CIMP Cheat Sheet 2026
The 30 highest-yield CIMP facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
120 min time limit
70.00% to pass
- What characterizes a high-performing team? → Clear goals, mutual trust, open communication, and shared accountability
- What is the primary risk associated with orphaned accounts in an identity management system? → Unauthorized access by former employees or attackers
- What is a Separation of Duties (SoD) conflict in identity governance? → A situation where one user has access rights that together could enable fraud or error
- What should an effective professional report include? → Clear objectives, methodology, findings, analysis, and actionable recommendations
- How should conflicts within a team be addressed? → Promptly and directly, focusing on issues rather than personalities
- Why is data visualization important in professional reporting? → It makes complex data more accessible and easier to understand quickly
- What should be the first action when a new regulation is enacted that affects your practice? → Review the regulation, assess its impact, and develop an implementation plan
- What is 'birthright access' in the context of identity provisioning? → The baseline set of entitlements automatically granted to all new users upon joining
- Which approach to compliance is considered most effective? → A proactive approach that integrates compliance into daily operations
- What should be considered before implementing new technology? → Cost, compatibility with existing systems, training needs, and security implications
- What should be done when strategic implementation encounters unexpected obstacles? → Assess the situation, adjust the plan as needed, and communicate changes to stakeholders
- What is the appropriate action when discovering a colleague has violated professional standards? → Report through proper channels as outlined in the code of ethics
- What is a dashboard in the context of data reporting? → A visual display that consolidates key metrics and indicators in real-time
- How often should compliance procedures be reviewed and updated? → Regularly, and whenever regulations change or new risks are identified
- What is the purpose of a risk register? → To document, track, and manage all identified risks throughout a project or operation
- What is an audit trail in the context of documentation? → A chronological record that allows tracing of changes and decisions back to their source
- Which process ensures that user access rights remain accurate and aligned with current job roles over time? → Access certification/attestation
- What should a communication plan include at minimum? → Stakeholder list, message content, channels, frequency, and responsible parties
- How should negative or difficult information be communicated to stakeholders? → Honestly and promptly, with proposed solutions or mitigation steps
- What are the key characteristics of effective documentation? → Accurate, complete, timely, legible, and objective
- When an employee transfers from the finance department to the IT department, which identity lifecycle best practice should be applied? → Remove finance entitlements and grant IT entitlements
- Why is continuous improvement important in quality management? → Because standards evolve, competitors improve, and customer expectations change
- In identity lifecycle management, what is a 'Joiner' workflow typically initiated by? → An HR system event such as a new hire record being created
- What does "informed consent" require in professional practice? → Providing complete, understandable information so individuals can make voluntary decisions
- What is the primary goal of Identity Governance and Administration (IGA) in an enterprise? → Ensure the right individuals have appropriate access to the right resources
- What is delegation in the context of team management? → Assigning tasks and authority to team members while maintaining accountability
- When communicating with diverse stakeholders, what approach is recommended? → Adapt communication style and detail level to each stakeholder group
- The 'joiner-mover-leaver' model in identity lifecycle management refers to which three phases? → Hire, Transfer, Terminate
- What is the purpose of an Identity Provider (IdP) in a federated identity model? → To authenticate users and issue identity assertions that are trusted by service providers
- Which foundational principle is most critical to professional practice in this field? → Evidence-based decision making and continuous improvement
Turn these facts into recall: