ISC2-CC Domain 3: Access Controls Concepts Welcome to your ISC2-CC Domain 3: Access Controls Concepts 1. CC: Access Controls Concepts In the context of access control systems, which of the following best describes a situation where Mandatory Access Control 'MAC' would be preferred over Discretionary Access Control 'DAC'? A. A small startup where all employees share similar access needs. B. A military organization with highly classified information. C. An open-source project with contributors around the world. D. A family-owned business managing personal data. None 2. CC: Access Controls Concepts Which of the following best exemplifies the principle of "least privilege" in an access control context? A. Granting all users admin rights to simplify system management. B. Assigning permissions based on the maximum requirements of a user's role. C. Providing temporary elevated access when required for specific tasks. D. Allowing users to request additional access rights when needed. None 3. CC: Access Controls Concepts In a Role-Based Access Control 'RBAC' system, which of the following scenarios best demonstrates the concept of "role explosion"? A. A system with a few predefined roles that cover all necessary permissions. B. A system where individual permissions are directly assigned to users instead of roles. C. A system that requires a new role for each unique combination of permissions. D. A system with roles defined at a very high level, such as "user" and "administrator." None 4. CC: Access Controls Concepts Which access control model is best suited for environments requiring dynamic adjustments to access permissions based on changing contexts, such as the user's location or time of access? A. Mandatory Access Control 'MAC' B. Discretionary Access Control 'DAC' C. Role-Based Access Control 'RBAC' D. Attribute-Based Access Control 'ABAC' None 5. CC: Access Controls Concepts In implementing access control policies, which of the following represents the biggest challenge in a Discretionary Access Control 'DAC' system? A. Ensuring that all users have the minimum necessary permissions to perform their tasks. B. Preventing the propagation of access rights, especially when objects are shared widely. C. Establishing fixed roles that accurately reflect the organization's operational structure. D. Automatically adjusting access permissions based on real-time data attributes. None 6. CC: Access Controls Concepts When considering the implementation of a new access control system, which factor is MOST critical in deciding between a centralized and decentralized approach? A. The size of the organization. B. The specific industry regulations that apply. C. The geographic distribution of the organization's operations. D. The organization's preference for open-source software. None 7. CC: Access Controls Concepts Which of the following scenarios best illustrates the use of dynamic access control? A. An employee's access to a project management tool is automatically revoked upon their transfer to a different department. B. A user is granted access to a secure file after passing a two-factor authentication process. C. Access to a network resource is only available during business hours. D. A system administrator manually updates access permissions at the end of each quarter. None 8. CC: Access Controls Concepts In the context of access control, which of the following best describes the purpose of separation of duties 'SoD'? A. To ensure that no single individual has control over all aspects of a transaction. B. To divide responsibilities among multiple systems to improve performance. C. To segregate network segments for security purposes. D. To allocate different shifts to employees to ensure 24/7 coverage. None 9. CC: Access Controls Concepts Which principle of access control is primarily concerned with ensuring that users are who they claim to be? A. Authentication B. Authorization C. Accounting D. Auditing None 10. CC: Access Controls Concepts In an organization using Role-Based Access Control 'RBAC', which of the following best describes the process of "role mining"? A. The practice of defining new roles based on observed user behavior patterns. B. The manual assignment of users to predefined roles within the system. C. The use of automated tools to identify and correct improper role assignments. D. The process of reviewing and updating roles on a periodic basis to ensure compliance. None 11. CC: Access Controls Concepts What access control mechanism is MOST effective in preventing unauthorized access to sensitive resources in a cloud computing environment? A. Password complexity requirements B. Multifactor authentication 'MFA' C. Periodic access reviews D. Single sign-on (SSO) None 12. CC: Access Controls Concepts When implementing an access control scheme in a highly secure environment, which attribute is MOST critical for an Attribute-Based Access Control 'ABAC' model to evaluate? A. The user's job title. B. The sensitivity level of the data being accessed. C. The time of day when access is requested. D. The physical location from which the request originates. None 13. CC: Access Controls Concepts In the context of federated access management, which of the following best describes the role of a Security Assertion Markup Language (SAML) assertion? A. It serves as a digital certificate for encrypting data in transit. B. It acts as a request for access between federated domains. C. It provides a format for exchanging authentication and authorization data. D. It defines the schema for role-based access control settings. None 14. CC: Access Controls Concepts Which of the following is an example of a transitive trust in a multi-domain access control environment? A. Domain A trusts Domain B, and Domain B trusts Domain C; therefore, Domain A trusts Domain C. B. Domain A and Domain B both trust Domain C independently. C. Domain A trusts Domain B, but Domain B does not trust Domain A. D. Domain A and Domain B have a direct trust established through a bilateral agreement. None 15. CC: Access Controls Concepts In a secure access control system, which mechanism is MOST effective in ensuring users can only perform actions that are necessary for their role? A. Password protection B. Mandatory access control 'MAC' C. Two-factor authentication D. Role-based access control 'RBAC' None 16. CC: Access Controls Concepts What is the primary challenge when implementing a mandatory access control 'MAC' system in an organization with diverse and dynamic access needs? A. The complexity of defining roles B. The inflexibility of access control policies C. The difficulty in managing user passwords D. The requirement for continuous user training None 17. CC: Access Controls Concepts Which access control principle is primarily violated when a user retains access rights to resources after changing roles within an organization? A. Separation of duties B. Least privilege C. Mandatory access control D. Role explosion None 18. CC: Access Controls Concepts In the implementation of access control, which of the following is a primary security concern associated with the delegation of rights? A. Increased complexity of access control lists (ACLs) B. Potential for privilege escalation C. Decreased efficiency in access control administration D. Reduced granularity of access control None 19. CC: Access Controls Concepts Which concept in access control is designed to verify the effectiveness of security policies and the correct implementation of roles and permissions? A. Access review B. Continuous monitoring C. Security auditing D. Compliance testing None 20. CC: Access Controls Concepts In a scenario where an organization's access control system is based on the principle of context-aware access controls, which factor would NOT typically influence access decisions? A. The time of the access request B. The user's compliance with corporate security training C. The risk level associated with the accessed resource D. The device used to make the access request None 1 out of 20 Time is Up! Time's up
