IAM Engineer Interview Questions

A manager insists their "password plus PIN" login is MFA because "it's two things." Another team member argues that Face ID alone is MFA because "it checks multiple facial features." How do you explain to both why they're mistaken about what constitutes true multi-factor authentication?

A terminated system administrator still has the root password for production servers because "everyone just knows it." The password hasn't been changed in 2 years. This came up during an audit. What immediate actions do you take, and how do you design controls to prevent this situation in the future?

A DBA requests permanent Global Admin rights in Azure AD because "I need it weekly for maintenance." Another admin argues they should just get the access on-demand when needed. You have both CyberArk (PAM) and Azure AD PIM available. How do you design the right solution, and how do PAM and PIM work together here?