CERTIFIED-IN-CYBERSECURITY · Question #465
CERTIFIED-IN-CYBERSECURITY Question #465: Real Exam Question with Answer & Explanation
The correct answer is A: Grant the appropriate level of access to authorized personnel and processes. The primary objective of access control is to grant the appropriate level of access to authorized individuals and processes. Access control is a security technique that regulates which users or applications can access or use resources in a computing environment (see the ISC2 Stud
Question
What is the PRIMARY objective of access control?
Options
- AGrant the appropriate level of access to authorized personnel and processes
- BProtect data and systems from inside sources
- CTo restrict access to information systems and data
- DSafeguard data and systems from outside sources
Explanation
The primary objective of access control is to grant the appropriate level of access to authorized individuals and processes. Access control is a security technique that regulates which users or applications can access or use resources in a computing environment (see the ISC2 Study Guide, Chapter 3, Module 1). Here is an example of access control in action. Consider an organization, an employee in the finance department would have access to financial records and systems, while an employee in the human resources department would have access to personnel records. Neither would have access to the other's resources because they are not authorized to do so. The other options are incorrect because while access control helps restrict access to information systems and data, protect data and systems from insiders, and protect data and systems from outsiders, these are not its primary goals. The primary goal of access control is to ensure that only authorized individuals and processes have access to the resources they need.
Topics
Community Discussion
No community discussion yet for this question.