CompTIA Security Plus Mock Test Q1656

An organization is trying to decide which type of access control is most appropriate for the network. The current access control approach is too complex and requires significant overhead. Management would like to simplify the access control and provide user with the ability to determine what permissions should be applied to files, document, and directories. The access control method that BEST satisfies these objectives is:

A. Rule-based access control
B. Role-based access control
C. Mandatory access control
D. Discretionary access control

Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1624

A security administrator wants to implement a company-wide policy to empower data owners to manage and enforce access control rules on various resources. Which of the following should be implemented?

A. Mandatory access control
B. Discretionary access control
C. Role based access control
D. Rule-based access control

Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1613

A recent audit has revealed that all employees in the bookkeeping department have access to confidential payroll information, while only two members of the bookkeeping department have job duties that require access to the confidential information. Which of the following can be implemented to reduce the risk of this information becoming compromised in this scenario? (Select TWO)

A. Rule-based access control
B. Role-based access control
C. Data loss prevention
D. Separation of duties
E. Group-based permissions


Correct Answer: B,E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1240

An administrator uses a server with a trusted OS and is configuring an application to go into production tomorrow, In order to make a new application work properly, the administrator reates a new policy that labels the application and assigns it a security context within the trusted OS. Which of the following control methods is the administrator using by configuring this policy?

A. Time based access control
B. Mandatory access control
C. Role based access control
D. Rule based access control


Correct Answer: C
Section: Mixed Questions

CompTIA Security Plus Mock Test Q903

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

A. Common access card
B. Role based access control
C. Discretionary access control
D. Mandatory access control


Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on
the required tasks of that role.

Incorrect Answers:
A: Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip. Common Access Cards (CACs) are the U.S. government and military
version of a smart card.
C: Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner. It does not rely
on job function.
D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. It does not rely on job function.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 278-284

CompTIA Security Plus Mock Test Q901

During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed
B. Matrix of job titles with required access privileges
C. Clearance levels of all company personnel
D. Normal hours of business operation

Correct Answer: B
Section: Access Control and Identity Management

Explanation:
Role-based access control is a model where access to resources is determines by job role rather than by user account.
Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system
users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not
assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the
user’s account; this simplifies common operations, such as adding a user, or changing a user’s department.
To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role.

Incorrect Answers:
A: For role-based access control, you don’t need conditional rules under which certain systems may be accessed; you just need a list of roles and their associated privileges.
C: Clearance levels of all company personnel. Privileges are assigned based on job role rather than directly to individuals.
D: The hours of business operation are not required. Business hours are not related to assigning access privileges.

References:
http://en.wikipedia.org/wiki/Role-based_access_control