CISSP · topic practice

Identity and Access Management practice questions

Practise Certified Information Systems Security Professional CISSP Identity and Access Management practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Identity and Access Management

What the exam tests

What to know about Identity and Access Management

Identity and Access Management questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Identity and Access Management exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Identity and Access Management questions

20 questions · select your answer, then reveal the explanation

Which authentication factor type is a smart card?

An organization requires users to authenticate with a password and a one-time code sent to their mobile phone. This is an example of which authentication method?

In Kerberos authentication, which component issues a Ticket Granting Ticket (TGT) after verifying the user's credentials?

An attacker who has compromised the Kerberos Key Distribution Center (KDC) could forge a Ticket Granting Ticket (TGT) to impersonate any user. This type of attack is known as:

Which statement about SAML 2.0 is correct?

Which OAuth 2.0 grant type is recommended for a public client (e.g., single-page application) that cannot securely store a client secret?

OpenID Connect (OIDC) extends OAuth 2.0 primarily by adding which capability?

An organization is implementing identity management and wants to ensure that when an employee leaves, all access is promptly revoked. Which process is most directly responsible for removing accounts and access rights for a leaver?

A security analyst is reviewing access rights and discovers an active account belonging to a former employee who left six months ago. This is an example of:

In a Privileged Access Management (PAM) solution, which feature provides temporary elevation of privileges for specific tasks, reducing the risk of standing privileges?

In LDAP, what does the Distinguished Name (DN) uniquely identify?

Which access control model allows the owner of a resource to determine who can access it and what permissions they have?

A security policy requires that a user cannot have both the ability to create purchase orders and approve invoices. This is an example of:

A security architect is designing a Single Sign-On (SSO) solution for a web application that needs to support authentication and authorization. Which TWO of the following protocols are best suited for this purpose? (Select TWO)

An organization is implementing Privileged Access Management (PAM). Which THREE of the following are common features of a PAM solution? (Select THREE)

Which of the following is an example of a Type 2 authentication factor?

A security administrator is configuring a system that requires users to provide a password and a one-time code from a hardware token. Which authentication method is being implemented?

In Kerberos, which component issues ticket-granting tickets (TGTs) after verifying the user's credentials?

An attacker has obtained a Kerberos TGT and uses it to request service tickets for any resource in the domain. Which type of attack is this?

Which protocol is specifically designed for authorization and not authentication, often using grant types like authorization code and client credentials?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Identity and Access Management sessions

Start a Identity and Access Management only practice session

Every question in these sessions is drawn from the Identity and Access Management domain — nothing else.

Related practice questions

Related CISSP topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CISSP exam test about Identity and Access Management?
Identity and Access Management questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Identity and Access Management questions in a focused session?
Yes — the session launcher on this page draws every question from the Identity and Access Management domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CISSP topics?
Use the topic links above to move to related areas, or go back to the CISSP question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CISSP exam covers. They are not copied from any real exam or dump site.