Chapter 96 · Quiz

Identity and Access Management — Quiz

Six multiple-choice questions and four matching questions. Submit for instant scoring and explanations.

Question 1 of 6
An employee transfers from the Finance department to the HR department. Their Finance access is never removed, and six months later they also receive IT department access for a project. They now have access to Finance, HR, and IT resources. What IAM problem does this represent, and what is the formal term?
Question 2 of 6
An organization's HR department verifies a new hire's identity by collecting their name and employee ID, checking their government-issued ID against a government database to confirm it is genuine and belongs to this person, and having the HR manager formally document that identity verification was completed. These three steps correspond to which identity proofing stages?
Question 3 of 6
A user logs into the corporate SSO portal at 8 AM. At 9 PM that evening, after 13 hours of activity across multiple connected applications, the user is suddenly prompted to re-enter their full credentials. No policy violation occurred and no security event triggered the prompt. What is the MOST likely explanation?
Question 4 of 6
A directory administrator needs to locate a user object in the LDAP directory. The user is named Alice Chen, in the Marketing Organizational Unit, at Globex Corporation, in the United States. What type of LDAP identifier uniquely specifies this user's full location in the directory tree?
Question 5 of 6
A development team wants to implement a “Log in with Google” feature in their mobile application. After logging in, the app needs to know the user's identity (who they are) to personalize the experience. Which protocol provides identity verification, and why is SAML NOT the appropriate choice?
Question 6 of 6
A university allows students to access research databases at ten partner universities using only their home university credentials. No separate accounts are created at the partner universities. What IAM concept enables this, and what establishes the trust between institutions?

Matching

Match each description to the correct IAM concept.

1. An XML-based protocol for exchanging authentication assertions between an Identity Provider and a Service Provider; not designed for mobile applications because it relies on browser redirects
2. An authorization framework that grants third-party applications access to user resources without exposing credentials; does NOT itself perform authentication or verify who the user is
3. An identity layer built on top of an authorization framework that adds an ID token confirming the user's identity; used for SSO and federated login with mobile support
4. A directory access protocol based on the X.500 standard; uses container objects (country, org, OU) and leaf objects (users, computers) organized in a Directory Information Tree
A. SAML
B. OAuth 2.0
C. OpenID Connect
D. LDAP