CISSP Prep- Access Control Questions

15 Questions | Total Attempts: 1334

SettingsSettingsSettings
CISSP Quizzes & Trivia

MAW Prep for CISSP Exam


Questions and Answers
  • 1. 
    A preliminary step in managing resources is:
    • A. 

      Conducting a risk analysis

    • B. 

      Defining who can access a given system or information

    • C. 

      Performing a business impact analysis

    • D. 

      Obtaining top management support

  • 2. 
    • A. 

      Access controls are a collection of technical controls that permit access to authorized users, systems, and applications.

    • B. 

      Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.

    • C. 

      Access control is the employment of encryption solutions to protect authentication information during log-on.

    • D. 

      Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.

  • 3. 
    ----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions.   resources necessary to perform assigned functions.
    • A. 

      Discretionary access control

    • B. 

      Separation of duties

    • C. 

      Least privilege

    • D. 

      Rotation of duties

  • 4. 
    What are the seven main categories of access control?
    • A. 

      Detective, corrective, monitoring, logging, recovery, classifi cation, and directive

    • B. 

      Directive, deterrent, preventative, detective, corrective, compensating, and recovery

    • C. 

      Authorization, identifi cation, factor, corrective, privilege, detective, and directive

    • D. 

      Identifi cation, authentication, authorization, detective, corrective, recovery, and directive

  • 5. 
    What are the three types of access control?
    • A. 

      Administrative, physical, and technical

    • B. 

      Identifi cation, authentication, and authorization

    • C. 

      Mandatory, discretionary, and least privilege

    • D. 

      Access, management, and monitoring

  • 6. 
    Which approach revolutionized the process of cracking passwords?
    • A. 

      Brute force

    • B. 

      Rainbow table attack

    • C. 

      Memory tabling

    • D. 

      One-time hashing

  • 7. 
    What best describes two-factor authentication?
    • A. 

      Something you know

    • B. 

      Something you have

    • C. 

      Something you are

    • D. 

      A combination of two listed above

  • 8. 
    • A. 

      Single point of failure

    • B. 

      Asymmetric key compromise

    • C. 

      Use of dynamic passwords

    • D. 

      Limited lifetimes for authentication credentials

  • 9. 
    In mandatory access control the system controls access and the owner determines
    • A. 

      Validation

    • B. 

      Need to know

    • C. 

      Consensus

    • D. 

      Verifi cation

  • 10. 
    Which is the least significant issue when considering biometrics?
    • A. 

      Resistance to counterfeiting

    • B. 

      Technology type

    • C. 

      User acceptance

    • D. 

      Reliability and accuracy

  • 11. 
    Which is a fundamental disadvantage of biometrics?
    • A. 

      Revoking credentials

    • B. 

      Encryption

    • C. 

      Communications

    • D. 

      Placement

  • 12. 
    Role-based access control-------------
    • A. 

      Is unique to mandatory access control

    • B. 

      Is independent of owner input

    • C. 

      Is based on user job functions

    • D. 

      Can be compromised by inheritance

  • 13. 
    Identity management is
    • A. 

      Another name for access controls

    • B. 

      A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment

    • C. 

      A set of technologies and processes focused on the provisioning and decommissioning of user credentials

    • D. 

      A set of technologies and processes used to establish trust relationships with disparate systems

  • 14. 
    A disadvantage of single sign-on is
    • A. 

      Consistent time-out enforcement across platforms

    • B. 

      A compromised password exposes all authorized resources

    • C. 

      Use of multiple passwords to remember

    • D. 

      Password change control

  • 15. 
    • A. 

      Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented.

    • B. 

      Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role

    • C. 

      An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated.

    • D. 

      Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.