Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Identity and Access Management practice sets

CISSP Identity and Access Management • Complete Question Bank

CISSP Identity and Access Management — All Questions With Answers

Complete CISSP Identity and Access Management question bank — all 0 questions with answers and detailed explanations.

60
Questions
Free
No signup
Certifications/CISSP/Practice Test/Identity and Access Management/All Questions
Question 1easymultiple choice
Read the full Identity and Access Management explanation →

Which authentication factor type is a smart card?

Question 2mediummultiple choice
Read the full Identity and Access Management explanation →

An organization requires users to authenticate with a password and a one-time code sent to their mobile phone. This is an example of which authentication method?

Question 3mediummultiple choice
Read the full Identity and Access Management explanation →

In Kerberos authentication, which component issues a Ticket Granting Ticket (TGT) after verifying the user's credentials?

Question 4hardmultiple choice
Read the full Identity and Access Management explanation →

An attacker who has compromised the Kerberos Key Distribution Center (KDC) could forge a Ticket Granting Ticket (TGT) to impersonate any user. This type of attack is known as:

Question 5easymultiple choice
Read the full Identity and Access Management explanation →

Which statement about SAML 2.0 is correct?

Question 6mediummultiple choice
Read the full Identity and Access Management explanation →

Which OAuth 2.0 grant type is recommended for a public client (e.g., single-page application) that cannot securely store a client secret?

Question 7mediummultiple choice
Read the full Identity and Access Management explanation →

OpenID Connect (OIDC) extends OAuth 2.0 primarily by adding which capability?

Question 8hardmultiple choice
Read the full Identity and Access Management explanation →

An organization is implementing identity management and wants to ensure that when an employee leaves, all access is promptly revoked. Which process is most directly responsible for removing accounts and access rights for a leaver?

Question 9mediummultiple choice
Read the full Identity and Access Management explanation →

A security analyst is reviewing access rights and discovers an active account belonging to a former employee who left six months ago. This is an example of:

Question 10mediummultiple choice
Read the full Identity and Access Management explanation →

In a Privileged Access Management (PAM) solution, which feature provides temporary elevation of privileges for specific tasks, reducing the risk of standing privileges?

Question 11easymultiple choice
Read the full Identity and Access Management explanation →

In LDAP, what does the Distinguished Name (DN) uniquely identify?

Question 12hardmultiple choice
Read the full Identity and Access Management explanation →

Which access control model allows the owner of a resource to determine who can access it and what permissions they have?

Question 13mediummultiple choice
Read the full Identity and Access Management explanation →

A security policy requires that a user cannot have both the ability to create purchase orders and approve invoices. This is an example of:

Question 14mediummulti select
Read the full Identity and Access Management explanation →

A security architect is designing a Single Sign-On (SSO) solution for a web application that needs to support authentication and authorization. Which TWO of the following protocols are best suited for this purpose? (Select TWO)

Question 15hardmulti select
Read the full Identity and Access Management explanation →

An organization is implementing Privileged Access Management (PAM). Which THREE of the following are common features of a PAM solution? (Select THREE)

Question 16easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following is an example of a Type 2 authentication factor?

Question 17mediummultiple choice
Read the full Identity and Access Management explanation →

A security administrator is configuring a system that requires users to provide a password and a one-time code from a hardware token. Which authentication method is being implemented?

Question 18mediummultiple choice
Read the full Identity and Access Management explanation →

In Kerberos, which component issues ticket-granting tickets (TGTs) after verifying the user's credentials?

Question 19hardmultiple choice
Read the full Identity and Access Management explanation →

An attacker has obtained a Kerberos TGT and uses it to request service tickets for any resource in the domain. Which type of attack is this?

Question 20easymultiple choice
Read the full Identity and Access Management explanation →

Which protocol is specifically designed for authorization and not authentication, often using grant types like authorization code and client credentials?

Question 21mediummultiple choice
Read the full Identity and Access Management explanation →

In an OAuth 2.0 authorization code flow with PKCE, what is the primary purpose of the code verifier and code challenge?

Question 22hardmultiple choice
Read the full Identity and Access Management explanation →

An organization wants to implement single sign-on across multiple web applications using an XML-based protocol that supports identity provider (IdP) and service provider (SP) initiated flows. Which technology should they choose?

Question 23mediummultiple choice
Read the full Identity and Access Management explanation →

An employee leaves the company, and their user account is not disabled. This creates a security risk known as:

Question 24easymultiple choice
Read the full Identity and Access Management explanation →

Which principle ensures that a user is granted only the permissions necessary to perform their job functions?

Question 25mediummultiple choice
Read the full Identity and Access Management explanation →

A company implements a policy requiring two different employees to approve a payment transaction. This is an example of:

Question 26hardmultiple choice
Read the full Identity and Access Management explanation →

An organization wants to provide just-in-time administrative access to servers, with session recording and password vaulting. Which solution is best suited?

Question 27mediummultiple choice
Read the full Identity and Access Management explanation →

An LDAP distinguished name (DN) includes the attribute 'CN=John Doe,OU=Sales,DC=company,DC=com'. What does 'CN' stand for?

Question 28hardmultiple choice
Read the full Identity and Access Management explanation →

Which access control model bases decisions on attributes of the user, resource, and environment, and can use Boolean logic to define policies?

Question 29mediummulti select
Read the full Identity and Access Management explanation →

A security analyst is reviewing access controls for a financial application. Which TWO of the following are considered best practices for preventing fraud? (Select TWO.)

Question 30hardmulti select
Read the full Identity and Access Management explanation →

An organization is implementing a Privileged Access Management (PAM) solution. Which THREE of the following are common features of PAM? (Select THREE.)

Question 31easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following is an example of a Type 1 authentication factor?

Question 32mediummultiple choice
Read the full Identity and Access Management explanation →

In Kerberos authentication, what is the purpose of the Ticket Granting Ticket (TGT)?

Question 33hardmultiple choice
Read the full Identity and Access Management explanation →

A security analyst discovers that an attacker has gained domain admin privileges by forging a Kerberos TGT using the KRBTGT account hash. Which attack has occurred?

Question 34mediummultiple choice
Read the full Identity and Access Management explanation →

In SAML 2.0, which component is responsible for authenticating the user and generating an assertion?

Question 35mediummultiple choice
Read the full Identity and Access Management explanation →

An organization wants to enable single sign-on (SSO) across multiple web applications using an XML-based protocol that supports browser redirect flows. Which technology is most appropriate?

Question 36hardmultiple choice
Read the full Identity and Access Management explanation →

In OAuth 2.0, which grant type is recommended for a native mobile application that cannot securely store a client secret, and uses PKCE?

Question 37easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following is a process that ensures users periodically confirm they still need access to systems and data?

Question 38mediummultiple choice
Read the full Identity and Access Management explanation →

A financial application requires two employees to authorize a wire transfer. Which principle does this implement?

Question 39hardmultiple choice
Read the full Identity and Access Management explanation →

An organization implements Privileged Access Management (PAM) and wants to reduce the risk of standing privileges. Which approach grants temporary elevated access only when needed?

Question 40mediummultiple choice
Read the full Identity and Access Management explanation →

In LDAP, which attribute uniquely identifies an entry within the directory information tree?

Question 41easymultiple choice
Read the full Identity and Access Management explanation →

Which access control model assigns permissions based on a user's job function?

Question 42hardmultiple choice
Read the full Identity and Access Management explanation →

An organization uses Active Directory and needs to enforce password complexity settings for all users in a specific department. What is the most efficient way to achieve this?

Question 43mediummulti select
Read the full Identity and Access Management explanation →

A security administrator is reviewing potential risks associated with orphaned accounts. Which TWO of the following are risks of orphaned accounts?

Question 44mediummulti select
Read the full Identity and Access Management explanation →

Which THREE of the following are components of a Privileged Access Management (PAM) solution?

Question 45hardmulti select
Read the full Identity and Access Management explanation →

Which TWO of the following are differences between OAuth 2.0 and OpenID Connect (OIDC)?

Question 46easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following is an example of a Type 2 authentication factor?

Question 47mediummultiple choice
Read the full Identity and Access Management explanation →

A security architect is designing an authentication system for a healthcare application that requires strong security. The system will use a password and a one-time passcode sent via SMS. How many authentication factor types are being used?

Question 48hardmultiple choice
Read the full Identity and Access Management explanation →

During a Kerberos authentication process, the client receives a Ticket Granting Ticket (TGT) from the Authentication Server (AS). Later, the client presents the TGT to the Ticket Granting Server (TGS) to request a service ticket. Which of the following best describes the purpose of the TGT?

Question 49mediummultiple choice
Read the full Identity and Access Management explanation →

An organization implements Single Sign-On (SSO) using SAML 2.0. A user attempts to access a cloud application (Service Provider) but is not authenticated. The Service Provider redirects the user to the Identity Provider (IdP) for authentication. Which type of SAML flow is this?

Question 50hardmultiple choice
Read the full Identity and Access Management explanation →

A developer is implementing OAuth 2.0 for a mobile app (public client) that needs to access a user's data from a third-party API. To mitigate the authorization code interception attack, which OAuth 2.0 extension should be used?

Question 51easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following access control models allows the data owner to decide who can access their resources?

Question 52mediummultiple choice
Read the full Identity and Access Management explanation →

A financial institution requires that no single employee can approve a transaction and also reconcile the account. This is an example of which security principle?

Question 53easymultiple choice
Read the full Identity and Access Management explanation →

Which of the following is a lightweight directory access protocol used for accessing and maintaining distributed directory information?

Question 54hardmultiple choice
Read the full Identity and Access Management explanation →

An organization discovers that a former employee's account is still active and has been used to access sensitive data. This is an example of which type of risk?

Question 55mediummulti select
Read the full Identity and Access Management explanation →

Which TWO of the following are characteristics of a Privileged Access Management (PAM) solution? (Choose two.)

Question 56mediummulti select
Read the full Identity and Access Management explanation →

Which TWO of the following are OAuth 2.0 grant types? (Choose two.)

Question 57hardmulti select
Read the full Identity and Access Management explanation →

A security analyst is performing an access review. Which THREE of the following are best practices for user access recertification? (Choose three.)

Question 58mediummulti select
Read the full Identity and Access Management explanation →

In the context of identity management, which TWO of the following are risks associated with orphaned accounts? (Choose two.)

Question 59hardmulti select
Read the full Identity and Access Management explanation →

An organization is implementing OpenID Connect (OIDC) for authentication. Which THREE of the following are components of OIDC? (Choose three.)

Question 60easymulti select
Read the full Identity and Access Management explanation →

Which TWO of the following are examples of Type 3 authentication factors? (Choose two.)

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CISSP Practice Test 1 — 25 Questions→CISSP Practice Test 2 — 25 Questions→CISSP Practice Test 3 — 25 Questions→CISSP Practice Test 4 — 25 Questions→CISSP Practice Test 5 — 25 Questions→CISSP Practice Exam 1 — 20 Questions→CISSP Practice Exam 2 — 20 Questions→CISSP Practice Exam 3 — 20 Questions→CISSP Practice Exam 4 — 20 Questions→Free CISSP Practice Test 1 — 30 Questions→Free CISSP Practice Test 2 — 30 Questions→Free CISSP Practice Test 3 — 30 Questions→CISSP Practice Questions 1 — 50 Questions→CISSP Practice Questions 2 — 50 Questions→CISSP Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security and Risk ManagementAsset SecuritySecurity OperationsSecurity Architecture and EngineeringCommunication and Network SecuritySecurity Assessment and TestingSoftware Development SecurityIdentity and Access Management

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Identity and Access Management setsAll Identity and Access Management questionsCISSP Practice Hub