CISM 2022: Security Operations and Identity and Access Management (IAM) Competency (Intermediate Level)

  • 30m
  • 30 questions
The Security Operations and Identity and Access Management (IAM) Competency (Intermediate Level) benchmark measures your knowledge and skills in managing user identities and access to resources and systems. You will be evaluated on your knowledge of security operations, such as the detection, analysis, and response to security incidents and events. A learner who scores high on this benchmark demonstrates competency in many areas of security operations, including the creation and implementation of access control policies and procedures, user authentication and authorization, and monitoring and management of user activity.

Topics covered

  • analyze web server access logs
  • assign roles to the Microsoft Azure hierarchy
  • benefit from lessons learned during incident response
  • configure Microsoft Sentinel for data ingestion
  • configure the Linux syslog daemon for log forwarding
  • configure triggers to automate incident response
  • configure Windows Event Viewer log forwarding
  • create AWS IAM users and groups
  • create Azure AD users and groups
  • create Linux users and groups
  • create Windows users and groups
  • describe common characteristics of an incident response plan including communication plans
  • determine group memberships and permissions through user attributes
  • determine when and how specific incidents, such as with cloud providers, are escalated
  • discuss the role authentication plays to allow resource access
  • discuss true positives and negatives as well as false positives and negatives
  • enable MFA for AWS IAM user accounts
  • implement DAC with Linux file system permissions
  • implement DAC with Windows file system permissions
  • monitor Linux host performance
  • monitor performance metrics in a cloud computing environment
  • monitor Windows host performance
  • recall how a SIEM solution servers as a central ingestion point for security analysis
  • recall how a SOAR solution servers as a method of automating security incident remediation
  • recall how security incidents can be contained to limit further damage
  • recall how security incidents can be eradicated through threat removal and restoration of services
  • use resource and Active Directory attributes to conditionally grant file system permissions
  • use the delegation of control wizard to enable others to manage AD objects
  • view, search and filter Linux logs
  • view, search and filter Windows logs