Securing Administrative Access

Questions and Answers

Which of the following is NOT one of the pillars of access control?

Encryption (correct)

Authentication

Authorization

Identification

Why is access control crucial in cybersecurity?

To comply with global data protection laws

To enhance network performance (correct)

To aid in forensic investigations

To prevent unauthorized exposure of sensitive information

What role does access control play in preventing security breaches?

It provides evidence during forensic investigations

It ensures compliance with data protection laws

It fortifies security measures (correct)

It enhances network performance

Which team is typically involved in drafting an Access Control Policy?

Security and management teams

What is the purpose of authentication in an Access Control Policy?

To validate a user's claimed identity

What is the principle of least privilege in the context of access control?

Users are given the minimum access levels they need to perform their job functions

Which access control method is based on comparing user clearances with data classifications?

Mandatory Access Control (MAC)

Which factor of authentication in Multi-Factor Authentication (MFA) involves possession factors like a physical card, a smartphone, or a hardware token?

Something You Have

What is one of the advantages of implementing the Principle of Least Privilege (PoLP)?

Enhancement of security

What is the purpose of regular audits and reporting in access control?

To gather accurate information about access control

What percentage of data breaches begin with privileged credential abuse, according to Centrify's survey?

74%

Which of the following is NOT an advantage of a multi-layered access control system?

Reduced complexity

What is the main purpose of implementing a multi-layered access control system?

To improve overall security posture

Why is resilience an important advantage of a multi-layered access control system?

It ensures that attackers need to overcome multiple layers to gain access

Which of the following is a benefit of performing regular audits and reporting in access control?

Maintaining compliance with regulatory requirements

What is the purpose of Role-Based Access Control (RBAC)?

To assign permissions to specific roles

What is a role in the context of RBAC?

A set of access permissions

What is the purpose of investing in Identity and Access Management (IAM)?

To simplify access management

Which of the following is NOT a benefit of investing in IAM solutions?

Better control over access rights

What is the purpose of granting temporary privileges in access control?

To limit potential misuse or exploitation of access rights

Why is it important to log and track granted temporary privileges?

To create a record of who was granted access and when

What are the key components of implementing a system for granting temporary privileges?

Approval processes, time limits, and automatic revocation of privileges

Which principle should be followed when assigning privileges to administrators?

Principle of least privilege (PoLP)

What is the purpose of multi-factor authentication (MFA) for administrative accounts?

To reduce the likelihood of unauthorized access

What is the benefit of regularly updating and rotating administrative credentials?

Minimizes potential damage if credentials are compromised

What is the purpose of Privileged Access Management (PAM) tools?

To manage, control, and monitor privileged access