CSC Identity and Access Management (IAM) Compliance

Question 1

What does the principle of least privilege require in an IAM compliance context?

Accepted Answer

Users should be granted only the minimum permissions necessary to perform their specific job functions

Answer

Users should receive maximum permissions so they can complete any possible task

Answer

All users in the same department should share identical access levels

Answer

System administrators should have unrestricted access to all organizational systems

Question 2

Which compliance framework explicitly mandates multi-factor authentication (MFA) for all remote access to cardholder data environments?

Accepted Answer

PCI DSS

Answer

HIPAA Security Rule

Answer

ISO 27001

Answer

Sarbanes-Oxley (SOX)

Question 3

What is the primary compliance purpose of Privileged Access Management (PAM)?

Accepted Answer

To monitor, secure, and control elevated access to critical systems and data

Answer

To grant all employees access to sensitive systems for operational efficiency

Answer

To eliminate the need for administrator accounts entirely

Answer

To provide faster system access for IT staff during incidents

Question 4

How frequently do most compliance frameworks (PCI DSS, SOX, ISO 27001) require access reviews to be conducted for privileged accounts?

Accepted Answer

At least quarterly for privileged accounts, with general access reviewed at minimum annually

Answer

Once every five years

Answer

Only when an employee is terminated

Answer

Access reviews are not required by any compliance framework

Question 5

What does Role-Based Access Control (RBAC) use as the basis for assigning access permissions?

Accepted Answer

The job roles defined within the organization

Answer

The time of day a user logs in to the system

Answer

The user's personal request without formal approval

Answer

The physical location from which the user is connecting

Question 6

What is the compliance significance of Separation of Duties (SoD) in IAM?

Accepted Answer

It requires critical tasks to be divided among multiple individuals to prevent fraud or errors

Answer

It allows users to share login credentials to improve team efficiency

Answer

It separates the IT department physically from other business units

Answer

It mandates using different passwords for every system a user accesses

Question 7

Under most cybersecurity compliance frameworks, which combination of requirements applies to password policies?

Accepted Answer

Minimum length, character complexity (uppercase, lowercase, numbers, special characters), and periodic rotation

Answer

At least 4 characters with no additional restrictions

Answer

Any combination the individual user prefers without organizational standards

Answer

Uppercase letters and numbers only, with no special characters