Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Let's go . Cybersecurity knowledge . All right , let's get started . Good morning .
This is Sean Gerber with CISSP Cyber Training and today yes , today is CISSP Cyber Training Thursday and we're going to go over questions that are associated with that podcast that occurred on Monday , and this is going to be going over CISSP questions associated with access controls . Yes , it's going to be riveting CISSP questions . It's associated with access controls .
Yes , it's going to be riveting . I guarantee you you will love it , you will enjoy it and you will be happy that you did it . All right , let's get started . So we're going to be going into these discretionary access controls . This is Cyber Training , podcast 93 and you're going to be dealing with the various pieces that are associated with these access controls .
Okay , question one which of the following access control models is primarily based on the subject , clearance and the object's classification ? A discretionary access controls , b mandatory access controls , c role-based access controls or D risk-based access controls . C role-based access controls or D risk-based access controls .
Again , which of the following access controls is primarily based on the subject's clearance and the object's classification , and that is B mandatory access controls ?
These are based on clearance levels and security levels users are given , and this is basically option for objects such as documents and so forth , that are provided labels and if the user's clearance matches or exceeds the object's label , they are gained granted access .
Question two which access control model is access determined by rules that are globally defined by a system administrator ? A discretionary access control . B mandatory access control . C RBAC , which is a role-based access controls , or d rule-based access control , which is are you back that's ? I know it's a lot of access controls .
Again , which access control model is access determined by rules that are globally defined by a system administrator ? Oh wait , that's rule-based access controls , question or answer D . Question three a company wants to grant access to its resources based on the department and job responsibilities of an employee . Which access control model is most suitable ?
Okay , a DAC discretionary access control . B , mac , c , rbac or D RUBAC , which is yourretionary Access Control ? B , mac , c RBAC or D RUBAC , which is your rule-based access controls ? Again , a company wants to grant access to its resources based on the department and job responsibilities of an employee . Which one would that be ?
And that would be role-based access controls ? Answer C this is based on a defined roles within an organization and users who are assigned to these roles are based on a defined roles within an organization , and users who are defined assigned to these roles are based on their overall job function .
Question four which model are permissions typically given or denied based on user-defined attributes , such as location , time and type of request ? A Attribute-based controls , b Discretionary access controls , c Mandatory access controls . D Rule-based access controls ?
Again , which model or permissions are typically given or denied based on user-defined attributes , such as location , time and type of request ? And it is A Attribute-based access controls , abac . That is the answer . Question 5 . Controls A back . That is the answer .
Question five which model is designed to evaluate the risk of an access attempt based on dynamic factors ? A role-based access controls , b mandatory access controls , c risk-based access controls or D discretionary access controls ? Again , which model is designed to evaluate risk of an access attempt based on dynamic factors ? And that would be risk-based access controls .
They are real time and are often based to run on context or environmental factors that allow or deny access based on the overall risk . Question six which model relies heavily on the discretion of an object owner to grant access ? A mandatory access controls . B discretionary access controls . C are back . D are you back ? Okay ?
Which model relies heavily on the discretion of the object owner to grant access ? And the answer is B discretionary access controls . They determine who will have access to the resources , typically using access control lists which you will see with firewalls . That is the answer . Question of six the answer is B DAC .
Question seven which of the following access control models can clearance levels include top secret , secret and confidential ? In which access control model can a clearance include top secret , secret and confidential ? In which access control model can a clearance include top secret , secret and confidential ? A , dac , b , rbac , c , mac or D RUBAC ?
Again , which model can include top secret , secret and confidential ? And the answer is C MAC . Mandatory access controls are security labels and clearances often used in government or military environments . Question eight a company wants to combine multiple access control models to develop a layered security approach . This is a characteristic of hybrid access controls .
B would be RUBAC , c is MAC or D is ABAC attribute-based access controls . So a company wants to combine multiple access control models to develop a layered security approach and this would be A hybrid access controls . These are used for multiple controls to suit specific organizational needs .
Question nine which model would a read-only attribute be most directly associated with an object ? A discretionary access controls . B mandatory access controls . C ABAC or DRBAC ? Again , which model would read-only attribute be the most directly associated with an object ? Read-only attribute most directly associated with an object ?
And the answer is A discretionary access control . This allows owners to specifically put in place the specific , exact permissions needed for an individual users or groups using access control lists . Again , read-only attribute would be tied to a discretionary access control . Question 10 .
A security system prompts an additional authentication if a user logs in outside of business hours . This is an example of A RBAC , b , dac , c , rispac or DABAC Additional authentication if it's outside business hours and the answer is D ABAC .
Abac can be used environmental attributes like time of day and other aspects to ensure that you have access , and that's an attribute-based access controls . Question 11 , a firewall that blocks or allows users traffic based on port number is using which type of access control model ? A our back , c are you back ? Or B ? Are you back ? C , a back or D Mac ?
A firewall that blocks or allows traffic based on a port number is using which type of access control model ? And the answer is risk-based . I should say rule-based . That's B . Are you-BAC ? Ru-bac is a unit that sets predefined rules to allow or deny access , much like a firewall rule . Question 12 .
Which access control model can become highly complex as more attributes are considered for decision making ? A RBAC , b , mac , c , dac or D ? Abac ? Again , which access control model can become highly complex as more attributes are considered for decision making ? And the answer is D ? Abac .
Abac's flexibility and use for multiple attributes can lead to increased complexity and again , that is the answer to question 12 . Question 13 . Which access control model emphasizes the separation of duties or SOD , by assigning users to predefined roles ? A ? Rbac , c , rubac or B RUBAC , c , mac , d , dac ?
Again , which access control model emphasizes separation of duties by assigning users to predefined roles ? And the answer is A RBAC . Role-based access controls are ensuring duties are segregated and separated by reducing the risk of unauthorized or malicious actions .
Question 14 , if an organization wanted to restrict access based on a user's project team and tasks within that team . Which model would be best ? A attribute-based access controls , b role-based access controls , c discretionary access controls or D mandatory access controls .
Again , organization wants to restrict access based on the user's project team and the task within the team , and it would be A . Attribute-based access controls are more suitable for such a specific and dynamic access decisions . The last melon , the last question which access control model is most likely to use an access matrix for decisions ?
A DAC , b , ru-bac , c , mac or D ABAC ? Again , which access control model is most likely to use an access matrix for decisions ? And the answer is A DAC . Discretionary access controls define the rights of each subject over different objects . So the answer is A DAC . All right , I hope you all have a wonderful day .
We are just excited here at CISSP Cyber Training to help give you all the information you need to pass the CISSP exam . I guarantee you , go to CISSP Cyber Training . You'll have access to these videos . You'll have access to my content . I guarantee you you will pass the CISSP if you follow the blueprint that's outlined at the CISSP Cyber Training .
You'll follow it . If you follow it , you'll pass it . It's that guaranteed . But you've got to follow it . If you follow it you'll pass it . It's that guaranteed . But you've got to follow it . If you don't follow it , then all bets are off . But if you follow it you will pass .
All right , have a wonderful , wonderful day and we will catch you on the flip side , see ya .