Free PBQ Demo · Advanced

Topology · IAM & Least Privilege

Scope HR, Marketing and Contractor access across a payroll DB, file shares and the HR portal — RBAC, MFA, audit log placement.

Tests: Identity and access management, RBAC, MFA-where, least privilege — Security+ Domain 4 / 1.

~9 minNo signup needed

Scenario

Define group access across the corporate file shares, payroll DB, and HR portal — least privilege.

Scope each resource so only the right group can reach it, MFA is enforced where PII lives, and audit logs forward to SIEM.

Network Topology — Live View

monitoring
Identity ProviderActive DirectoryHR Group8 usersMarketing14 usersContractors3 users · 90-dayDB-PayrollPII · SOX-scopedHR-Portalweb appFS-Projectshared work
InfectedAlertConfiguredclick any hostto configure

Identity Provider

Active Directory

Global Policy

Tasks

  • HR group → access to FS-HR, DB-Payroll, HR-Portal only.
  • Marketing → FS-Project only. No HR data, no payroll.
  • Contractors → FS-Project only, 90-day auto-expiry.
  • MFA + SIEM audit on both PII resources (DB-Payroll, HR-Portal).
  • Enable global MFA + conditional access on the identity provider.

0 settings configured

Liked this PBQ? There are 80+ more inside.

Sign up free to take full timed exams with mixed MCQs and all 6 PBQ types — across 10 CompTIA and Cisco certifications.