CSS CSS Identity & Access Management

Question 1

What is the principle of least privilege in identity and access management?

Accepted Answer

Users are granted only the minimum permissions necessary to perform their job functions

Answer

Least privilege limits the blast radius of a compromised account by ensuring users can only access what they need for their specific role.

Question 2

What does multi-factor authentication (MFA) require beyond a username and password?

Accepted Answer

At least one additional verification factor such as a token, biometric, or push notification

Answer

MFA combines something you know (password) with something you have (token) or something you are (biometric) to reduce account takeover risk.

Question 3

Which access control model grants permissions based on a user's job role rather than individual identity?

Accepted Answer

Role-Based Access Control (RBAC)

Answer

RBAC assigns permissions to roles, and users are granted access by being assigned to appropriate roles, simplifying administration at scale.

Question 4

What is credential stuffing and how does it differ from brute-force attacks?

Accepted Answer

Credential stuffing uses stolen username/password pairs from breaches, while brute-force tries all possible combinations

Answer

Credential stuffing relies on real credentials from previous data breaches, making it more effective than random brute-force guessing.

Question 5

What is the purpose of a privileged access workstation (PAW)?

Accepted Answer

A hardened, dedicated workstation used exclusively for privileged administrative tasks

Answer

A PAW is a dedicated, highly secured device used only for admin tasks, reducing exposure to phishing and malware that could compromise privileged credentials.

(CSS) Certified Security Sentinel Practice Test

(CSS) Certified Security Sentinel Practice Test

CSS CSS Identity & Access Management