CySA+ domain #14: Identity and access management security


The area of Identity and Access Management (IAM) is now firmly established as an important area within the discipline of information security. The IAM space is a massive area that covers everything from logging into an application or portal to full-blown complex citizen identity platforms with connectivity to myriad applications and services. In doing so, it covers a whole gamut of cybersecurity areas from network security to cloud access control to social engineering and beyond.

The CompTIA Cybersecurity Analyst (CySA+) certification is an intermediate-level exam for security professionals looking for a career as a security analyst. It offers a number of subdomains within the certification. This article will look at one specific area covered within the CySA+ exam: identity and access management security.

About the CySA+ exam

The CySA+ exam consists of multiple choice and performance-based questions — that is, the exam will ask for “scenario examples” as well as offer multiple-choice answers. The certification is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements.

The exam itself lasts for 165 minutes. It is ideally placed to build on from the CompTIA Security+ certification.

There are four main domains the exam covers (the percentage in brackets shows the weighting of each):


  • 1.0: Threat Management (27%)
  • 2.0: Vulnerability Management (26%)
  • 3.0: Cyber Incident Response (23%)
  • 4.0: Security Architecture and Tool Sets (24%)


 Identity and access management security is dealt with under domain 4, subdomain 4.2.

What is covered in the identity and access management security CySA+ domain?

This sentence is taken from the exam and gives you an idea of the expected scope of the exam answers:

Given a scenario, use data to recommend remediation of security issues related to identity and access management.”

To prepare (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)