114 Chapter 5 ■ dentity and Access Management (Domain 5)I
- Which of the following tools is not typically used to verify that a provisioning process was
followed in a way that ensures that the organization’s security policy is being followed?
A. Log review
B. Manual review of permissions
C. Signature-based detection
D. Review the audit trail - Lauren needs to send information about services she is provisioning to a third-party orga-
nization. What standards-based markup language should she choose to build the interface?
A. SAML
B. SOAP
C. SPML
D. X ACML - During a penetration test, Chris recovers a file containing hashed passwords for the system
he is attempting to access. What type of attack is most likely to succeed against the hashed
passwords?
A. A brute-force attack
B. A pass-the-hash attack
C. A rainbow table attack
D. A salt recovery attack - Google’s identity integration with a variety of organizations and applications across
domains is an example of which of the following?
A. PKI
B. Federation
C. Single sign-on
D. Provisioning - Lauren starts at her new job and finds that she has access to a variety of systems that she
does not need to accomplish her job. What problem has she encountered?
A. Privilege creep
B. Rights collision
C. Least privilege
D. Excessive privileges - When Chris verifies an individual’s identity and adds a unique identifier like a user ID to
an identity system, what process has occurred?
A. Identity proofing
B. Registration
C. Directory management
D. Session management