Assess your understanding of security audit concepts in Identity and Access Management (IAM) with this quiz, designed to highlight best practices, detection strategies, and common pitfalls in securing accounts and permissions. Strengthen your knowledge on user review processes, policy principles, and anomaly detection for effective access governance.
An audit identifies users who have unnecessary high-level permissions, such as administrator rights, that are not required for their daily tasks. Which principle should have prevented this?
Explanation: The principle of least privilege ensures users receive only the minimum permissions needed for their roles, preventing unnecessary high-level access. Password complexity addresses the strength of passwords but does not limit permissions. Multi-factor authentication increases login security but does not govern assigned rights. Account expiration controls time-based access, not permission levels.
During an audit, you notice a user was assigned a new access policy granting them rights to sensitive data. What IAM control helps reduce the risks of unauthorized policy changes?
Explanation: Change approval workflows require that policy modifications are reviewed and authorized before taking effect, helping prevent unauthorized changes. Single sign-on simplifies access without addressing policy changes. Password length and account lockout improve authentication security, but do not regulate policy assignments.
While reviewing IAM logs, you find several accounts that have not been used for over a year. What is the recommended audit action for these accounts?
Explanation: Disabling or deleting dormant accounts reduces the attack surface and prevents misuse. Increasing password expiration does not remove the risk since the account remains. Granting administrative access to unused accounts is highly insecure. Manual password resets only help if the accounts are necessary, not for unused ones.
You discover that one employee can both request and approve access to sensitive resources. What control should be implemented to address this scenario?
Explanation: Segregation of duties means splitting critical tasks between different people to prevent misuse of privileges. Single sign-on relates to simplifying authentication, not task separation. Password reuse policy and account expiration do not address the approval process or risk of self-authorization.
An employee who has changed departments still holds old access rights in addition to new ones. Which IAM risk does this scenario illustrate?
Explanation: Permission creep occurs when users accumulate unnecessary rights over time, often after role changes. Credential stuffing refers to using stolen credentials to gain unauthorized access. Zero trust is an approach that always verifies access, and time-based access refers to limiting access within certain hours.
Your audit uncovers repeated failed login attempts from the same account across different times. What should you recommend?
Explanation: Multiple failed logins can indicate brute force attacks, so monitoring and further investigation are recommended. Granting more access rights increases security risks. Ignoring these attempts overlooks possible threats. Deleting the account might be premature without confirmation of compromise.
Which IAM process ensures that user access is adjusted according to job status changes, such as hiring, transfers, or leaving the organization?
Explanation: The joiner-mover-leaver lifecycle manages access at hiring, role changes, and departure. Two-factor authentication increases login security but does not address job status. Role escalation is granting higher permissions, not adjusting or revoking access. Password rotation relates to changing passwords, not job changes.
During an audit, you find a service account used by multiple applications with an unchanged default password. What risk does this pose?
Explanation: Leaving default credentials unchanged on service accounts can be exploited by attackers, as these passwords are often known or easy to guess. Improved application performance and reduced administrative workload are not related risks. Faster password resets do not mitigate the underlying security threat.
An auditor wants to check for risky actions performed by those with elevated access, such as system administrators. What is the most appropriate IAM audit activity?
Explanation: Examining logs for privileged accounts helps detect unusual or unauthorized activities. Increasing password age requirements does not provide insight into actions taken. Enabling guest access and disabling multi-factor authentication reduce security and are not related to auditing privileged activity.
You are auditing access policies and notice some resources are accessible to all users without restrictions. Which policy principle is being violated?
Explanation: The need-to-know principle states that users should only access information essential for their duties. If resources are open to everyone, this principle is violated. Default deny is a policy for rejecting access unless granted. Password reuse and role rotation are unrelated to resource accessibility.