CHAPTER 1 Access Control Framework
Policies
B
C
A
Unknown
B
D
C
B
D
A
Administrative
B
Behavioral
CHAPTER 2 Assessing Risk and Its Impact on Access Control
Probability of occurrence
A
Quantitative
B
B
A
A, B, and C
B
B
A
A
B
B
$150,000
ARO = 2
$25,000
CHAPTER 3 Business Drivers for Access Controls
A
Confidential
A
A
A
B
A
Confidentiality agreement
A
A
Confidentiality agreement
A
CHAPTER 4 Access Control Policies, Standards, Procedures, and Guidelines
A
C
B
A
A
Administrative
Publicly traded
A
B
Discretionary
Guidelines
CHAPTER 5 Unauthorized Access and Security Breaches
B
Computer Fraud and Abuse Act
A
B
A
E
A and C
A, B, D, and E
A
A
Vandalism
A
CHAPTER 6 Mapping Business Challenges to Access Control Types
A
Risk avoidance
Risk acceptance
Risk transference
Risk mitigation
Integrity
A
Sensitive
A
C
B
B
B
View full record
CHAPTER 7 Human Nature and Organizational Behavior
Status and wealth
A
A, B, C, and D
C
A
B
Disgruntled
E
A
A and C
Two-person control
A
B
A
CHAPTER 8 Access Control for Information Systems
A
B
ACL
System-audit
Binary large objects, or BLOBs
C
A
A
B
UNIX and Linux
B
Destroy
A and C
CHAPTER 9 Physical Security and Access Control
B
C
B
B and D
D
A
Dark
D
Physiological, behavioral
B
The point at which Type I and Type II errors are equal
D
A
D
B
CHAPTER 10 Access Control in the Enterprise
D
Mandatory access control (MAC), discretionary access control (DAC), role-based access control (RBAC), attribute-based access control (ABAC)
B and C
B
B, C, and E
A
A and C
B
C
A
A
C
CHAPTER 11 Access Control System Implementations
B
ISO
B
B and C
B, C, and E
D
Federal Financial Institutions Examinations Council (FFEIC)
128
C
NIST
CHAPTER 12 Access Control Systems for Remote Workers
B
Authentication, Authorization, and Accounting
B
B, C, and E
A
C
A, C, and D
Hash
A
D
Two-way
Three-way
C
B
CHAPTER 13 Public Key Infrastructure and Encryption
B
D
B and C
A and D
B
A, B, and C
1,024 bits
C
C
B and E
CHAPTER 14 Testing Access Control Systems
A
D
B and C
Nonintrusive
Intrusive
C
A
E
A
A
B
C
C
A, C, and D
CHAPTER 15 Access Control Assurance
Confidentiality, integrity, availability
C
A, C, and D
B
A
Blacklist
Whitelist
A
C
B
B
B
C