Privileged Access Management Best Practices
18 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which type of access control policy is enforced uniformly across all subjects and objects within the boundary of an information system?

  • Mandatory access control (MAC) (correct)
  • Role-based access control (RBAC)
  • Discretionary access control (DAC)
  • Attribute-based access control (ABAC)

Which access control policy allows the owner of a resource to control access to that resource?

  • Role-based access control (RBAC)
  • Mandatory access control (MAC)
  • Discretionary access control (DAC) (correct)
  • Attribute-based access control (ABAC)

Which of the following is NOT a type of logical access control?

  • Hardware settings done with switches, jumper plugs or other means
  • Configuration settings or parameters stored as data
  • Security guards (correct)
  • Graphical user interface (GUI) managed through software

Which of the following is an example of a physical access control?

<p>Locked doors/gates (C)</p> Signup and view all the answers

Which access control policy sets up user permissions based on roles?

<p>Role-based access control (RBAC) (A)</p> Signup and view all the answers

What is the purpose of two-person integrity?

<p>To ensure that no single user has complete control over a critical process (D)</p> Signup and view all the answers

Which type of access control model is considered the most restrictive, where the system owner defines and enforces the access control policy?

<p>Mandatory Access Control (MAC) (D)</p> Signup and view all the answers

Which access control mechanism allows users to create, modify, and delete access control rules for the resources they own?

<p>Discretionary Access Control (DAC) (A)</p> Signup and view all the answers

Which of the following is NOT an example of a physical access control?

<p>Configuration settings or parameters stored as data (C)</p> Signup and view all the answers

Which access control model uses roles to manage permissions and access privileges?

<p>Role-Based Access Control (RBAC) (A)</p> Signup and view all the answers

Which of the following is NOT a common activity performed during the 'offboarding' process for a terminated employee?

<p>Creating a new baseline account for the employee (A)</p> Signup and view all the answers

Which of the following is NOT a benefit of Privileged Access Management (PAM)?

<p>Confirming availability by never providing administrative access when needed (C)</p> Signup and view all the answers

Which of the following is an example of a physical access control?

<p>Fences and locks (C)</p> Signup and view all the answers

What is the principle of least privilege?

<p>Users and programs should have only the minimum privileges necessary to complete their tasks (B)</p> Signup and view all the answers

Which of the following is a form of mandatory access control (MAC)?

<p>Bell-LaPadula model (A)</p> Signup and view all the answers

What is the purpose of segregation of duties (or separation of duties)?

<p>To prevent collusion and reduce insider threats by requiring multiple individuals to complete a process (C)</p> Signup and view all the answers

What is a privileged account in the context of information security?

<p>An account with approved authorizations for a privileged user (D)</p> Signup and view all the answers

What is the fundamental concept behind role-based access control (RBAC)?

<p>Granting access based on user roles and associated permissions (C)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser