2.3.4 Access Control Practice Questions
Separation of duties is an example of which type of access control? A. Preventive B. Detective C. Compensative D. Corrective
A. Preventive
Which of the following is an example of privilege escalation? A. Mandatory vacations B. Principle of least privilege C. Separation of duties D. Creeping privileges
D. Creeping privileges
Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? A. Need to know B. Principle of least privilege C. Dual administrator accounts D. Separation of duties
D. Separation of duties
You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control will the access list use? A. Explicit allow, implicit deny B. Implicit allow, explicit deny C. Implicit allow, implicit deny
A. Explicit allow, implicit deny
What is the primary purpose of separation of duties? A. Prevent conflicts of interest B. Grant a greater range of control to senior management C. Inform managers that they are not trusted Increase the difficulty of performing administration
A. Prevent conflicts of interest
An access control list (ACL) contains a list of users and allowed permissions. What is it call the ACL automatically prevents access to anyone who is not on the list? A. Implicit allow B. Explicit deny C. Implicit deny D. Explicit allow
C. Implicit deny
You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with? A. Job rotation B. Need to know C. Principle of least privilege D. Cross-training
C. Principle of least privilege
Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? A. Formatting B. Deletion C. Sanitization D. Destruction
C. Sanitization
Need to know access is required to access which types of resources? A. High-security resources B. Low-security resources C. Resources with unique ownership D. Compartmentalized resources
D. Compartmentalized resources
You are concerned that the accountant in your organization might have the chance to modify' financial information and steal from the company. You want to periodically have another person take over all accounting responsibilities. To catch any irregularities which security principle are you implementing by periodically shifting accounting responsibilities? A. Separation of duties B. Least privilege C. Need to know D. Explicit deny E. Job rotation
E. Job rotation
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level? A. Ownership B. Clearance C. Separation of duties D. Least privilege E. Need to know
E. Need to know
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principle should you implement to accomplish this goal? A. Job rotation B. Least privilege C. Mandatory vacations D. Implicit deny E. Separation of duties
E. Separation of duties
