Flashcards

Identity and Access Management

Management of users' access rights.

5 minutes 5 Questions

Identity and Access Management (IAM) refers to the framework of policies, technologies, and processes that organizations implement to manage digital identities and control access to resources. IAM systems handle two critical functions: authentication (verifying who someone is) and authorization (d…

Concepts covered

Identity Federation Biometric Authentication User Provisioning and De-provisioning Access Control Models Role-Based Access Control Single Sign-On Directory Services Multifactor Authentication Privileged Access Management Password Management

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Security+ - Identity and Access Management Example Questions

Test your knowledge of Identity and Access Management

Question 1

A company is implementing Privileged Access Management in their environment. Which of the following should be the primary focus while setting up the environment?

Role-Based Access Control Rule-Based Access Control Least Privilege Principle Location-Based Access Control

Correct Answer: Least Privilege Principle

Least Privilege Principle is the primary focus while setting up a PAM environment because it ensures users are assigned the minimum set of privileges needed to complete their tasks. Other types of access control focus on limiting access based on different factors but none are as important as the principle of least privilege for PAM.

Question 2

An organization is migrating its IT infrastructure to the cloud and wants to improve the security of its privileged access management. What should be a top priority during the migration?

Implementing a highly complex password only for administrator accounts Disabling administrator accounts during the migration Migrating existing password policies to the cloud provider Ensure that cloud service providers support multi-factor authentication (MFA)

Correct Answer: Ensure that cloud service providers support multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a critical security measure that should be supported by the cloud service provider, as it adds an extra layer of protection for privileged users. Disabling administrator accounts during the migration may hinder migration efforts and monitoring. Migrating existing policies, maintaining current privileged access levels, or enabling high-complexity passwords are insufficient security measures for cloud-based privileged access management. Allowing users to create new accounts without oversight may lead to unauthorized access and security risks.

Question 3

To ensure that only necessary access is allowed, what strategy should be employed in relation to passwords for users with privileged access?

Create weak, unique passwords for each privileged account Create strong, unique passwords for each privileged account Rotate passwords monthly Use the same strong password for all privileged accounts

Correct Answer: Create strong, unique passwords for each privileged account

Using strong, unique passwords for each privileged account ensures that a breach in one account does not compromise all privileged accounts. The other options leave privileged accounts more vulnerable or fail to provide adequate protection.

Unlock Premium Access

CompTIA Security+

Access to ALL Certifications: Study for any certification on our platform with one subscription
1241 Superior-grade CompTIA Security+ practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CompTIA Security+: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

More Identity and Access Management questions

54 questions (total)

Start 54 question test