ISSAP - Information Systems Security Architecture Professional Identity and Access Management Questions and Answers

Question 1

A large, multinational corporation is designing an access control architecture for a new, highly dynamic environment.
The system must support fine-grained access decisions based on a user's role, their geographic location, the time of day, and the data sensitivity of the resource being accessed.
Traditional access control models are proving too static.
Which of the following access control models would be MOST suitable for this architecture?

Accepted Answer

Attribute-Based Access Control (ABAC)

Answer

Mandatory Access Control (MAC)

Answer

Discretionary Access Control (DAC)

Answer

Role-Based Access Control (RBAC)

Question 2

As a security architect for a financial services company, you are evaluating solutions to streamline user access across dozens of cloud-based (SaaS) and on-premises applications. The primary goals are to improve user experience with single sign-on (SSO), centralize identity management, and reduce the administrative burden of managing credentials in multiple systems. Which of the following architectural approaches BEST meets these requirements?

Accepted Answer

Adopting an Identity as a Service (IDaaS) solution.

Answer

Implementing a standalone Security Information and Event Management (SIEM) system.

Answer

Deploying a host-based intrusion detection system (HIDS) on all application servers.

Answer

Establishing a manual, ticket-based provisioning and de-provisioning process.

Question 3

An organization is building a partnership with several external companies, allowing their employees to access a shared collaboration portal. To avoid creating and managing separate user accounts for each partner employee, the security architect needs to design a solution where users can authenticate with their own corporate credentials. Which of the following technologies is fundamental to enabling this cross-domain trust and authentication?

Accepted Answer

Federated Identity Management (FIM)

Answer

Kerberos

Answer

RADIUS

Answer

Lightweight Directory Access Protocol (LDAP)

Question 4

A security architect is designing the identity lifecycle management process for a large enterprise. The architect must ensure that access rights are correctly assigned when an employee is hired, adjusted when they change roles, and revoked promptly when they leave. Which of the following frameworks is specifically designed to address these stages of the identity lifecycle?

Accepted Answer

Joiner-Mover-Leaver (JML)

Answer

Zachman Framework

Answer

TOGAF (The Open Group Architecture Framework)

Answer

SABSA (Sherwood Applied Business Security Architecture)

Question 5

When designing a federated identity solution using Security Assertion Markup Language (SAML), what is the primary role of the Identity Provider (IdP)?

Accepted Answer

To authenticate the user and issue a security assertion containing identity information.

Answer

To host the application or resource the user wants to access.

Answer

To consume identity assertions and grant or deny access to a resource.

Answer

To provide a centralized repository for storing user passwords and attributes.

Question 6

Which of the following is a significant architectural challenge that can arise from the overuse or improper design of a Role-Based Access Control (RBAC) model in a large, complex organization?

Accepted Answer

Role explosion

Answer

Attribute explosion

Answer

Protocol decay

Answer

Policy stagnation