CSC Identity and Access Management (IAM) Compliance

Question 1

What does the principle of least privilege require in an IAM compliance context?

Accepted Answer

Users should be granted only the minimum permissions necessary to perform their specific job functions

Answer

The principle of least privilege limits each user's access to only what is required for their role, minimizing the attack surface and reducing insider threat risk.

Question 2

Which compliance framework explicitly mandates multi-factor authentication (MFA) for all remote access to cardholder data environments?

Accepted Answer

PCI DSS

Answer

PCI DSS Requirement 8.4 mandates MFA for all non-console administrative access and all remote access to the cardholder data environment (CDE).

Question 3

What is the primary compliance purpose of Privileged Access Management (PAM)?

Accepted Answer

To monitor, secure, and control elevated access to critical systems and data

Answer

PAM secures and monitors privileged accounts that have elevated rights, reducing the risk of insider threats and unauthorized access to critical resources.

Question 4

How frequently do most compliance frameworks (PCI DSS, SOX, ISO 27001) require access reviews to be conducted for privileged accounts?

Accepted Answer

At least quarterly for privileged accounts, with general access reviewed at minimum annually

Answer

Most compliance frameworks require periodic access reviews, with privileged access reviewed at least quarterly and standard user access reviewed at minimum annually to enforce least privilege.

Question 5

What does Role-Based Access Control (RBAC) use as the basis for assigning access permissions?

Accepted Answer

The job roles defined within the organization

Answer

RBAC assigns permissions based on defined organizational roles, ensuring users receive access appropriate to their job function, simplifying administration and supporting compliance.

(CSC) Cybersecurity Compliance Certification Practice Test

(CSC) Cybersecurity Compliance Certification Practice Test

CSC Identity and Access Management (IAM) Compliance