KeyTrain's Key Training — Identity & Access Security — free practice exam
20 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| Authentication | 20% |
| Multi-factor authentication (MFA) | 20% |
| Privilege escalation | 20% |
| Account misuse | 20% |
| Credential abuse | 20% |
Sample practice questions
- Audit finds contractors using former employees' accounts. What policy enforcement MOST directly stops this?
- Authentication logs show 40,000 failed logins against one legacy IMAP service from one ASN. Which attack type is MOST…
- Cloud audit shows a Lambda role with iam:PassRole and sts:AssumeRole on admin roles. Risk?
- Dark web monitoring shows corporate emails in a breach dump. What is the FIRST technical action aligned to credential…
- Developers store API keys in public GitHub repos. Which practice BEST reduces credential abuse long term?
- Endpoint EDR flags PowerShell downloading a script that modifies local admin group membership. Which indicator BEST…
- An executive refuses hardware tokens but approves SMS codes for banking-style apps. Which risk should you document in…
- A help desk ticket reports repeated lockouts for one user after they traveled. Logs show failed logins from two…
- IdP logs show successful logins for a disabled contractor account. What is the BEST remediation?
- A junior analyst discovers they can add themselves to a cloud admin group via a misconfigured automation role. What is…
- Okta ThreatInsight flags cred-stuffing against your customer portal. FIRST technical response?
- Your org is rolling out passwordless sign-in for contractors. Which control MOST directly reduces phishing of static…
- Security wants MFA for all VPN users; help desk reports 40% lockouts after rollout. Best NEXT step?
- A service account in Active Directory has unconstrained delegation. Why is this a critical escalation risk?
- Service desk creates generic 'team-admin' accounts shared by three shifts. Primary concern?
- Shared credentials for a production monitoring dashboard are posted in a team channel. What is the BEST replacement?
- SSO logs show an application accepting SAML assertions after certificate rollover, but only for one legacy app. What…
- During a tabletop, the team must choose MFA for privileged break-glass accounts. What is the MOST appropriate design?
- HR terminates an employee, but their SaaS account stays active two weeks because provisioning is manual. Which control…
- Users report MFA push approval prompts they did not initiate. What is the BEST immediate mitigation?