CCT 093: Practice CISSP Questions for Authorization Mechanisms and Access Control Models (CISSP Domain 5.4)
Nov 30, 2023Ever wondered how to build a fortress around your digital estate? Well, you're about to add a host of techniques to your arsenal. I, Sean Gerber, will take you through an enlightening exploration of access control models, examining prominent types including discretionary, mandatory, role-based, and risk-based models. We'll unlock the secret behind hybrid access controls and their role in reinforcing security layers. Plus, we won't skip the practical side of things, we’ll dive deep into how to implement these controls in real-life scenarios like setting up access control lists in firewalls.
But that's just the beginning. I'll be your guide through the challenging CISSP Cyber Training, showing you how to utilize it to its fullest to ensure you're well-equipped for the CISSP exam. It's not just about passing the test, it's about gaining a robust understanding of cybersecurity. We'll wrap up our episode with a strong call to action. Don't just satiate your curiosity, make the leap and check out the CISSP Cyber Training. Get ready to redefine your cybersecurity skills and ace that CISSP exam!
Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
TRANSCRIPT
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Good morning, it's Sean Gerber with CISSP Cyber Training and today yes, today is CISSP Cyber Training Thursday and we're going to go over questions that are associated with that, a podcast that occurred on Monday, and this is going to be going over CISSP questions associated with access controls. Yes, it's going to be riveting. I guarantee you you will love it. You will enjoy it and you will be happy that you did it. All right, let's get started. So we're going to be going into these discretionary access controls. This is Cyber Training Podcast 93 and you're going to be dealing with the various pieces that are associated with these access controls. Okay, question one which of the following access control models is primarily based on the subject, clearance and the objects classification? A discretionary access controls. B mandatory access controls. C role-based access controls or D risk-based access controls? Again, which of the following access controls is primarily based on the subject's clearance and the objects classification, and that is B mandatory access controls. These are based on clearance levels and security levels users are given, and this is basically optioned for objects such as documents and so forth, that are provided labels, and if the user's clearance matches or exceeds the objects label, they are gained granted access. Question two which access control model is access determined by rules that are globally defined by a system administrator? A discretionary access control. B mandatory access control. C our back, which is role-based access controls, or D rule-based access controls, which is are you back that's I know it's a lot of access controls. Again, which access control model is access determined by rules that are globally defined by a system administrator? Oh wait, that's rule-based access controls Question or answer D. Question three a company wants to grant access to its resources based on the department and job responsibilities of an employee. Which access control model is most suitable? Okay, a DAC discretionary access control. B MAC, c our back, or D are you back, which is your? Rule-based access controls? Again, a company wants to grant access to its resources based on the department and job responsibilities of an employee. Which one would that be? And that would be role-based access controls? Answer C this is based on a defined role within an organization and users who are defined to sign these roles are based on their overall job function. Question four which model are permissions typically given or denied based on user-defined attributes such as location, time and type of request? A Attribute-based controls, b Discretionary access controls, c Mandatory access controls or d Rule-based access controls, in which model or permissions are typically given or denied based on user-defined attributes such as location, time and type of request? And it is a Attribute-based access controls. A Back. That is the answer. Question 5. Which model is designed to evaluate the risk of an access attempt based on dynamic factors? A Rule-based access controls. B Mandatory access controls. C Risk-based access controls or d Discretionary access controls? Again, which model is designed to evaluate risk of an access attempt based on dynamic factors? And that would be risk-based access controls. They are real-time and are often based to run on context or environmental factors that allow or deny access based on the overall risk. Question 6. Which model relies heavily on the discretion of an object owner to grant access? A Mandatory access controls. B Discretionary access controls. C Our back. D Are you back? Which model relies heavily on the discretion of the object owner to grant access? And the answer is b Discretionary access controls. They determine who will have access to the resources, typically using access control lists which you will see with firewalls. That is the answer. Question 6. Answer is b DAC. Question 7. Which of the following access control models can clearance levels include top secret, secret and confidential? In which access control model can a clearance include top secret, secret and confidential? A DAC, b Our back. C Mac or d? Are you back Again? Which model can include top secret, secret and confidential? And the answer is c MAC. Mandatory access controls are security labels and clearances often used in government or military environments. Question 8. A company wants to combine multiple access control models to develop a layered security approach. This is a characteristic of hybrid access controls. B Are you back? C? Is MAC or d? Is ABAC attribute-based access controls? So a company wants to combine multiple access control models to develop a layered security approach and this would be a hybrid access controls. These are used for multiple controls to suit specific organizational needs. Question 9. Which model would a read-only attribute be most directly associated with an object? A Discretionary access controls. B Mandatory access controls. C ABAC or d Are back b. Which model would read-only attribute be the most directly associated with an object? And the answer is a Discretionary access controls. This allows owners to specifically put in place the specific, exact permissions needed for individual users or groups using access control lists. Again, read-only attribute would be tied to a discretionary access control. Question 10. A security system prompts an additional authentication if a user logs in outside of business hours. This is an example of a Are back, c DAC or b DAC, c Riskback or d A back Additional authentication if it's outside business hours. And the answer is D ABAC. Abac can be used environmental attributes like time of day and other aspects to ensure that you have access, and that's an attribute-based access controls. Question 11, a firewall that blocks or allows users traffic based on port number is using which type of access control model? A our back? C, are you back or B? Are you back C, abac or DMAC? A firewall that blocks or allows traffic based on a port number is using which type of access control model? And the answer is risk-based. I should say rule-based. That's B. Are you back? Are you back? Is you that sets predefined rules to allow or deny access, much like a firewall rule? Question 12, which access control model can become highly complex as more attributes are considered for decision-making? A our back, b MAC, c, dac or D ABAC? Again, which access control model can become highly complex as more attributes are considered for decision-making? And the answer is D ABAC. Abac's flexibility and use for multiple attributes can lead to increased complexity and again, that is the answer to question 12. Question 13, which access control model emphasizes the separation of duties, or SOD, by assigning users to predefined roles? A our back, c are you back? Or B are you back? C, mac, d, dac? Again, which access control model emphasizes separation of duties by assigning users to predefined roles? And the answer is A our back. Rule-based access controls are ensuring duties are segregated and separated by reducing the risk of unauthorized or malicious actions. Question 14, if an organization wanted to restrict access based on the user's project team and tasks within that team, which model would be best? A attribute-based access controls. B rule-based access controls. C discretionary access controls or D mandatory access controls. Again, organization wants to restrict access based on the user's project team and the tasks within the team, and it would be A. Attribute-based access controls are more suitable for, such as specific and dynamic access decisions. The last melon, the last question which access control model is most likely to use an access matrix for decisions? A DAC, b. Are you back? C? Mac or D? A back Again, which access control model is most likely to use an access matrix for decisions? And the answer is A DAC. Discretionary access controls define the rights of each subject over different objects. So the answer is A DAC. All right, I hope you all have a wonderful day. We are just excited here at CISSP Cyber Training to help give you all the information you need to pass the CISSP exam. I guarantee you go to CISSP Cyber Training. You'll have access to these videos. You'll have access to my content. I guarantee you you will pass the CISSP. If you follow the blueprint that's outlined at the CISSP Cyber Training, you'll follow it. If you follow it, you'll pass it. It's that guaranteed, but you gotta follow it. If you don't follow it, then all bets are off. But if you follow it, you will pass. All right, have a wonderful, wonderful day and we will catch you on the flip side, see ya.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!