[CCCure CISSP] Qs5 Access Control: cccure QuizEngn doubts

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] Qs5 Access Control: cccure QuizEngn doubts

Amlan Deb
Hello everyone,
 
I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
 
Thanks,
Amlan
 

Doubt#5
========

(This one involves 3 questions and explanations which are mentioned below)

 

152. 

1.     Question: 973 | Difficulty: 3/5 | Relevancy: 3/3

In the context of access control,  Badges and Magnetic Cards are examples of which of the following?

o      Administrative controls

o      Technical controls

o     Physical controls

o      Logical controls

You did not provide any answer to this question. Please review details below.

Administrative, technical and physical controls are examples of access control mechanisms.

Badges and magnetic card entry systems are examples of physical access control mechanisms.

Technical and logical access controls are the same.


Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 35).

Thanks to David Mansheffer for providing input to improve this question.

Contributor: Christian Vezina

Covered topic: <A title="Identification and authentication techniques - Techniques used by users to profess their identity to a system and to verify their claimed identity." href="javascript:void(0)">Identification and authentication techniques

 

 

136. 

1.     Question: 872 | Difficulty: 4/5 | Relevancy: 3/3

Smart cards are an example of which type of control?

o      Detective control

o      Administrative control

o     Technical control

o      Physical control

You did not provide any answer to this question. Please review details below.

Logical or technical controls involve the restriction of access to systems and the protection of information. Smart cards and encryption are examples of these types of control.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 32).

Contributor: Christian Vezina

 

15. 

1.     Question: 92 | Difficulty: 2/5 | Relevancy: 3/3

Which of the following is not a logical control when implementing logical access security?

o      access profiles.

o      userids.

o     employee badges.

o      passwords.

Congratulations, you got the correct answer! Details can be reviewed below.

The correct answer is: employee badges.

Employee badges are considered Physical so would not be a logical control.

The following answers are incorrect:

userids. Is incorrect because userids are a type of logical control.

access profiles. Is incorrect because access profiles are a type of logical control.

passwords. Is incorrect because passwords are a type of logical control.

Last modified 6/08/2007 - J. Hajec

Comment:

AIO states Logical Access Controls are tools used for identification, authentication, authorization, and accountability. Logical controls are technical in nature and also called Technical Access Controls.

References:

OIG CBK Access Controls (pages 125 - 129)

Contributor: Scot Hartman

Covered topic: <A title="Badges - " href="javascript:void(0)">Badges

 

 

My doubt:  Is my understanding correct that:

 

A “smart card” will always be considered a technical control?

A “badge” and “Magnetic card” will always be considered a physical control?

What about “memory card” – is that also considered a physical control?

 

 

_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org