Which of the following best describes role based access control?

15 Questions | By Cindymurray | Last updated: Mar 20, 2022 | Total Attempts: 1493

Nội dung chính Show

Which of the following best describes what role
What is role based access controls quizlet?
Which of the following is an example of rule
When using role

Settings

Feedback

During the Quiz End of Quiz

Difficulty

Sequential Easy First Hard First

MAW Prep for CISSP Exam

1.
A preliminary step in managing resources is:
- A.
  Conducting a risk analysis
- B.
  Defining who can access a given system or information
- C.
  Performing a business impact analysis
- D.
  Obtaining top management support
2.
Which best describes access controls?
- A.
  Access controls are a collection of technical controls that permit access to authorized users, systems, and applications.
- B.
  Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
- C.
  Access control is the employment of encryption solutions to protect authentication information during log-on.
- D.
  Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.
3.
----------- requires that a user or process be granted access to only those resources necessary to perform assigned functions. resources necessary to perform assigned functions.
- A.
  Discretionary access control
- B.
  Separation of duties
- C.
  Least privilege
- D.
  Rotation of duties
4.
What are the seven main categories of access control?
- A.
  Detective, corrective, monitoring, logging, recovery, classifi cation, and directive
- B.
  Directive, deterrent, preventative, detective, corrective, compensating, and recovery
- C.
  Authorization, identifi cation, factor, corrective, privilege, detective, and directive
- D.
  Identifi cation, authentication, authorization, detective, corrective, recovery, and directive
5.

What are the three types of access control?
- A.
  Administrative, physical, and technical
- B.
  Identifi cation, authentication, and authorization
- C.
  Mandatory, discretionary, and least privilege
- D.
  Access, management, and monitoring
6.
Which approach revolutionized the process of cracking passwords?
- A.
  Brute force
- B.
  Rainbow table attack
- C.
  Memory tabling
- D.
  One-time hashing
7.
What best describes two-factor authentication?
- A.
  Something you know
- B.
  Something you have
- C.
  Something you are
- D.
  A combination of two listed above
8.
A potential vulnerability of the Kerberos authentication server is
- A.
  Single point of failure
- B.
  Asymmetric key compromise
- C.
  Use of dynamic passwords
- D.
  Limited lifetimes for authentication credentials
9.
In mandatory access control the system controls access and the owner determines
- A.
  Validation
- B.
  Need to know
- C.
  Consensus
- D.
  Verifi cation
10.
Which is the least significant issue when considering biometrics?
- A.
  Resistance to counterfeiting
- B.
  Technology type
- C.
  User acceptance
- D.
  Reliability and accuracy
11.
Which is a fundamental disadvantage of biometrics?
- A.
  Revoking credentials
- B.
  Encryption
- C.
  Communications
- D.
  Placement
12.
Role-based access control-------------
- A.
  Is unique to mandatory access control
- B.
  Is independent of owner input
- C.
  Is based on user job functions
- D.
  Can be compromised by inheritance
13.
Identity management is
- A.
  Another name for access controls
- B.
  A set of technologies and processes intended to off er greater effi ciency in the management of a diverse user and technical environment
- C.
  A set of technologies and processes focused on the provisioning and decommissioning of user credentials
- D.
  A set of technologies and processes used to establish trust relationships with disparate systems
14.
A disadvantage of single sign-on is
- A.
  Consistent time-out enforcement across platforms
- B.
  A compromised password exposes all authorized resources
- C.
  Use of multiple passwords to remember
- D.
  Password change control
15.
Which of the following is incorrect when considering privilege management?
- A.
  Privileges associated with each system, service, or application, and the defi ned roles within the organization to which they are needed, should be identified and clearly documented.
- B.
  Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role
- C.
  An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated.
- D.
  Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.

The Certified Information Systems Security Professional (CISSP) is an information security certification which is allowed by ISC(International Information System Security Certification Consortium). There is a list of...

Questions: 18 | Attempts: 4120 | Last updated: Mar 21, 2022

Sample Question
Masquerading is:

Attempting to hack a system through backdoors to an operating system or application

Pretending to be an authorized user

Always done through IP spoofing

Applying a subnet mask to an internal IP range

Questions: 335 | Attempts: 2365 | Last updated: Mar 21, 2022

Sample Question
Which of the following processes identifies the threats that can impact the business continuity of operations?

Function analysis

Risk analysis

Requirement analysis

Business impact analysis

Do you know what CISSP is? The CISSP test helps you to identify all aspects of security and evaluate your performance to pay more attention to the areas you are not accustomed to. This quiz is a practive test with a series of...

Questions: 11 | Attempts: 1387 | Last updated: Mar 22, 2022

Sample Question
A high profile company has been receiving a high volume of attacks on their web site. The network administrator wants to be able to collect information on the attacker(s) so legal action can be taken. What should be implemented?

DMZ (Demilitarized Zone)

A honey pot

A firewall

A new subnet

More CISSP Quizzes

Aca Quizzes
Acca Quizzes
Ace Quizzes
Bcba Quizzes
Ccp Quizzes
Cdc Quizzes
Cdcs Quizzes
Ceh Quizzes
Cisa Quizzes
Cisco Quizzes
Cps Quizzes
Cpt Quizzes
Csa Quizzes
Cset Quizzes
Cst Quizzes
Cswip Quizzes
Ftce Quizzes
Hipaa Quizzes
Iahcsmm Quizzes
Istqb Quizzes
Leed Ga Quizzes
MBLEx Quizzes
Ncidq Quizzes
Pmp Quizzes
Praxis Quizzes
Ptcb Quizzes
Six Sigma Quizzes
Teas Quizzes

+ Show more

Back to top

Which of the following best describes what role

Which of the following best describes what role-based access control offers companies in reducing administrative burdens? A. It allows entities closer to the resources to make decisions about who can and cannot access resources.

What is role based access controls quizlet?

What is the Rule/Role Based Access Control (RBAC) Model? The RBAC Model uses roles to grant access by placing users into roles based on their assigned jobs, Functions, or tasks. Rights and permissions are assigned to the roles. A user is placed into a role, thereby inheriting the rights and permissions of the role.

Which of the following is an example of rule

Which of the following is an example of rule-based access control? Router access control lists that allow or deny traffic based on the characteristics of an IP packet. A router access control list that allows or denies traffic based on the characteristics of an IP packet is an example of rule-based access control.

When using role

With RBAC, permissions are associated with roles, and users or groups are assigned to appropriate roles. Roles are defined according to job competency, authority, and responsibility within the enterprise. Users and groups are easily reassigned from one role to another.

When using role