Which is the best rule-based access control constraint to protect against unauthorized access when admins are off-duty?
a. Least privilege
b. Separation of duties
c. Account expiration
d. Time of day
Answer: D
Time-of-day rules prevent administrative access requests during off-hours when local admins and security professionals are not on duty. Answer A is incorrect because least privilege is a principle of assigning only those rights necessary to perform assigned tasks. Answer B is incorrect because separation of duties aids in identification of fraudulent or incorrect processes by ensuring that action and validation practices are performed separately. Answer C is incorrect because account expiration policies ensure that individual accounts do not remain active past their designated lifespan but do nothing to ensure protections are enabled during admin downtime.
Learn More :
Access Control and Identity Management
- Which one of the following defines APIs for devices such as smart cards that contain cryptographic information?
- Which type of authorization provides no mechanism for unique logon identification?
- Which of the following is not true regarding expiration dates of certificates?
- Which of the following is true of digital signatures? (Choose the two best answers.)
- To check the validity of a digital certificate, which one of the following would be used?
- Which category of authentication includes smart cards?
- Which process involves verifying keys as being authentic?
- Which of the three principles of security is supported by an iris biometric system?
- If Sally wants to send a secure message to Mark using public key encryption but is not worried about sender verification, what does she need in addition to her original message text?
- What is the name given to the system of digital certificates and certificate authorities used for public key cryptography over networks?
- In a decentralized key management system, the user is responsible for which one of the following functions?
- Which form of access control enables data owners to extend access rights to other logons?
- Which of the following is a type of smart card issued by the Department of Defense as a general identification/authentication card for military personnel, contractors, and non-DoD employees?
- What is implied at the end of each access control list?
- Which of the following is a client-server-oriented environment that operates in a manner similar to RADIUS?
- What is invoked when a person claims they are the user but cannot be authenticated—such as when they lose their password?
- You have added a new child domain to your network. As a result of this, the child has adopted all the trust relationships with other domains in the forest that existed for its parent domain. What is responsible for this?
- Which of the following security areas encompasses network access control (NAC)?
- Your company provides medical data to doctors from a worldwide database. Because of the sensitive nature of the data you work with, it's imperative that authentication be established on each session and be valid only for that session. Which of the following authentication methods provides credentials that are valid only during a single session?
- Which technology allows a connection to be made between two networks using a secure protocol?
- You're the administrator for Mercury Technical. Due to several expansions, the network has grown exponentially in size within the past two years. Which of the following is a popular method for breaking a network into smaller private networks that can coexist on the same wiring and yet be unaware of each other?
- After a careful risk analysis, the value of your company's data has been increased. Accordingly, you're expected to implement authentication solutions that reflect the increased value of the data. Which of the following authentication methods uses more than one authentication process for a logon?
- You've been assigned to mentor a junior administrator and bring him up to speed quickly. The topic you're currently explaining is authentication. Which method uses a KDC to accomplish authentication for users, programs, or systems?
- Your office administrator is being trained to perform server backups. Which authentication method would be ideal for this situation?