Securing Administrative Access

Questions and Answers

Which of the following is NOT one of the pillars of access control?

• Encryption (correct)
• Authentication
• Authorization
• Identification

Why is access control crucial in cybersecurity?

• To comply with global data protection laws
• To enhance network performance (correct)
• To aid in forensic investigations
• To prevent unauthorized exposure of sensitive information

What role does access control play in preventing security breaches?

• It provides evidence during forensic investigations
• It ensures compliance with data protection laws
• It fortifies security measures (correct)
• It enhances network performance

Which team is typically involved in drafting an Access Control Policy?

Security and management teams (A)

What is the purpose of authentication in an Access Control Policy?

To validate a user's claimed identity (D)

What is the principle of least privilege in the context of access control?

Users are given the minimum access levels they need to perform their job functions (D)

Which access control method is based on comparing user clearances with data classifications?

Mandatory Access Control (MAC) (C)

Which factor of authentication in Multi-Factor Authentication (MFA) involves possession factors like a physical card, a smartphone, or a hardware token?

Something You Have (D)

What is one of the advantages of implementing the Principle of Least Privilege (PoLP)?

Enhancement of security (A)

What is the purpose of regular audits and reporting in access control?

To gather accurate information about access control (A)

What percentage of data breaches begin with privileged credential abuse, according to Centrify's survey?

74% (C)

Which of the following is NOT an advantage of a multi-layered access control system?

Reduced complexity (B)

What is the main purpose of implementing a multi-layered access control system?

To improve overall security posture (B)

Why is resilience an important advantage of a multi-layered access control system?

It ensures that attackers need to overcome multiple layers to gain access (D)

Which of the following is a benefit of performing regular audits and reporting in access control?

Maintaining compliance with regulatory requirements (B)

What is the purpose of Role-Based Access Control (RBAC)?

To assign permissions to specific roles (D)

What is a role in the context of RBAC?

A set of access permissions (B)

What is the purpose of investing in Identity and Access Management (IAM)?

To simplify access management (A)

Which of the following is NOT a benefit of investing in IAM solutions?

Better control over access rights (C)

What is the purpose of granting temporary privileges in access control?

To limit potential misuse or exploitation of access rights (A)

Why is it important to log and track granted temporary privileges?

To create a record of who was granted access and when (B)

What are the key components of implementing a system for granting temporary privileges?

Approval processes, time limits, and automatic revocation of privileges (A)

Which principle should be followed when assigning privileges to administrators?

Principle of least privilege (PoLP) (D)

What is the purpose of multi-factor authentication (MFA) for administrative accounts?

To reduce the likelihood of unauthorized access (D)

What is the benefit of regularly updating and rotating administrative credentials?

Minimizes potential damage if credentials are compromised (D)

What is the purpose of Privileged Access Management (PAM) tools?

To manage, control, and monitor privileged access (B)

Flashcards are hidden until you start studying