Home > CISSP > Quizzes > CISSP Domain 5: Identity and Access Management
CISSP Domain 5: Identity and Access Management
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 65% Most missed: “TACACS+ uses which communication protocol to support authentication, authorizati…”

Domain 5: Identity and Access Management Practice Questions
Questions from the following topics are included in this domain: 
Controlling physical and logical access to assets 
Managing authentication of people and devices
Implementing and managing federation, and other authorization mechanisms
Managing the provisioning and deprovisioning life cycle
Implementing and managing authentication systems 

CISSP Domain 5: Identity and Access Management
Time left 00:00
25 Questions

1. A user's digital identity is composed of three parts. These are which of the following?
2. Renee is notified that she has just made a purchase of $120 from Walmart that she does not recognize. Her email reports several messages of bad login attempts to other online stores. What is MOST LIKELY occurring?
3. Which of the following transmits username and password information in plain text across the network?
4. A public key infrastructure (PKI) offers which type of trust to users?
5. Of the following, which is the strongest password?
6. Which type of communication connectors provide the BEST defense and security to leaky authentication vulnerabilities?
7. Istvan is a new security manager and is pretty certain that a backup tape missing yesterday was there today. What can he BEST do to mitigate his discomfort?
8. Colt is an administrative assistant at 90 Days Corp and needs to print his boss's schedule. Which BEST describes the relationship?
9. Which of the following is NOT true of TACACS+ over RADIUS?
10. A synchronous token device is utilized to aid in dual-factor authentication by providing what type of output?
11. Which of the following is considered the strongest form of authentication?
12. Jamaun is a network engineer who installs a new firewall for the organization. Unfortunately, it does not work because all traffic is blocked. What should he do?
13. Linux systems have a feature that allows a user to elevate their privilege temporarily, without knowing the root password. Which command performs this function?
14. Jacqueline, a systems administrator, has just completed installing the Kerberos system into the corporate network. Which is her BEST next step?
15. Eden is a security engineer seeking methods to mitigate data loss and prevent password compromise by keyloggers. Which is her BEST solution?
16. A type of RBAC that allows for defining a subset of roles based on a superset role is named which of the following?
17. Kyrie is a security analyst that belongs to the LinkedIn group Secure your Business. He gets to know some of the others in the group and shares information about his corporate network. Within 2 weeks, his organization is hit with ransomware. Which attack did the hacker use?
18. Which of the following would be considered an administrative control?
19. Corey is a security manager creating a corporate security document that states laptops must maintain the latest patches and use ClamAV malware detection, the LibreOffice suite, and the Thunderbird email client. This document BEST fits which category?
20. Which are examples of biometric controls for authentication?
21. Sniffers are utilities that can listen to network traffic and can collect data, usernames, and passwords. What are examples of sniffing tools?
22. Maya is a security engineer assigned the task of installing a Debian-based online shopping cart that is improperly set up and unpatched for research purposes. What type of computer is she installing?
23. Markizai is a barber seeking to visit his daughter at the Central Intelligence Agency (CIA). He's instructed to go through a door that locks behind him, and the door in front is also locked. While locked in the room, he hears over the speaker that metal is detected, and he is being detained. What is the name of this room?
24. Which of the following is the BEST process for a user to access a resource?
25. Amandine contacts her corporate help desk because an app she installed on her computer is not functioning normally. The manager of tech support steps in and states they cannot help her with the app. What is the MOST LIKELY reason?