CERTIFIED-IN-CYBERSECURITY Question #424: Real Exam Question with Answer & Explanation

Question

Access controls are ...

Options

• A...mechanisms to secure the integrity of critical data
• B...mechanisms that grant appropriate access levels to authorized personnel and deny access to
• C..mechanisms that provide the highest level of access to all personnel
• D... mechanisms that always need to be implemented in pairs

Explanation

Access controls are mechanisms that grant appropriate access levels to authorized personnel and deny access to unauthorized ones. They are designed to prevent unauthorized access to systems, enable authorized users to access the resources they need and ensure the integrity and confidentiality of all data (see ISC2 Study Guide Chapter 3, Module 1). Consider, for example, in a company, an employee in the finance department would have access to financial records and systems. In contrast, an employee in the HR department would have access to personnel files. Neither would have access to the other's resources because they are not authorized to do so. Regarding the other alternatives, access controls do not provide all personnel the highest level of access. In fact, they do the opposite: they restrict access based on a user's role and need to access certain information. Access controls do not always need to be implemented in pairs. While some access control methods may work well together, this is not a requirement. Finally, while access controls do help to secure the integrity of critical data, this is not their only function.

No community discussion yet for this question.