Identity and Access Management — CISSP Practice Questions
Identity and access provisioning, identity federation, and access control This domain is about 13% of the CISSP exam. Every question below is cross-checked by two AI models and grounded in public NIST sources.
12 free Identity and Access Management practice questions
Answer them right here — no signup. Pick an option and you'll see the correct answer and a full explanation instantly.
Try it now — no signup. Answer and get instant feedback.
Question 1
beginner
What is the most critical step in the identity lifecycle management process to prevent unauthorized access after an employee leaves the organization?
Why: De-provision access to prevent unauthorized access after employee termination
De-provisioning access upon termination is critical to prevent unauthorized access to sensitive resources.
Question 2
beginner
What initial step should be taken to ensure the technical compatibility and functionality of a third-party identity service with existing systems?
Why: Review provider documentation before integrating identity services
Conducting a thorough review of the provider's documentation and APIs is essential to understand the integration requirements and ensure a smooth integration process.
Question 3
beginner
What should be done to control access to a new database?
Why: Identify the best approach to controlling database access
Implementing a database access control system based on user roles ensures that access is granted based on the principle of least privilege, reducing the risk of unauthorized access
Question 4
beginner
When integrating a third-party identity service to access sensitive customer data, what should be done to ensure that access is properly restricted?
Why: Understand the importance of attribute-based access control in restricting access to sensitive data
Using attribute-based access control (ABAC) ensures that access to sensitive data is properly restricted based on user attributes and environmental factors.
Question 5
intermediate
Your organization is implementing a new identity and access management system across all its global operations, including cloud services and on-premise infrastructure. What should be the first step to effectively manage the identification and authentication of people and devices?
Why: Conduct risk assessments to identify vulnerabilities in identity management systems
Conducting a thorough risk assessment is crucial to identify potential vulnerabilities and threats to the identity management system, allowing for proactive measures to be taken to mitigate them.
Question 6
intermediate
As the CISO of a company with a hybrid IaaS cloud environment, where some infrastructure is on-premise and some is cloud-based, what is the BEST approach to managing identification and authentication of people/devices across both environments?
Why: Use cloud-based identity management solutions that integrate with on-premise systems
Using a cloud-based identity management solution that integrates with on-premise systems provides a unified and consistent approach to identity management, simplifying administration and improving security.
Question 7
intermediate
As the CISO of a company, you are tasked with overseeing the integration of a third-party identity service that will handle customer personally identifiable information (PII). What is the BEST approach to ensuring the security and compliance of this sensitive data during the integration process?
Why: Ensure the security of sensitive data during the integration of third-party identity services
Using a third-party identity service with a proven track record of security and compliance is the best approach, as it provides a secure and reliable solution for managing sensitive data.
Question 8
intermediate
As the CISO of a company, you are tasked with integrating a cloud-based third-party identity service to provide identity and access management (IAM) capabilities. What is the BEST approach to ensuring the service's reliability and availability?
Why: Ensure the reliability and availability of third-party identity services for IAM
Establishing an SLA with the third-party provider is the best approach, as it provides a contractual guarantee of the service's reliability and availability, and ensures that the provider is accountable for meeting specific service level targets.
Question 9
intermediate
A security manager is tasked with implementing authorization mechanisms for a new cloud-based application. What is the BEST approach to ensure fine-grained access control?
Why: Implementing fine-grained access control
Using attribute-based access control (ABAC) with dynamic policies is the best approach to ensure fine-grained access control, as it allows for more nuanced and context-dependent access decisions.
Question 10
intermediate
You are the CISO of a company that is implementing a new authorization mechanism for its cloud-based services. What is the primary consideration when evaluating the effectiveness of an authorization protocol in controlling access to resources?
Why: Evaluating authorization protocols requires careful consideration of the level of granularity provided
The level of granularity provided by the authorization protocol is critical, as it determines the level of control over access to sensitive data and resources
Question 11
intermediate
As the CISO of a mid-sized enterprise, you are tasked with securing a newly acquired, previously unsecured facility that houses sensitive equipment and data. What should be done FIRST to establish control over physical access to the facility?
Why: Conduct risk assessments to identify vulnerabilities in physical security controls
Conducting a risk assessment is the first step in identifying vulnerabilities in the facility's physical security controls, which will inform the development of a comprehensive access control plan.
Question 12
intermediate
An organization is implementing a federated identity management system. What is the BEST approach to ensure seamless integration with existing systems?
Why: Understand the importance of standards in federated identity management
Using open standards such as SAML or OpenID Connect enables seamless integration with existing systems and facilitates interoperability.
Like this? There's a full CISSP bank behind it.
Create a free account to take a real adaptive CISSPexam, track every domain, and get a readiness score that tells you when you're ready.
How many CISSP Identity and Access Management practice questions does CramKit have?+
CramKit's Identity and Access Management domain has verified CISSP practice questions, each blind re-answered by two independent AI models and grounded in public NIST sources before it goes live. This page shows 12 of them free; the full set is available after a free sign-up.
What percentage of the CISSP exam is Identity and Access Management?+
Identity and Access Management accounts for about 13% of the CISSP exam blueprint, so CramKit weights its question bank to match that emphasis.
Are these Identity and Access Management questions verified?+
Yes. Every question is independently re-answered by two different AI model families and only goes live if both agree it is correct and unambiguous, so you are not practicing on wrong-keyed questions.