users and maintaining the database of secret keys?

83 / 90

What is a potential downside of decentralized IAM administration?

84 / 90

What is the primary reason for performing a usage review of user, system, and nonhuman accounts?

85 / 90

What is a primary concern for device Identity and Access Management (IAM)?

86 / 90

Which physical access control element provides an opportunity to make an access decision?

87 / 90

What is the fundamental practice of access control?

88 / 90

Which of the following is a weakness of biometric authentication systems in terms of accessibility?

89 / 90

In a Kerberos environment, what is the function of the Authentication Server (AS)?

90 / 90

In SAML, what is the role of the identity provider (IdP)?

Your score is

🔒 Hands-On Cybersecurity Course + INTERNSHIP 🔒

Visit our Cyber Course  

CISSP Domain 5: Identity and Access Management

Core Focus

Domain 5 is crucial for managing and securing identity and access within organizations, ensuring appropriate resource access.

Key Areas

  1. Identity Management: User registration and digital identity creation
  2. Access Management: Authorizing data and system access
  3. Identity as a Service (IDaaS): Cloud-based identity solutions

Learning Path

    1. Study Domain 5 Resources
    2. Explore Domain 4: Communication and Network Security
    3. Master Domain 6: Security Assessment and Testing

Additional Support

We’re here to support your CISSP certification journey. Good luck with your preparation!

cissp-domain-5-image
Share the Post:

Related Posts

RSS  
  • Discover How to Work Remotely and Travel!
    Have you ever dreamed about working from beautiful places like Thailand or Japan, but weren’t sure if it’s possible? I’m here to share my adventures and some tips on how to make working remotely while exploring the world a reality.  Who Am I? My name is Josh, and I’m all about creating helpful content on […]
  • Why Contract Work in IT Can Be a Good Start for Your Career
    Hey buddies! Are you curious about what it’s like to work in IT and cyber security? Well, you’re in luck because today we’re diving into the world of contract work and how it might just be the jumpstart your career needed! Getting Into the World of Contract Work in IT Josh, an expert in IT […]
  • Is Cyber Security a Career That Will Last Forever?
    Hey everyone! Have you ever wondered if choosing a career in cyber security is a good idea for the long haul? Well, let’s dive into this topic with the help of Josh Maor’s insights, and find out why cyber security might just be one of the smartest career choices out there. What Is Cyber Security? […]
IT Course

The Affordable, Hands-On Josh Madakor IT Course that gets Results!

Ready to get started your journey?
Cyber Course

The Affordable, Hands-On Cyber Security that gets Results!

Ready to get started your journey?

JOIN OUR

NEWSLETTER

Sign up for our free newsletters.

by joining 8000+ others in my weekly newsletter 

where you’ll get a dose of my thoughts on self-improvement, career,

and life!