GUIDE QUESTIONS AND ANSWERS TESTED
SOLUTIONS
●● What is a "toxic access combination" in IAM?.
Answer: A set of access rights that, when combined, create a risk of
fraud or policy violation, often identified during segregation of duties
analysis
●● What is the purpose of periodic IAM metric reports?.
Answer: To confirm improvement as the IAM strategy and
transformation roadmap is executed
●● What is the main benefit of using a risk-based phased approach to
IAM implementation?.
Answer: It eases the integration and adoption of IAM changes by
addressing the highest risks first
●● What is the role of an IAM program "service owner"?.
Answer: To provide ongoing support and operational management after
IAM enhancements are completed
, ●● What is the main challenge of modeling entitlements for users in
large organizations?.
Answer: Users accumulate entitlements over time and rarely ask IT to
terminate old, unneeded rights, making it difficult to model needs
accurately
●● What is the main advantage of using automated workflow systems
for access requests?.
Answer: All authorizers can be invited at the same time, minimizing the
total time between request submission and fulfillment
●● What is the main purpose of a capability maturity model in IAM?.
Answer: To assess the current state and define business-focused, risk-
driven future state capabilities for IAM
●● What is the main benefit of using "real-world" roles in access
profiles?.
Answer: Increases user and approver understanding, reduces risk of
excessive access, and aligns access with job functions
●● What is the main purpose of periodic access review cycles?.
Answer: To reduce the amount of access to be reviewed during any
given cycle by focusing on risk-driven reviews