Skip to content
CQ
CertifyQuiz
← Back to certification

Identity and Access Management (IAM)

Authentication, authorization, AAA, access control models, RBAC/ABAC, federation, MFA, and identity lifecycle.

Identity and Access Management (IAM) is a core domain of CISSP focused on controlling access to systems and data. You will learn authentication, authorization, least privilege and identity lifecycle management.

🚀 Start quiz

Available questions: 114

What you will learn in this topic

This topic is part of the CISSP path. This page helps you understand what this topic covers, which concepts matter most, and why practicing with a focused quiz can improve your exam preparation.

The quiz on Identity and Access Management (IAM) helps you focus on definitions, practical scenarios, recurring concepts, and the kind of knowledge that often appears during certification study and review.

Why this topic matters

Studying Identity and Access Management (IAM) properly is important because it strengthens your overall understanding of the CISSP certification. Good topic-level preparation makes it easier to answer both theoretical and practical questions with more confidence and speed.

Training one topic at a time also helps you identify weak points, review more efficiently, and build a more structured preparation path before moving to mixed quizzes or full exam simulations.

What is Identity and Access Management (IAM)

IAM is the set of processes and technologies used to manage digital identities and control access to resources. It ensures that only authorized users can access systems.

Authentication vs Authorization

Authentication verifies who you are, while authorization determines what you can do after login.

Least Privilege Principle

Users should only have the minimum access required to perform their tasks. This reduces the risk of misuse or compromise.

Access Control Models

  • DAC (Discretionary Access Control)
  • MAC (Mandatory Access Control)
  • RBAC (Role-Based Access Control)
  • ABAC (Attribute-Based Access Control)

Multi-Factor Authentication (MFA)

MFA increases security by requiring multiple forms of verification such as password, token or biometrics.

Related topics

Security and Risk Management
Core CISSP concepts, CIA triad, risk management, governance, policies, compliance, ethics, and residual risk handling.
Asset Security
Information classification, data handling, asset protection, retention, secure disposal, and basic data privacy.
Communication and Network Security
Network and communications security: protocols, segmentation, architectures, defenses, VPN, IDS/IPS, and network attacks.
Security Assessment and Testing
Audits and assessments, vulnerability management, penetration testing, metrics, control validation, and reporting.
Security Architecture and Engineering
Security architecture, models (Bell-LaPadula, Biba, Clark-Wilson), cryptography, PKI, key management, hardware security, and trusted computing.
Security Operations
Security operations: incident handling, monitoring, logging, forensics, change/config management, BCP/DR, remediation, and day-to-day operations.
Software Development Security
Development security: SDLC, secure coding, threat modeling, OWASP, code review, DevSecOps, and application vulnerability management.