Identity & Access Management

An employee has been using the same password across 15 different websites. After one site is breached, attackers use the stolen credentials to access the employee's corporate email. Which solution would have prevented this credential-stuffing attack while maintaining usability?

A company wants to eliminate passwords entirely because employees consistently choose weak, guessable passwords or add predictable numbers to common words. They plan to implement authentication using hardware security keys that use public-key cryptography. Which technology BEST enables this passwordless approach?

A user logs into their bank by entering a password (something they know) and then approving a push notification on their phone (something they have). Which term describes this situation?

One of the company’s accountants submitted a ticket stating they could not access a particular section of the accounting software. Why might the accountant not have access to every part of the accounting software?

An organization wishes to implement a ticket-based protocol for a Windows network that will manage authentication and authorization in a single centralized service. Which standard protocol would they use?

A government agency requires employees to insert a smartcard into their workstations and enter a PIN to decrypt emails. The private key cannot be exported from the smartcard's secure chip. Which authentication factor combination does this represent?

A high-security facility installs fingerprint scanners at entry points. During testing, the system occasionally grants access to unauthorized individuals whose fingerprints are not in the database. Which biometric error rate metric describes this specific failure mode?

A company is evaluating facial recognition for building access but is concerned about processing delays during peak hours, potential privacy violations from storing biometric templates, and compliance with accessibility laws for employees with facial differences. Which three concerns align with the discussed biometric evaluation criteria?

In a Windows environment, permissions are assigned based on a user's department and job function (e.g., "Accounting-ReadOnly" or "IT-Admin"), making it easy to modify access for entire groups when employees change roles. Which access control model and management technique does this describe?

A user creates a spreadsheet on a shared drive and manually sets permissions to allow specific colleagues to edit it while restricting others to read-only access. As the resource owner, the user determines who can access the file. Which access control model is in use?

A classified military system labels documents as "Top Secret" and "Secret," and automatically prevents a user with "Secret" clearance from viewing "Top Secret" documents regardless of file ownership or user requests. Which access control model enforces these security labels?

After a company fires a system administrator, the fired employee logs into their administrator account using valid credentials, and deletes thousands of confidential files. What critical process was likely not followed?

An employee has worked at a company for 10 years, moving from Marketing to Sales to Management, and has accumulated access rights from each previous role that they no longer need for their current position. Which risk describes this accumulation of excessive permissions over time?

An HR manager notices that a terminated employee's Active Directory account remained enabled for three months because the automated offboarding workflow failed, allowing the former employee to VPN into the network. Which process failure created this risk?

A Cloud security system detects a user logging in from New York at 9:00 AM and then from Tokyo at 9:30 AM, triggering an automatic account lockdown. Which type of access policy detected this anomaly?

A database administrator must perform critical maintenance but normally operates under a standard user account. They temporarily elevate privileges using a separate account with administrative rights that expires after 4 hours, requiring approval and logging all commands. What term describes these controls?

An organization requires that all administrator tasks be performed from hardened, isolated workstations with no internet access and no email capabilities, separate from regular user machines. Which security control does this describe?

A Linux system allows regular users to execute specific administrative commands with elevated privileges temporarily, requiring re-authentication and logging the elevated session separately from normal activity. Which mechanism provides this controlled privilege elevation?

A company using Windows Server technology needs to link its Active Directory domain to a third-party service to allow Single Sign On. Which service that uses the standard X.500 would work for the company?