CERTIFIED-IN-CYBERSECURITY · Question #501
CERTIFIED-IN-CYBERSECURITY Question #501: Real Exam Question with Answer & Explanation
The correct answer is B: Objects, Rules, Subjects. In the context of access control, an 'object' is the data or resource that is to be protected, a 'subject' is the entity (usually a user or process) that seeks access to the object, and 'rules' are the policies that determine how subjects can interact with objects. For instance,
Question
What are the three main concepts of access control?
Options
- AManagers, Subjects, Data
- BObjects, Rules, Subjects
- CTopics, Objects, Rules
- DConfidentiality, Integrity, and Availability
Explanation
In the context of access control, an 'object' is the data or resource that is to be protected, a 'subject' is the entity (usually a user or process) that seeks access to the object, and 'rules' are the policies that determine how subjects can interact with objects. For instance, in a company's database, the 'object' could be a confidential file, the 'subject' could be an employee, and the 'rule' could be that only certain employees (like managers) can access the file (see the ISC2 Study Guide, Chapter 3, Module 1). While the other options may sound plausible, they do not accurately reflect the principles of access control. Confidentiality, integrity, and availability, also known as the CIA triad, are fundamental principles of cybersecurity, but they are not specific to access control. They are broader concepts that apply to all aspects of information security, not just access control. Finally, the options "Managers, Subjects, Data" and "Topics, Objects, Rules" are not recognized combinations of concepts in access control.
Topics
Community Discussion
No community discussion yet for this question.