Labsim 4.1.6 Quiz
You are a cybersecurity expert implementing a zero trust model in a large organization. You are tasked with designing the control and data planes. Which of the following strategies should you prioritize and why?
Balance your focus between the control and data planes, ensuring both are optimized for security and efficiency.
You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?
Explicit allow, implicit deny. Explicit allow means that only specific identified users can have access to the resource. Implicit deny means denying users not explicitly given access to a resource.
Which of the following is an example of rule-based access control?
Router access control lists that allow or deny traffic based on the characteristics of an IP packet.
Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?
The ABAC (Attribute-Based access Control) model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject.
After implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the chief information security officer (CISO) is assessing the company's security posture to identify deficiencies from the framework's recommendations. What process can the CISO run to get a better sense of what the company needs to improve upon?
The CISO would be preparing a gap analysis report. This report shows the defects in the company's current security posture against the NIST Cybersecurity Framework (or any other baseline security framework).
A corporation's IT department is integrating a new framework that permits, ascertains, and applies various resources in accordance with established company policies. Which principle should the department incorporate?
The department should incorporate policy driven access control. Policy-driven access control uses policies to control access to resources, allowing the organization to systematically enforce rules about who can access which resources under which conditions.
What is the primary purpose of separation of duties?
The primary purpose of separation of duties is to prevent conflicts of interest by dividing administrative powers between several trusted administrators. This prevents a single user having all privlieges over an enviroment.
Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?
This is Need To Know. Need to know is used with mandatory access control environments to implement granular control over access to segmented and classified data.
You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?
This is Role-based access control (RBAC) because only a specific group of users (managers) are allowed to access said specific data.
You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented?
This is an example of a discretionary access control list (DACL), which allows users to assign permissions to their created files as well as assign permissions who can access these files.
