Log in Start practising free
CISSP

Identity & Access Management

32 free practice questions with explanations

Practise all 32 questions free →

PassNova has 32 free CISSP practice questions on Identity & Access Management, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Identity & Access Management: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 32 free in the browser.

  1. Which access control model grants access based on attributes of the subject, object, action, and environment, enabling fine-grained policies such as allowing access only during business hours from a corporate device?

    • A Discretionary Access Control (DAC)
    • B Mandatory Access Control (MAC)
    • C Role-Based Access Control (RBAC)
    • D Attribute-Based Access Control (ABAC)

    Answer: Attribute-Based Access Control (ABAC) evaluates attributes of the subject, object, action, and environment, enabling context-aware policies like time and device restrictions.

  2. In Kerberos authentication, which component issues the Ticket Granting Ticket (TGT) after a user successfully authenticates?

    • A The client's local credential cache
    • B Ticket Granting Service (TGS)
    • C Authentication Service (AS) of the Key Distribution Center
    • D The target application server

    Answer: The Authentication Service (AS) within the Key Distribution Center authenticates the user and issues the Ticket Granting Ticket (TGT).

  3. An organization wants users to authenticate once and gain access to multiple independent web applications across different domains using assertions. Which standard is MOST appropriate?

    • A Security Assertion Markup Language (SAML)
    • B Kerberos
    • C LDAP
    • D RADIUS

    Answer: SAML is an XML-based standard that exchanges authentication and authorization assertions to enable web-based single sign-on across domains.

  4. Which of the following is an example of a Type 3 authentication factor (something you are)?

    • A A smart card
    • B A hardware token generating one-time passwords
    • C A personal identification number (PIN)
    • D A fingerprint scan

    Answer: Type 3 factors are biometric (something you are); a fingerprint scan is a biometric measurement of an inherent characteristic.

  5. In biometric systems, which error rate represents the point where the false acceptance rate equals the false rejection rate and is used to compare overall accuracy between systems?

    • A Failure to Enroll Rate (FER)
    • B False Acceptance Rate (FAR)
    • C False Rejection Rate (FRR)
    • D Crossover Error Rate (CER)

    Answer: The Crossover Error Rate (CER, also called Equal Error Rate) is where FAR equals FRR; a lower CER indicates a more accurate biometric system.

  6. Which authorization framework is designed to allow a third-party application delegated access to a user's resources without exposing the user's credentials, commonly used for API access delegation?

    • A RADIUS
    • B OAuth 2.0
    • C SAML 2.0
    • D Kerberos

    Answer: OAuth 2.0 is an authorization framework that issues access tokens so a third party can act on a user's behalf without receiving the user's password.

Start practising Identity & Access Management →
More CISSP topics

Practise another topic

Asset Security & Security Architecture47 questions Security Assessment, Testing & Operations37 questions Security & Risk Management36 questions Communication & Network Security32 questions Software Development Security16 questions
← Back to CISSP