Take Quizzes
- - Animal
  - Nutrition
  - Love
  - Relationship
  - Computer
  - Sports
  - Society
  - Business
  - Geography
  - Language
- - Personality
  - Harry Potter
  - Movie
  - Television
  - Music
  - Online Exam
  - Health
  - Country
  - Art
  - Entertainment
- - Celebrity
  - Math
  - Game
  - Book
  - Fun
  - Science
  - Food
  - History
  - Education
  - All Topics
Create a Quiz

Search

Search

Speak now

Create A Quiz
- Animal
- Nutrition
- Love
- Relationship
- Computer
- Sports
- Society
- Business
- Geography
- Language
- Personality
- Harry Potter
- Movie
- Television
- Music
- Online Exam
- Health
- Country
- Art
- Entertainment
- Celebrity
- Math
- Game
- Book
- Fun
- Science
- Food
- History
- Education
- All Topics

Quizzes › Online Exam › Professional Certification › CISSP

CISSP Prep- Access Control Questions

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Cindymurray

C

Cindymurray

Community Contributor

Quizzes Created: 8 | Total Attempts: 14,786

Questions: 15 | Attempts: 1,636 | Updated: Mar 20, 2023

Questions

Settings

Settings

Settings

Feedback

During the Quiz End of Quiz

Difficulty

Sequential Easy First Hard First

Play as

Quiz Flashcard

Create your own Quiz

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

CISSP Quizzes & Trivia

MAW Prep for CISSP Exam

Questions and Answers

1.

A preliminary step in managing resources is:
- A.
  
  Conducting a risk analysis
- B.
  
  Defining who can access a given system or information
- C.
  
  Performing a business impact analysis
- D.
  
  Obtaining top management support
Correct Answer
B. Defining who can access a given system or information

Explanation
Defining who can access a given system or information is a preliminary step in managing resources because it helps establish proper controls and permissions. By determining who has the authority to access specific systems or information, organizations can ensure that only authorized individuals are granted access, reducing the risk of unauthorized access or data breaches. This step also helps in implementing appropriate security measures and defining user roles and responsibilities, ultimately contributing to effective resource management.

Rate this question:
2.

Which best describes access controls?
- A.
  
  Access controls are a collection of technical controls that permit access to authorized users, systems, and applications.
- B.
  
  Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
- C.
  
  Access control is the employment of encryption solutions to protect authentication information during log-on.
- D.
  
  Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.
Correct Answer
B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.

Explanation
Access controls are a set of technical measures that allow authorized users, systems, and applications to access resources. These controls are designed to protect against threats and vulnerabilities by limiting exposure to unauthorized activities and granting access to information and systems only to approved individuals. By implementing access controls, organizations can effectively manage and control access to their systems and information, reducing the risk of unauthorized access and potential security breaches.

Rate this question:
3.

----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions. resources necessary to perform assigned functions.
- A.
  
  Discretionary access control
- B.
  
  Separation of duties
- C.
  
  Least privilege
- D.
  
  Rotation of duties
Correct Answer
C. Least privilege

Explanation
Least privilege is a principle that ensures that a user or process is only given access to the resources that are necessary for them to perform their assigned functions. This principle helps to minimize the potential damage that can be caused by unauthorized access or misuse of resources. By granting the least amount of privileges necessary, organizations can reduce the risk of unauthorized access and limit the potential impact of any security breaches.

Rate this question:

1
0
4.

What are the seven main categories of access control?
- A.
  
  Detective, corrective, monitoring, logging, recovery, classifi cation, and directive
- B.
  
  Directive, deterrent, preventative, detective, corrective, compensating, and recovery
- C.
  
  Authorization, identifi cation, factor, corrective, privilege, detective, and directive
- D.
  
  Identifi cation, authentication, authorization, detective, corrective, recovery, and directive
Correct Answer
B. Directive, deterrent, preventative, detective, corrective, compensating, and recovery
5.

What are the three types of access control?
- A.
  
  Administrative, physical, and technical
- B.
  
  Identifi cation, authentication, and authorization
- C.
  
  Mandatory, discretionary, and least privilege
- D.
  
  Access, management, and monitoring
Correct Answer
A. Administrative, physical, and technical

Explanation
The three types of access control are administrative, physical, and technical. Administrative access control involves the policies and procedures that determine who has access to certain resources and what actions they are allowed to perform. Physical access control involves physical measures such as locks, badges, and security guards to control access to physical spaces. Technical access control involves the use of technology such as firewalls, encryption, and authentication mechanisms to control access to computer systems and networks.

Rate this question:
6.

Which approach revolutionized the process of cracking passwords?
- A.
  
  Brute force
- B.
  
  Rainbow table attack
- C.
  
  Memory tabling
- D.
  
  One-time hashing
Correct Answer
B. Rainbow table attack

Explanation
The correct answer is Rainbow table attack. A rainbow table attack is a method of cracking passwords by precomputing and storing the hash values of all possible passwords. This allows for quick lookup and comparison, significantly speeding up the process of cracking passwords compared to traditional brute force methods.

Rate this question:
7.

What best describes two-factor authentication?
- A.
  
  Something you know
- B.
  
  Something you have
- C.
  
  Something you are
- D.
  
  A combination of two listed above
Correct Answer
D. A combination of two listed above

Explanation
Two-factor authentication is a security measure that requires the user to provide two different forms of identification in order to access a system or account. This can include something the user knows, such as a password or PIN, something the user has, such as a physical token or a mobile device, or something the user is, such as a fingerprint or facial recognition. The correct answer states that two-factor authentication is a combination of two of these factors, indicating that it requires the user to provide two different forms of identification for added security.

Rate this question:
8.

A potential vulnerability of the Kerberos authentication server is
- A.
  
  Single point of failure
- B.
  
  Asymmetric key compromise
- C.
  
  Use of dynamic passwords
- D.
  
  Limited lifetimes for authentication credentials
Correct Answer
A. Single point of failure

Explanation
Correct answer is a. Th ere are some issues related to the use of Kerberos. For starters,
the security of the whole system depends on careful implementation: enforcing
limited lifetimes for authentication credentials minimizes the threats of replayed
credentials, the KDC must be physically secured, and it should be hardened, not
permitting any non-Kerberos activity. More importantly, the KDC can be a single
point of failure, and therefore should be supported by backup and continuity plans.
Page 111.

Rate this question:
9.

In mandatory access control the system controls access and the owner determines
- A.
  
  Validation
- B.
  
  Need to know
- C.
  
  Consensus
- D.
  
  Verifi cation
Correct Answer
B. Need to know

Explanation
Correct answer is b. MAC is based on cooperative interaction between the system
and the information owner. Th e system’s decision controls access and the owner
provides the need-to-know control. Page 117

Rate this question:
10.

Which is the least significant issue when considering biometrics?
- A.
  
  Resistance to counterfeiting
- B.
  
  Technology type
- C.
  
  User acceptance
- D.
  
  Reliability and accuracy
Correct Answer
B. Technology type

Explanation
In addition to the access control elements of a biometric system,
there are several other considerations that are important to the integrity of the control
environment. Th ese are resistance to counterfeiting, data storage requirements, user
acceptance, reliability and accuracy, and target user and approach. Page 75.

Rate this question:
11.

Which is a fundamental disadvantage of biometrics?
- A.
  
  Revoking credentials
- B.
  
  Encryption
- C.
  
  Communications
- D.
  
  Placement
Correct Answer
A. Revoking credentials

Explanation
When considering the role of biometrics, its close interactions
with people, and the privacy and sensitivity of the information collected, the inability
to revoke the physical attribute of the credential becomes a major concern. Th e
binding of the authentication process to the physical characteristics of the user can
complicate the revocation or decommissioning processes. Page 77.

Rate this question:
12.

Role-based access control-------------
- A.
  
  Is unique to mandatory access control
- B.
  
  Is independent of owner input
- C.
  
  Is based on user job functions
- D.
  
  Can be compromised by inheritance
Correct Answer
C. Is based on user job functions

Explanation
A role-based access control (RBA) model bases the access
control authorizations on the roles (or functions) that the user is assigned within
an organization. Th e determination of what roles have access to a resource can be
governed by the owner of the data, as with DACs, or applied based on policy, as
with MACs. Page 120.

Rate this question:
13.

Identity management is
- A.
  
  Another name for access controls
- B.
  
  A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment
- C.
  
  A set of technologies and processes focused on the provisioning and decommissioning of user credentials
- D.
  
  A set of technologies and processes used to establish trust relationships with disparate systems
Correct Answer
B. A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment

Explanation
Identity management is a much-used term that refers to a set
of technologies intended to off er greater effi ciency in the management of a diverse
user and technical environment. Page 92.

Rate this question:
14.

A disadvantage of single sign-on is
- A.
  
  Consistent time-out enforcement across platforms
- B.
  
  A compromised password exposes all authorized resources
- C.
  
  Use of multiple passwords to remember
- D.
  
  Password change control
Correct Answer
B. A compromised password exposes all authorized resources

Explanation
One of the more prevalent concerns with centralized SSO
systems is the fact that all of a user’s credentials are protected by a single password:
the SSO password. If someone were to crack that user’s SSO password, they would
eff ectively have all the keys to that user’s kingdom. Page 107.

Rate this question:
15.

Which of the following is incorrect when considering privilege management?
- A.
  
  Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented.
- B.
  
  Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role
- C.
  
  An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated.
- D.
  
  Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.
Correct Answer
D. Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.

Explanation
An authorization process and a record of all privileges allocated
should be maintained. Privileges should not be granted until the authorization
process is complete and validated. If any signifi cant or special privileges
are needed for intermittent job functions, these should be performed using an
account specifi cally allocated for such a task, as opposed to those used for normal
system and user activity. Th is enables the access privileges assigned to the special
account to be tailored to the needs of the special function rather than simply
extending the access privileges associated with the user’s normal work functions.
Page 46.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 20, 2023

Quiz Edited by
ProProfs Editorial Team
Dec 21, 2012

Quiz Created by
Cindymurray

Related Topics

CompTIA
CPA
CPAT
CPFA
CPP

Recent Quizzes

Trivia quiz on CISSP exam! Trivia quiz on CISSP exam!

CISSP Study Quiz 2 CISSP Study Quiz 2

Toshiba - CISSP Initial Skill Set Evaluation Toshiba - CISSP Initial Skill Set Evaluation

CISSP- Telecommunications & Networking CISSP- Telecommunications & Networking

CISSP- Security Architecture and Design CISSP- Security Architecture and Design

CISSP Prep- Legal and Investigations CISSP Prep- Legal and Investigations

Featured Quizzes

Which Phobia Do I Have? Quiz Which Phobia Do I Have? Quiz

Which Naruto Character Are You? Which Naruto Character Are You?

STEM Entrance Exam Quiz: Can you pass this Stem Exam? STEM Entrance Exam Quiz: Can you pass this Stem Exam?

Seasonal Color Analysis Quiz: What Is My Color Palette? Seasonal Color Analysis Quiz: What Is My Color Palette?

What Celebrity Do I Look Like Quiz? Discover Your Celebrity Look Alike What Celebrity Do I Look Like Quiz? Discover Your Celebrity Look Alike

Am I Handsome? Quiz Am I Handsome? Quiz

Popular Topics

ACA Quizzes
ACCA Quizzes
ACE Quizzes
BCBA Quizzes
CCP Quizzes
CDC Quizzes
CDCs Quizzes
CEH Quizzes
CISA Quizzes
CISCO Quizzes
CPT Quizzes
CSA Quizzes
CSET Quizzes
CST Quizzes
CSWIP Quizzes
FTCE Quizzes
HIPAA Quizzes
IAHCSMM Quizzes
ISTQB Quizzes
LEED Ga Quizzes
MBLEx Quizzes
NCIDQ Quizzes
PMP Quizzes
PRAXIS Quizzes
PTCB Quizzes
Six Sigma Quizzes
TEAS Quizzes

+ Show more

Back to Top

Back to top

Related Quizzes

Trivia Quiz: Can You Pass This CISSP Certification Exam?

CISSP Study Quiz

Back to Top

Back to top

Advertisement

×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.

CISSP Prep Quiz: Domain 1