ISC2-SSCP Domain 2: Access Controls Welcome to your ISC2-SSCP Domain 2: Access Controls 1. SSCP: Access Controls In a distributed system, which of the following access control models is BEST suited for fine-grained access control and scalability across different organizations? A. Discretionary Access Control 'DAC' B. Role-Based Access Control 'RBAC' C. Mandatory Access Control 'MAC' D. Attribute-Based Access Control 'ABAC' None 2. SSCP: Access Controls Which access control mechanism involves assigning permissions directly to subjects based on their identity? A. Rule-Based Access Control B. Role-Based Access Control 'RBAC' C. Discretionary Access Control 'DAC' D. Mandatory Access Control 'MAC' None 3. SSCP: Access Controls In the context of access control, which of the following best describes the principle of "least privilege"? A. Granting users the maximum permissions they might need to perform their job functions. B. Granting users only the permissions they need to perform their current task, no more, no less. C. Requiring users to have administrative privileges for access to any system resource. D. Assigning permissions based on seniority within the organization. None 4. SSCP: Access Controls Which of the following best exemplifies a situation where Role-Based Access Control 'RBAC' is particularly effective? A. In an environment where access needs change frequently based on specific project requirements. B. In a highly dynamic environment where user roles do not change often. C. In an organization with a small number of users and simple access requirements. D. In a large organization with many users and roles where access requirements are based on job functions. None 5. SSCP: Access Controls Which access control approach uses security labels to make access decisions based on comparisons between the labels and clearance levels? A. Discretionary Access Control 'DAC' B. Role-Based Access Control 'RBAC' C. Mandatory Access Control 'MAC' D. Attribute-Based Access Control 'ABAC' None 6. SSCP: Access Controls In an organization using Role-Based Access Control 'RBAC', what is the primary method for changing a user's access rights? A. Modifying the access control list (ACL) for each resource directly. B. Changing the user's role within the organization. C. Adjusting the security labels on the resources the user needs to access. D. Updating the user's profile with new permissions. None 7. SSCP: Access Controls Which concept in access control is primarily concerned with ensuring that users can access the resources they are authorized to use in a timely and reliable manner? A. Confidentiality B. Integrity C. Availability D. Non-repudiation None 8. SSCP: Access Controls What is the main security concern associated with the use of Discretionary Access Control 'DAC' systems? A. They are too rigid to adapt to changing access needs. B. They may allow the propagation of malicious software due to the ease of access permission changes. C. They rely heavily on the user's discretion, which can lead to overly permissive access rights. D. They are not suitable for environments requiring high levels of data classification and clearance. None 9. SSCP: Access Controls In the context of Access Control, what is the purpose of implementing separation of duties? A. To ensure that no single user has control over all aspects of a critical function. B. To segregate the network into different zones for security purposes. C. To differentiate between user roles based on organizational hierarchy. D. To assign unique security labels to different types of data. None 10. SSCP: Access Controls When configuring an access control system, which of the following is an essential practice for enhancing security through the principle of least privilege? A. Assigning all users to the administrative role to simplify access control management. B. Automatically granting new employees access to all systems until their specific needs are assessed. C. Regularly reviewing and adjusting users' permissions to ensure they align with current job responsibilities. D. Using a single, shared account for all users to access high-security systems to minimize the number of potential attack vectors. None 11. SSCP: Access Controls What is the primary advantage of using a centralized access control system over a decentralized one? A. Increased flexibility in setting permissions for individual users. B. Enhanced security through localized management of access controls. C. Simplified management and consistent enforcement of access policies across the organization. D. Greater autonomy for departmental managers to control access within their teams. None 12. SSCP: Access Controls In an enterprise environment utilizing Role-Based Access Control 'RBAC', which strategy is MOST effective for managing access rights when an employee transitions between departments? A. Automatically retaining all previous access rights to ensure uninterrupted workflow. B. Temporarily suspending the user account until the new role requirements are assessed. C. Immediately revoking all previous access rights and reassigning based on the new role. D. Maintaining a superuser role that grants unrestricted access to all departmental resources. None 13. SSCP: Access Controls In the implementation of Mandatory Access Control 'MAC', what is the primary role of sensitivity labels? A. To define the minimum password complexity requirements for system access. B. To categorize resources and users into different trust levels for access decisions. C. To log access attempts by users for auditing and compliance purposes. D. To encrypt data transmissions within the system for confidentiality. None 14. SSCP: Access Controls Which of the following is a critical security concern when implementing Discretionary Access Control 'DAC' in a multi-user environment? A. The difficulty in tracking user activities across different systems. B. The potential for privilege escalation due to lax permissions management. C. The complexity of integrating DAC with existing enterprise applications. D. The overhead of maintaining separate access controls for each user. None 15. SSCP: Access Controls What is the primary security advantage of using Role-Based Access Control 'RBAC' over Discretionary Access Control 'DAC'? A. RBAC allows for easier password management. B. RBAC provides a more granular level of access control. C. RBAC facilitates the central administration of access controls. D. RBAC supports stronger encryption methods for data protection. None 16. SSCP: Access Controls In access control terminology, what is the main purpose of implementing a "default deny" security posture? A. To ensure that all users have at least basic access to system resources. B. To deny access by default, only granting permissions where explicitly authorized. C. To automatically allow access unless specifically denied by an administrator. D. To provide unrestricted access to resources for troubleshooting purposes. None 17. SSCP: Access Controls Which mechanism is MOST effective in preventing unauthorized access through lost or stolen credentials in a system employing Access Control? A. Password complexity requirements. B. Multi-factor authentication 'MFA'. C. Regular password expiration policies. D. Single sign-on (SSO) systems. None 18. SSCP: Access Controls In a system with Attribute-Based Access Control 'ABAC', which of the following attributes would be LEAST relevant for making access decisions? A. The time of day the access attempt is made. B. The job title of the user requesting access. C. The encryption strength of the user's connection. D. The user's department within the organization. None 19. SSCP: Access Controls When configuring access controls, which of the following best exemplifies the concept of "dynamic access control"? A. Permissions assigned based on static roles defined within an organization. B. Access rights that adjust automatically based on the current context or environment. C. A set of predefined access rules that apply universally across all systems. D. The use of security groups to manage access for large numbers of users simultaneously. None 20. SSCP: Access Controls In the context of Access Control, which of the following best describes the purpose of a "security token"? A. A physical or digital object used to prove identity or privileges. B. A password or passphrase that grants access to a secure system. C. A software mechanism that limits the number of users in a system. D. A protocol that encrypts data transmissions between two parties. None 1 out of 20 Time is Up! Time's up
