Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Good morning , it's Sean Gerber with CISSP Cyber Training and today yes , today is CISSP Cyber Training Thursday and we're going to go over questions that are associated with that , a podcast that occurred on Monday , and this is going to be going over CISSP questions associated with access controls . Yes , it's going to be riveting .
I guarantee you you will love it . You will enjoy it and you will be happy that you did it . All right , let's get started . So we're going to be going into these discretionary access controls . This is Cyber Training Podcast 93 and you're going to be dealing with the various pieces that are associated with these access controls .
Okay , question one which of the following access control models is primarily based on the subject , clearance and the objects classification ? A discretionary access controls . B mandatory access controls . C role-based access controls or D risk-based access controls ?
Again , which of the following access controls is primarily based on the subject's clearance and the objects classification , and that is B mandatory access controls .
These are based on clearance levels and security levels users are given , and this is basically optioned for objects such as documents and so forth , that are provided labels , and if the user's clearance matches or exceeds the objects label , they are gained granted access .
Question two which access control model is access determined by rules that are globally defined by a system administrator ? A discretionary access control . B mandatory access control . C our back , which is role-based access controls , or D rule-based access controls , which is are you back that's I know it's a lot of access controls .
Again , which access control model is access determined by rules that are globally defined by a system administrator ? Oh wait , that's rule-based access controls Question or answer D . Question three a company wants to grant access to its resources based on the department and job responsibilities of an employee . Which access control model is most suitable ?
Okay , a DAC discretionary access control . B MAC , c our back , or D are you back , which is your ? Rule-based access controls ? Again , a company wants to grant access to its resources based on the department and job responsibilities of an employee . Which one would that be ? And that would be role-based access controls ?
Answer C this is based on a defined role within an organization and users who are defined to sign these roles are based on their overall job function . Question four which model are permissions typically given or denied based on user-defined attributes such as location , time and type of request ?
A Attribute-based controls , b Discretionary access controls , c Mandatory access controls or d Rule-based access controls , in which model or permissions are typically given or denied based on user-defined attributes such as location , time and type of request ? And it is a Attribute-based access controls . A Back . That is the answer . Question 5 .
Which model is designed to evaluate the risk of an access attempt based on dynamic factors ? A Rule-based access controls . B Mandatory access controls . C Risk-based access controls or d Discretionary access controls ? Again , which model is designed to evaluate risk of an access attempt based on dynamic factors ? And that would be risk-based access controls .
They are real-time and are often based to run on context or environmental factors that allow or deny access based on the overall risk . Question 6 . Which model relies heavily on the discretion of an object owner to grant access ? A Mandatory access controls . B Discretionary access controls . C Our back . D Are you back ?
Which model relies heavily on the discretion of the object owner to grant access ? And the answer is b Discretionary access controls . They determine who will have access to the resources , typically using access control lists which you will see with firewalls . That is the answer . Question 6 . Answer is b DAC . Question 7 .
Which of the following access control models can clearance levels include top secret , secret and confidential ? In which access control model can a clearance include top secret , secret and confidential ? A DAC , b Our back . C Mac or d ? Are you back Again ? Which model can include top secret , secret and confidential ? And the answer is c MAC .
Mandatory access controls are security labels and clearances often used in government or military environments . Question 8 . A company wants to combine multiple access control models to develop a layered security approach . This is a characteristic of hybrid access controls . B Are you back ? C ? Is MAC or d ? Is ABAC attribute-based access controls ?
So a company wants to combine multiple access control models to develop a layered security approach and this would be a hybrid access controls . These are used for multiple controls to suit specific organizational needs . Question 9 . Which model would a read-only attribute be most directly associated with an object ? A Discretionary access controls .
B Mandatory access controls . C ABAC or d Are back b . Which model would read-only attribute be the most directly associated with an object ? And the answer is a Discretionary access controls . This allows owners to specifically put in place the specific , exact permissions needed for individual users or groups using access control lists .
Again , read-only attribute would be tied to a discretionary access control . Question 10 . A security system prompts an additional authentication if a user logs in outside of business hours . This is an example of a Are back , c DAC or b DAC , c Riskback or d A back Additional authentication if it's outside business hours . And the answer is D ABAC .
Abac can be used environmental attributes like time of day and other aspects to ensure that you have access , and that's an attribute-based access controls . Question 11 , a firewall that blocks or allows users traffic based on port number is using which type of access control model ? A our back ? C , are you back or B ? Are you back C , abac or DMAC ?
A firewall that blocks or allows traffic based on a port number is using which type of access control model ? And the answer is risk-based . I should say rule-based . That's B . Are you back ? Are you back ? Is you that sets predefined rules to allow or deny access , much like a firewall rule ?
Question 12 , which access control model can become highly complex as more attributes are considered for decision-making ? A our back , b MAC , c , dac or D ABAC ? Again , which access control model can become highly complex as more attributes are considered for decision-making ? And the answer is D ABAC .
Abac's flexibility and use for multiple attributes can lead to increased complexity and again , that is the answer to question 12 . Question 13 , which access control model emphasizes the separation of duties , or SOD , by assigning users to predefined roles ? A our back , c are you back ? Or B are you back ? C , mac , d , dac ?
Again , which access control model emphasizes separation of duties by assigning users to predefined roles ? And the answer is A our back . Rule-based access controls are ensuring duties are segregated and separated by reducing the risk of unauthorized or malicious actions .
Question 14 , if an organization wanted to restrict access based on the user's project team and tasks within that team , which model would be best ? A attribute-based access controls . B rule-based access controls . C discretionary access controls or D mandatory access controls .
Again , organization wants to restrict access based on the user's project team and the tasks within the team , and it would be A . Attribute-based access controls are more suitable for , such as specific and dynamic access decisions . The last melon , the last question which access control model is most likely to use an access matrix for decisions ? A DAC , b .
Are you back ? C ? Mac or D ? A back Again , which access control model is most likely to use an access matrix for decisions ? And the answer is A DAC . Discretionary access controls define the rights of each subject over different objects . So the answer is A DAC . All right , I hope you all have a wonderful day .
We are just excited here at CISSP Cyber Training to help give you all the information you need to pass the CISSP exam . I guarantee you go to CISSP Cyber Training . You'll have access to these videos . You'll have access to my content . I guarantee you you will pass the CISSP .
If you follow the blueprint that's outlined at the CISSP Cyber Training , you'll follow it . If you follow it , you'll pass it . It's that guaranteed , but you gotta follow it . If you don't follow it , then all bets are off . But if you follow it , you will pass . All right , have a wonderful , wonderful day and we will catch you on the flip side , see ya .