CISSP Prep- Access Control Questions

15 Questions | Total Attempts: 1398

SettingsSettingsSettings
CISSP Quizzes & Trivia

MAW Prep for CISSP Exam


Questions and Answers
  • 1. 
    A preliminary step in managing resources is:
    • A. 

      Conducting a risk analysis

    • B. 

      Defining who can access a given system or information

    • C. 

      Performing a business impact analysis

    • D. 

      Obtaining top management support

  • 2. 
    Which best describes access controls?
    • A. 

      Access controls are a collection of technical controls that permit access to authorized users, systems, and applications.

    • B. 

      Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.

    • C. 

      Access control is the employment of encryption solutions to protect authentication information during log-on.

    • D. 

      Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.

  • 3. 
    ----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions.   resources necessary to perform assigned functions.
    • A. 

      Discretionary access control

    • B. 

      Separation of duties

    • C. 

      Least privilege

    • D. 

      Rotation of duties

  • 4. 
    What are the seven main categories of access control?
    • A. 

      Detective, corrective, monitoring, logging, recovery, classifi cation, and directive

    • B. 

      Directive, deterrent, preventative, detective, corrective, compensating, and recovery

    • C. 

      Authorization, identifi cation, factor, corrective, privilege, detective, and directive

    • D. 

      Identifi cation, authentication, authorization, detective, corrective, recovery, and directive

  • 5. 
    What are the three types of access control?
    • A. 

      Administrative, physical, and technical

    • B. 

      Identifi cation, authentication, and authorization

    • C. 

      Mandatory, discretionary, and least privilege

    • D. 

      Access, management, and monitoring

  • 6. 
    Which approach revolutionized the process of cracking passwords?
    • A. 

      Brute force

    • B. 

      Rainbow table attack

    • C. 

      Memory tabling

    • D. 

      One-time hashing

  • 7. 
    What best describes two-factor authentication?
    • A. 

      Something you know

    • B. 

      Something you have

    • C. 

      Something you are

    • D. 

      A combination of two listed above

  • 8. 
    A potential vulnerability of the Kerberos authentication server is
    • A. 

      Single point of failure

    • B. 

      Asymmetric key compromise

    • C. 

      Use of dynamic passwords

    • D. 

      Limited lifetimes for authentication credentials

  • 9. 
    In mandatory access control the system controls access and the owner determines
    • A. 

      Validation

    • B. 

      Need to know

    • C. 

      Consensus

    • D. 

      Verifi cation

  • 10. 
    Which is the least significant issue when considering biometrics?
    • A. 

      Resistance to counterfeiting

    • B. 

      Technology type

    • C. 

      User acceptance

    • D. 

      Reliability and accuracy

  • 11. 
    Which is a fundamental disadvantage of biometrics?
    • A. 

      Revoking credentials

    • B. 

      Encryption

    • C. 

      Communications

    • D. 

      Placement

  • 12. 
    Role-based access control-------------
    • A. 

      Is unique to mandatory access control

    • B. 

      Is independent of owner input

    • C. 

      Is based on user job functions

    • D. 

      Can be compromised by inheritance

  • 13. 
    Identity management is
    • A. 

      Another name for access controls

    • B. 

      A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment

    • C. 

      A set of technologies and processes focused on the provisioning and decommissioning of user credentials

    • D. 

      A set of technologies and processes used to establish trust relationships with disparate systems

  • 14. 
    A disadvantage of single sign-on is
    • A. 

      Consistent time-out enforcement across platforms

    • B. 

      A compromised password exposes all authorized resources

    • C. 

      Use of multiple passwords to remember

    • D. 

      Password change control

  • 15. 
    Which of the following is incorrect when considering privilege management?
    • A. 

      Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented.

    • B. 

      Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role

    • C. 

      An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated.

    • D. 

      Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.

Back to Top Back to top