QUESTIONS AND CORRECT ANSWERS
GRADED A+
● What is a "toxic access combination" in IAM? Answer: A set of
access rights that, when combined, create a risk of fraud or policy
violation, often identified during segregation of duties analysis
● What is the purpose of periodic IAM metric reports? Answer: To
confirm improvement as the IAM strategy and transformation roadmap
is executed
● What is the main benefit of using a risk-based phased approach to
IAM implementation? Answer: It eases the integration and adoption of
IAM changes by addressing the highest risks first
● What is the role of an IAM program "service owner"? Answer: To
provide ongoing support and operational management after IAM
enhancements are completed
● What is the main challenge of modeling entitlements for users in large
organizations? Answer: Users accumulate entitlements over time and
rarely ask IT to terminate old, unneeded rights, making it difficult to
model needs accurately
, ● What is the main advantage of using automated workflow systems for
access requests? Answer: All authorizers can be invited at the same time,
minimizing the total time between request submission and fulfillment
● What is the main purpose of a capability maturity model in IAM?
Answer: To assess the current state and define business-focused, risk-
driven future state capabilities for IAM
● What is the main benefit of using "real-world" roles in access
profiles? Answer: Increases user and approver understanding, reduces
risk of excessive access, and aligns access with job functions
● What is the main purpose of periodic access review cycles? Answer:
To reduce the amount of access to be reviewed during any given cycle
by focusing on risk-driven reviews
● What is the main function of an entitlement warehouse solution?
Answer: To provide a centralized view of access privileges across
systems, streamlining provisioning and access attestation
● What is the main benefit of integrating toxic access prevention into
request, approval, and provisioning processes? Answer: Prevents
assignment of risky access combinations before they occur