CISSP Prep- Access Control Questions

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Cindymurray
C
Cindymurray
Community Contributor
Quizzes Created: 8 | Total Attempts: 14,732
Questions: 15 | Attempts: 1,632

SettingsSettingsSettings
CISSP Quizzes & Trivia

MAW Prep for CISSP Exam


Questions and Answers
  • 1. 

    A preliminary step in managing resources is:

    • A.

      Conducting a risk analysis

    • B.

      Defining who can access a given system or information

    • C.

      Performing a business impact analysis

    • D.

      Obtaining top management support

    Correct Answer
    B. Defining who can access a given system or information
    Explanation
    Defining who can access a given system or information is a preliminary step in managing resources because it helps establish proper controls and permissions. By determining who has the authority to access specific systems or information, organizations can ensure that only authorized individuals are granted access, reducing the risk of unauthorized access or data breaches. This step also helps in implementing appropriate security measures and defining user roles and responsibilities, ultimately contributing to effective resource management.

    Rate this question:

  • 2. 

    Which best describes access controls?

    • A.

      Access controls are a collection of technical controls that permit access to authorized users, systems, and applications.

    • B.

      Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.

    • C.

      Access control is the employment of encryption solutions to protect authentication information during log-on.

    • D.

      Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.

    Correct Answer
    B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
    Explanation
    Access controls are a set of technical measures that allow authorized users, systems, and applications to access resources. These controls are designed to protect against threats and vulnerabilities by limiting exposure to unauthorized activities and granting access to information and systems only to approved individuals. By implementing access controls, organizations can effectively manage and control access to their systems and information, reducing the risk of unauthorized access and potential security breaches.

    Rate this question:

  • 3. 

    ----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions.   resources necessary to perform assigned functions.

    • A.

      Discretionary access control

    • B.

      Separation of duties

    • C.

      Least privilege

    • D.

      Rotation of duties

    Correct Answer
    C. Least privilege
    Explanation
    Least privilege is a principle that ensures that a user or process is only given access to the resources that are necessary for them to perform their assigned functions. This principle helps to minimize the potential damage that can be caused by unauthorized access or misuse of resources. By granting the least amount of privileges necessary, organizations can reduce the risk of unauthorized access and limit the potential impact of any security breaches.

    Rate this question:

  • 4. 

    What are the seven main categories of access control?

    • A.

      Detective, corrective, monitoring, logging, recovery, classifi cation, and directive

    • B.

      Directive, deterrent, preventative, detective, corrective, compensating, and recovery

    • C.

      Authorization, identifi cation, factor, corrective, privilege, detective, and directive

    • D.

      Identifi cation, authentication, authorization, detective, corrective, recovery, and directive

    Correct Answer
    B. Directive, deterrent, preventative, detective, corrective, compensating, and recovery
  • 5. 

    What are the three types of access control?

    • A.

      Administrative, physical, and technical

    • B.

      Identifi cation, authentication, and authorization

    • C.

      Mandatory, discretionary, and least privilege

    • D.

      Access, management, and monitoring

    Correct Answer
    A. Administrative, physical, and technical
    Explanation
    The three types of access control are administrative, physical, and technical. Administrative access control involves the policies and procedures that determine who has access to certain resources and what actions they are allowed to perform. Physical access control involves physical measures such as locks, badges, and security guards to control access to physical spaces. Technical access control involves the use of technology such as firewalls, encryption, and authentication mechanisms to control access to computer systems and networks.

    Rate this question:

  • 6. 

    Which approach revolutionized the process of cracking passwords?

    • A.

      Brute force

    • B.

      Rainbow table attack

    • C.

      Memory tabling

    • D.

      One-time hashing

    Correct Answer
    B. Rainbow table attack
    Explanation
    The correct answer is Rainbow table attack. A rainbow table attack is a method of cracking passwords by precomputing and storing the hash values of all possible passwords. This allows for quick lookup and comparison, significantly speeding up the process of cracking passwords compared to traditional brute force methods.

    Rate this question:

  • 7. 

    What best describes two-factor authentication?

    • A.

      Something you know

    • B.

      Something you have

    • C.

      Something you are

    • D.

      A combination of two listed above

    Correct Answer
    D. A combination of two listed above
    Explanation
    Two-factor authentication is a security measure that requires the user to provide two different forms of identification in order to access a system or account. This can include something the user knows, such as a password or PIN, something the user has, such as a physical token or a mobile device, or something the user is, such as a fingerprint or facial recognition. The correct answer states that two-factor authentication is a combination of two of these factors, indicating that it requires the user to provide two different forms of identification for added security.

    Rate this question:

  • 8. 

    A potential vulnerability of the Kerberos authentication server is

    • A.

      Single point of failure

    • B.

      Asymmetric key compromise

    • C.

      Use of dynamic passwords

    • D.

      Limited lifetimes for authentication credentials

    Correct Answer
    A. Single point of failure
    Explanation
    Correct answer is a. Th ere are some issues related to the use of Kerberos. For starters,
    the security of the whole system depends on careful implementation: enforcing
    limited lifetimes for authentication credentials minimizes the threats of replayed
    credentials, the KDC must be physically secured, and it should be hardened, not
    permitting any non-Kerberos activity. More importantly, the KDC can be a single
    point of failure, and therefore should be supported by backup and continuity plans.
    Page 111.

    Rate this question:

  • 9. 

    In mandatory access control the system controls access and the owner determines

    • A.

      Validation

    • B.

      Need to know

    • C.

      Consensus

    • D.

      Verifi cation

    Correct Answer
    B. Need to know
    Explanation
    Correct answer is b. MAC is based on cooperative interaction between the system
    and the information owner. Th e system’s decision controls access and the owner
    provides the need-to-know control. Page 117

    Rate this question:

  • 10. 

    Which is the least significant issue when considering biometrics?

    • A.

      Resistance to counterfeiting

    • B.

      Technology type

    • C.

      User acceptance

    • D.

      Reliability and accuracy

    Correct Answer
    B. Technology type
    Explanation
    In addition to the access control elements of a biometric system,
    there are several other considerations that are important to the integrity of the control
    environment. Th ese are resistance to counterfeiting, data storage requirements, user
    acceptance, reliability and accuracy, and target user and approach. Page 75.

    Rate this question:

  • 11. 

    Which is a fundamental disadvantage of biometrics?

    • A.

      Revoking credentials

    • B.

      Encryption

    • C.

      Communications

    • D.

      Placement

    Correct Answer
    A. Revoking credentials
    Explanation
    When considering the role of biometrics, its close interactions
    with people, and the privacy and sensitivity of the information collected, the inability
    to revoke the physical attribute of the credential becomes a major concern. Th e
    binding of the authentication process to the physical characteristics of the user can
    complicate the revocation or decommissioning processes. Page 77.

    Rate this question:

  • 12. 

    Role-based access control-------------

    • A.

      Is unique to mandatory access control

    • B.

      Is independent of owner input

    • C.

      Is based on user job functions

    • D.

      Can be compromised by inheritance

    Correct Answer
    C. Is based on user job functions
    Explanation
    A role-based access control (RBA) model bases the access
    control authorizations on the roles (or functions) that the user is assigned within
    an organization. Th e determination of what roles have access to a resource can be
    governed by the owner of the data, as with DACs, or applied based on policy, as
    with MACs. Page 120.

    Rate this question:

  • 13. 

    Identity management is

    • A.

      Another name for access controls

    • B.

      A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment

    • C.

      A set of technologies and processes focused on the provisioning and decommissioning of user credentials

    • D.

      A set of technologies and processes used to establish trust relationships with disparate systems

    Correct Answer
    B. A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment
    Explanation
    Identity management is a much-used term that refers to a set
    of technologies intended to off er greater effi ciency in the management of a diverse
    user and technical environment. Page 92.

    Rate this question:

  • 14. 

    A disadvantage of single sign-on is

    • A.

      Consistent time-out enforcement across platforms

    • B.

      A compromised password exposes all authorized resources

    • C.

      Use of multiple passwords to remember

    • D.

      Password change control

    Correct Answer
    B. A compromised password exposes all authorized resources
    Explanation
    One of the more prevalent concerns with centralized SSO
    systems is the fact that all of a user’s credentials are protected by a single password:
    the SSO password. If someone were to crack that user’s SSO password, they would
    eff ectively have all the keys to that user’s kingdom. Page 107.

    Rate this question:

  • 15. 

    Which of the following is incorrect when considering privilege management?

    • A.

      Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented.

    • B.

      Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role

    • C.

      An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated.

    • D.

      Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.

    Correct Answer
    D. Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.
    Explanation
    An authorization process and a record of all privileges allocated
    should be maintained. Privileges should not be granted until the authorization
    process is complete and validated. If any signifi cant or special privileges
    are needed for intermittent job functions, these should be performed using an
    account specifi cally allocated for such a task, as opposed to those used for normal
    system and user activity. Th is enables the access privileges assigned to the special
    account to be tailored to the needs of the special function rather than simply
    extending the access privileges associated with the user’s normal work functions.
    Page 46.

    Rate this question:

Related Topics

Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.