The Certified Identity and Access Manager (CIAM) credential is awarded by IDSA (Identity Defined Security Alliance) and related IAM certification bodies to cybersecurity professionals who demonstrate deep expertise in identity and access management. The exam covers a broad range of IAM topics โ from identity lifecycle management and authentication protocols to privileged access management, Zero Trust architecture, and cloud IAM across AWS, Azure, and GCP. This free printable PDF gives you realistic practice questions across every domain so you can study offline, annotate key concepts, and build your knowledge base at your own pace before the exam.
Download and print the PDF, work through each domain, and pair it with our online practice tests to simulate timed exam conditions and measure your readiness.
The CIAM examination spans the full breadth of modern identity and access management. Below is a domain-by-domain breakdown of the content areas you need to master.
This domain covers the identity lifecycle โ provisioning, modification, and deprovisioning โ along with the joiner-mover-leaver process, identity governance frameworks, and authoritative source systems such as HR and ERP platforms versus directory services. Understanding how identities are created, maintained, and terminated is foundational to everything else on the exam.
Authentication factor types (something you know, have, or are), MFA methods (TOTP, push notifications, hardware tokens, biometrics), and authentication protocols (LDAP, Kerberos, RADIUS, SAML, OAuth 2.0, OpenID Connect) are all testable. Authorization models include RBAC (Role-Based Access Control), ABAC (Attribute-Based Access Control), PBAC, and the distinction between MAC and DAC. Expect detailed questions on SAML assertions, OAuth 2.0 grant types, and OIDC ID token structure.
Active Directory concepts โ domain structure, forest, OU hierarchy, security vs. distribution group types, and local/global/universal group scopes โ are heavily tested. LDAP directory structure (DC, OU, CN) and Azure Active Directory (Entra ID) hybrid identity scenarios using AD Connect, cloud-only accounts, and guest accounts are also included.
PAM questions focus on just-in-time access, the least privilege principle, privileged account vaulting, and session recording. You should be familiar with the product categories offered by CyberArk, BeyondTrust, and Thycotic even if you do not have hands-on experience with every platform.
SSO and federation topics include SAML 2.0 assertion structure (IdP, SP, assertion format), all four OAuth 2.0 grant types (authorization code, client credentials, implicit โ now deprecated, and device authorization), and OpenID Connect ID token claims. Federation with external identity providers and cross-domain trust scenarios are also covered.
The never-trust-always-verify principle, micro-segmentation, continuous authentication, and the concept of identity as the new security perimeter are all core Zero Trust topics. Expect scenario-based questions that ask you to evaluate whether a proposed architecture correctly implements Zero Trust principles.
IGA questions cover access certification and recertification campaigns, separation of duties (SOD) controls, role mining methodologies, request and approval workflows, and the importance of audit logging for access events. Understanding how IGA platforms automate these controls at enterprise scale is important.
You need to know the IAM-relevant requirements from SOX IT controls, HIPAA technical safeguards, GDPR consent and identity data obligations, NIST SP 800-63 digital identity guidelines, and PCI-DSS access control requirements. Expect questions that map a compliance scenario to the correct standard.
Cloud IAM covers AWS IAM (users, groups, roles, policies, and ARN structure), Azure RBAC (built-in roles, custom roles, and management group hierarchy), and GCP IAM (service accounts, predefined roles, and resource hierarchy). Multi-cloud identity federation and the differences between each provider model are commonly tested.
The printable PDF is a great resource for deep, focused study, but combining it with timed online practice helps you build exam speed and identify your weak domains before test day. Our CIAM practice test covers all IAM domains with detailed answer explanations that help you understand not just what the correct answer is, but why each distractor is wrong. Use the online tests to simulate exam conditions, then return to the PDF to review the questions that challenged you most.