Domain 3: Access Control Concepts

​ Example of logical access control:

A. Security guards

B. Biometric authentication

C. Passwords

D. Fire alarms

Answer: C

​ Multi-factor authentication (MFA) requires:

A. Two or more forms of authentication from different categories

B. The same password used in multiple places

C. Multiple users authenticating simultaneously

D. A combination of encryption methods

Answer: A

​ Access control based on job roles:

A. Discretionary Access Control (DAC)

B. Role-Based Access Control (RBAC)

C. Attribute-Based Access Control (ABAC)

D. Mandatory Access Control (MAC)

Answer: B

​ Access control granting permissions based on attributes like location:

A. Attribute-Based Access Control (ABAC)

B. Role-Based Access Control (RBAC)

C. Mandatory Access Control (MAC)

D. Discretionary Access Control (DAC)

Answer: A

​ Access control using predefined rules/labels:

A. Discretionary Access Control (DAC)

B. Role-Based Access Control (RBAC)

C. Mandatory Access Control (MAC)

D. Attribute-Based Access Control (ABAC)

Answer: C

​ Principle of least privilege:

A. Giving users only necessary permissions

B. Allowing administrators unlimited access

C. Preventing user account creation

D. Implementing mandatory security clearances

Answer: A

​ Time-based access control:

A. Granted only during specific hours

B. Determined by user role

C. Restricted to known locations

D. Granted after authentication expires

Answer: A

​ Centralized server enforcing access control policies:

A. Firewall

B. Directory Service

C. Proxy Server

D. Load Balancer

Answer: B

​ Attack using stolen session token:

A. Brute force

B. Replay attack

C. Session hijacking

D. Phishing

Answer: C

​ Access control model where users can grant/restrict access:

A. Discretionary Access Control (DAC)

B. Mandatory Access Control (MAC)

C. Role-Based Access Control (RBAC)

D. Attribute-Based Access Control (ABAC)

Answer: A

​ Purpose of a password policy:

A. Encrypt files

B. Enforce secure password creation/management

C. Monitor login attempts

D. Limit account creation

Answer: B

​ “Something you have” in MFA:

A. Password

B. Smart card

C. Biometrics

D. PIN

Answer: B

​ Risk of sharing user credentials:

A. Loss of password integrity

B. Violation of encryption standards

C. Increased bandwidth usage

D. Unauthorized access

Answer: D

​ Purpose of account lockout policies:

A. Block malicious traffic

B. Prevent brute force attacks

C. Encrypt sensitive data

D. Monitor login attempts

Answer: B

​ Access control dynamically adjusting access by location:

A. Attribute-Based Access Control (ABAC)

B. Role-Based Access Control (RBAC)

C. Mandatory Access Control (MAC)

D. Discretionary Access Control (DAC)

Answer: A

​ Primary purpose of biometric authentication:

A. Enhance encryption

B. Verify physical characteristics

C. Monitor network traffic

D. Backup critical data

Answer: B

​ Granting temporary access:

A. Privilege escalation

B. Time-bound access

C. User provisioning

D. Conditional access

Answer: B

​ Attack manipulating users to share confidential data:

A. Malware

B. Social engineering

C. Phishing

D. Keylogging

Answer: B

​ Preventing password reuse:

A. Multi-factor authentication

B. Password history policies

C. Single sign-on

D. Encryption

Answer: B

​ Primary function of access control logs:

A. Block unauthorized users

B. Record access attempts

C. Update user roles

D. Enforce encryption

Answer: B

​ Purpose of a firewall:

A. Detect malware

B. Filter traffic between networks

C. Encrypt sensitive information

D. Manage bandwidth

Answer: B

​ Attack flooding a network to disrupt resources:

A. Man-in-the-middle

B. Phishing

C. Denial of Service (DoS)

D. Replay

Answer: C