CERTIFIED-IN-CYBERSECURITY · Question #298
CERTIFIED-IN-CYBERSECURITY Question #298: Real Exam Question with Answer & Explanation
The correct answer is D: Policy. Policies are not considered an access control layer. While policies play a critical role in defining the rules for access control, they are not an access control layer in themselves. There are three layers of access control: Physical, Administrative, and Technical (see the ISC2 S
Question
Which of the following options is NOT an access control layer?
Options
- AAdministrative
- BPhysical
- CTechnical
- DPolicy
Explanation
Policies are not considered an access control layer. While policies play a critical role in defining the rules for access control, they are not an access control layer in themselves. There are three layers of access control: Physical, Administrative, and Technical (see the ISC2 Study Guide, Module 1, under Controls Overview). These layers reflect the different methods used to control access to resources in an organization. Physical controls are tangible security measures such as door locks, fences, and security cameras that prevent unauthorized physical access to resources. For example, a data center might use biometric locks on doors to restrict access to servers. Administrative controls are the procedures, policies, and guidelines that govern how people work within the organization. They include things like user training, background checks, and security procedures. For example, an organization might have a policy that requires employees to undergo cybersecurity training. Technical controls are the technical mechanisms that control access to resources, such as firewalls, encryption, and authentication systems. An example of a technical control is a firewall that blocks unauthorized access to a network.
Topics
Community Discussion
No community discussion yet for this question.