CarlsCloud™ CISSP Domain 5: IAM Scenarios: Pop Quiz Can You Crack the Code?

Name the IAM Concept" Quiz Scenario 1: During a security audit, it's discovered that several administrative accounts have far more permissions than necessary for their job roles.

4 months ago   •   2 min read

By Carl Ballenger, CISSP
Table of contents

In CISSP Domain 5, it's about knowing the right tool for the access control job.  Up your IAM game with our latest quiz!

"Name the IAM Concept" Quiz

Scenario 1:  During a security audit, it's discovered that several administrative accounts have far more permissions than necessary for their job roles.

Which IAM principle has been violated here?

  • A. Separation of Duties
  • B. Least Privilege
  • C. Zero Trust
  • D. Implicit Deny

Scenario 2: The company wants a centralized way to manage access requests, approvals, and regularly review who has access to what systems.

What type of IAM solution would best address this need?

  • A. Password manager
  • B. Identity Governance and Administration (IGA)
  • C. Single Sign-On (SSO)
  • D. Biometric authentication system

Scenario 3:  A security breach involved a contractor's account being used to access systems after their contract ended.

Which IAM process breakdown likely contributed to this?

  • A. Onboarding
  • B. Offboarding
  • C. Account recertification
  • D. Multi-factor authentication

Great job tackling these IAM scenarios!  Let's unveil the answers and delve into the reasoning behind them, all from a CISSP exam perspective.

Answer Key:

  1. Least Privilege (B)
  2. Identity Governance and Administration (IGA) (B)
  3. Offboarding (B)


Scenario 1: Least Privilege - (B)

  • Least Privilege Principle: Admin accounts should only have the minimum permissions needed to perform their job duties. Granting excessive permissions increases the attack surface if compromised.

Other Options:

  • Separation of Duties: This ensures no single user can perform an entire critical task, mitigating risk. Doesn't directly address excessive permissions.
  • Zero Trust: This broader principle emphasizes verification at every access attempt, regardless of user or device. Doesn't solve the root cause (overly privileged accounts).
  • Implicit Deny: This dictates denying access by default unless explicitly allowed. Powerful for overall security, but not specifically about managing user permissions.

Scenario 2: Identity Governance and Administration (IGA) - (B)

  • IGA: A centralized system for managing user identities, access requests, approvals, and ongoing reviews. Streamlines IAM processes and ensures proper oversight.

Other Options:

  • Password Manager: Manages user passwords securely, but doesn't handle access control across different systems.
  • Single Sign-On (SSO): Simplifies user login, but doesn't manage access requests or user lifecycles.
  • Biometric Authentication System: Strengthens authentication itself, but doesn't handle access provisioning or reviews.

Scenario 3: Offboarding - (B)

  • Offboarding: The process of securely disabling access for departing employees or contractors. Crucial to prevent unauthorized access after employment ends.

Other Options:

  • Onboarding: Focuses on provisioning access for new users, not deprovisioning after they leave.
  • Account Recertification: Periodically reviews user access to ensure it's still justified, but doesn't guarantee immediate deactivation upon contract end.
  • MFA: Protects against stolen credentials, but doesn't address accounts that should no longer have access at all.

Key Takeaways

These scenarios highlight the importance of understanding core IAM principles like Least Privilege and the critical role of proper user lifecycle management (onboarding and offboarding).

While you are here:  Did you enjoy CarlsCloud™ CISSP related content today?

If so, buy me a coffee or just shoot me a note via LinkedIn to say thanks!  It would mean a lot to me!

Spread the word

Keep reading