CISSP: Identity and Access Management (IAM) Proficiency (Advanced Level)

  • 20m
  • 25 questions
The CISSP: Identity and Access Management (IAM) Proficiency benchmark will measure your ability to recognize key terms and concepts related to identity and access management. You will be evaluated on identity and access management principles and deploying identity and access management. A learner who scores high on this benchmark demonstrates that they have the skills related to understanding key identity and access management terminology and concepts.

Topics covered

  • compare OpenID Connect (OIDC) and Open Authorization (Oauth) and how they can function together and standalone in modern environments
  • compare the shared responsibility identity models of on-premises, cloud, and hybrid
  • control physical and logical access to assets, such as information, systems, applications, devices, and facilities
  • control physical and logical asset access
  • define Security Assertion Markup Language (SAML) 2.0 and its practical implementation
  • describe characteristics of the Mandatory Access Control (MAC) authorization mechanism
  • describe features of the Risk-adaptable Access Control (RAdAC) authorization mechanism
  • describe the MIT Kerberos protocol and operation specifically in an Active Directory (AD) enterprise
  • describe the RADIUS and TACACS+ AAA protocol operations
  • describe various access control models
  • discuss provisioning and deprovisioning entities as in on/off-boarding and transfer operations
  • examine the definition and assignment of roles and the management of people assigned to new roles
  • identify features of the Role-based Access Control (RBAC) authorization mechanism
  • implement and manage authorization mechanisms
  • implement Identity Management (IdM) and Multi-Factor Authentication (MFA) processes
  • integrate identity as a third-party service
  • manage elevation (or escalation) of privileges of managed service accounts, use of sudo, and minimizing privilege creep
  • manage mechanisms like accounting, session management, registration, proofing, FIM, credential management, SSO, and JIT
  • manage the identification and authentication of entities
  • outline features of the Attribute-based Access Control (ABAC) authorization mechanism
  • outline features of the Rule-based Access Control authorization mechanism
  • recall how to implement identity management
  • recognize features of the Discretionary Access Control (DAC) authorization mechanism
  • recognize the concepts of security models, such as Biba, Star, and Bell-LaPadula
  • review user, system, and service account access in an enterprise