Identity Security & Advanced IAM Architecture

1. An organisation wants to reduce the risk of privileged credential persistence while maintaining operational efficiency for administrators. Which control BEST addresses this objective?

Shared administrator credentials managed through centralised vault workflows Persistent privileged identities protected using phishing-resistant MFA Time-bound privileged elevation using approval-based JIT workflows Increased privileged credential complexity with mandatory rotation controls

2. Which architectural control MOST directly reduces lateral movement risk across administrative environments?

Tiered administration with isolated administrative management planes Automated password rotation for all privileged administrative accounts Centralised authentication and privileged activity correlation logging Mandatory VPN enforcement for all privileged administrative sessions

3. A cloud tenant uses Conditional Access policies extensively. Which configuration introduces the GREATEST hidden risk?

Restricting access to compliant and monitored corporate devices Broad exclusion groups supporting unmanaged legacy authentication paths Session risk evaluation with continuous access policy enforcement MFA enforcement for privileged administrative role assignments

4. Which OAuth implementation is MOST appropriate for browser-based public applications requiring delegated user access?

Client Credentials Flow using confidential server-side authentication Resource Owner Password Credentials Flow with direct credential handling Device Authorization Flow supporting constrained authentication interfaces Authorization Code Flow with PKCE for public client protection

5. Which activity MOST directly supports non-repudiation in PAM environments?

Automated credential rotation across privileged administrative systems MFA enforcement for privileged interactive authentication workflows Session recording tied directly to authenticated named identities Password vault replication across geographically resilient environments

6. An attacker successfully steals a valid session token from a privileged administrator. Which security control would MOST effectively reduce replay risk?

Device-bound authentication enforcement Password complexity increases Daily credential rotation only Shared break-glass administrative accounts

7. Which identity governance activity MOST directly validates whether access remains appropriate over time?

MFA registration campaigns Session timeout configuration Password expiration enforcement Access certification reviews

8. Which statement BEST describes Zero Trust architecture?

Trust is inherited from network segmentation boundaries Identity assurance alone replaces monitoring requirements Access decisions should continuously evaluate context and risk VPN connectivity establishes implicit trust relationships

9. A service account has Domain Admin privileges because application compatibility requirements were never reviewed. What is the MOST significant security concern?

Kerberos ticket lifetime reduction Excessive privilege persistence and attack path exposure Increased password rotation complexity Conditional access incompatibility

10. Which control BEST reduces risk associated with OAuth consent phishing attacks?

Restricting user consent and enforcing application governance Reducing VPN idle timeout values Increasing password expiration frequency Blocking legacy Kerberos authentication

11. What is the MOST important objective of Segregation of Duties (SoD)?

Simplifying role inheritance models Improving authentication response time Preventing concentration of critical control authority Reducing password reset volume

12. An organisation implements MFA for all privileged users but still experiences account compromise through adversary-in-the-middle phishing kits. Which control would MOST improve resistance?

Shared PAM administration accounts Increased session timeout duration More frequent password changes Hardware-backed phishing-resistant authentication

13. Which federation weakness MOST directly increases token forgery risk?

Overly aggressive session timeout values Poorly protected signing certificates Conditional access enforcement Short-lived refresh tokens

14. Which activity BEST supports identity attack path reduction?

Expanding delegated administration scopes Removing unnecessary privileged group memberships Extending privileged session durations Allowing persistent administrative access for operational efficiency

15. A production identity provider vulnerability is being actively exploited publicly. What should occur FIRST?

Disable all federation relationships globally Rotate all end-user passwords immediately Assess exposure, exploitability, and operational impact Conduct post-incident lessons learned workshops

16. Which identity security failure MOST commonly contributes to privilege escalation attacks?

Excessive delegated permissions Frequent access certification campaigns Hardware security key enforcement Session recording enablement

17. Which logging activity provides the MOST valuable visibility during identity-focused incident investigations?

Successful software installation logs only Physical office entry records exclusively Privileged role assignment and authentication anomaly monitoring Standard workstation reboot logs

18. What is the PRIMARY security benefit of ephemeral privileged access?

Eliminating MFA requirements for administrators Reducing standing privilege exposure windows Removing the need for privileged session monitoring Simplifying service account architecture

19. Which cloud identity risk is MOST associated with excessive OAuth application permissions?

Reduced MFA registration rates Increased password reset activity Broad unauthorised access to user data and APIs Kerberos ticket fragmentation

20. What is the BEST overall approach to enterprise identity security?

Focus exclusively on MFA deployment without identity monitoring Prioritise operational convenience over privilege governance Depend primarily on network segmentation for administrative security Combine strong authentication, least privilege, governance, monitoring, and operational resilience

Identity Security & Advanced IAM Architecture

Completed

Identity Security & Advanced IAM Architecture

Follow Us