CIAM Governance and Compliance

Question 1

Which of the following best describes the purpose of auditing in an IAM system?

Accepted Answer

To monitor and review user activity and access to ensure compliance with policies

Answer

To assign users to appropriate roles based on their job functions

Answer

To establish new access control policies

Answer

To create new user accounts for employees

Question 2

What is a key requirement for IAM systems to comply with data privacy regulations like GDPR?

Accepted Answer

Encryption of data during transmission

Answer

Limiting access based on user roles only

Answer

Regular password changes for all users

Answer

Storing all user data in the cloud

Question 3

Which IAM principle restricts users to only the resources and permissions needed for their job role?

Accepted Answer

Principle of Least Privilege (PoLP)

Answer

Role-Based Access Control (RBAC)

Answer

Identity Federation

Answer

Access Control Lists (ACLs)

Question 4

In compliance with the Sarbanes-Oxley Act (SOX), what must organizations regularly audit?

Accepted Answer

User access and privileges

Answer

Password strength

Answer

Data storage locations

Answer

Employee performance reviews

Question 5

What is the primary function of an Access Control Policy in IAM governance?

Accepted Answer

To define and enforce rules for user authentication and access to resources

Answer

To create detailed user reports

Answer

To store backup copies of user data

Answer

To provide employees with access to training resources