Privileged Access Management Best Practices
18 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which type of access control policy is enforced uniformly across all subjects and objects within the boundary of an information system?

  • Mandatory access control (MAC) (correct)
  • Role-based access control (RBAC)
  • Discretionary access control (DAC)
  • Attribute-based access control (ABAC)

    • Which access control policy allows the owner of a resource to control access to that resource?

  • Role-based access control (RBAC)
  • Mandatory access control (MAC)
  • Discretionary access control (DAC) (correct)
  • Attribute-based access control (ABAC)

    • Which of the following is NOT a type of logical access control?

  • Hardware settings done with switches, jumper plugs or other means
  • Configuration settings or parameters stored as data
  • Security guards (correct)
  • Graphical user interface (GUI) managed through software

    • Which of the following is an example of a physical access control?

    <p>Locked doors/gates</p> Signup and view all the answers

    Which access control policy sets up user permissions based on roles?

    <p>Role-based access control (RBAC)</p> Signup and view all the answers

    What is the purpose of two-person integrity?

    <p>To ensure that no single user has complete control over a critical process</p> Signup and view all the answers

    Which type of access control model is considered the most restrictive, where the system owner defines and enforces the access control policy?

    <p>Mandatory Access Control (MAC)</p> Signup and view all the answers

    Which access control mechanism allows users to create, modify, and delete access control rules for the resources they own?

    <p>Discretionary Access Control (DAC)</p> Signup and view all the answers

    Which of the following is NOT an example of a physical access control?

    <p>Configuration settings or parameters stored as data</p> Signup and view all the answers

    Which access control model uses roles to manage permissions and access privileges?

    <p>Role-Based Access Control (RBAC)</p> Signup and view all the answers

    Which of the following is NOT a common activity performed during the 'offboarding' process for a terminated employee?

    <p>Creating a new baseline account for the employee</p> Signup and view all the answers

    Which of the following is NOT a benefit of Privileged Access Management (PAM)?

    <p>Confirming availability by never providing administrative access when needed</p> Signup and view all the answers

    Which of the following is an example of a physical access control?

    <p>Fences and locks</p> Signup and view all the answers

    What is the principle of least privilege?

    <p>Users and programs should have only the minimum privileges necessary to complete their tasks</p> Signup and view all the answers

    Which of the following is a form of mandatory access control (MAC)?

    <p>Bell-LaPadula model</p> Signup and view all the answers

    What is the purpose of segregation of duties (or separation of duties)?

    <p>To prevent collusion and reduce insider threats by requiring multiple individuals to complete a process</p> Signup and view all the answers

    What is a privileged account in the context of information security?

    <p>An account with approved authorizations for a privileged user</p> Signup and view all the answers

    What is the fundamental concept behind role-based access control (RBAC)?

    <p>Granting access based on user roles and associated permissions</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser