CompTIA Security+ Question L-75

The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?

A. Discretionary access control
B. Role-based access control
C. Time of Day access control
D. Mandatory access control

Answer: C

Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.

CompTIA Security+ Question L-23

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?

A. Separation of Duties
B. Mandatory Vacations
C. Discretionary Access Control
D. Job Rotation

Answer: A

Explanation:
Separation of duties means that users are granted only the permissions they need to do their work and no more.

CompTIA Security+ Question K-62

Employee badges are encoded with a private encryption key and specific personal information.
The encoding is then used to provide access to the network. Which of the following describes this access control type?

A. Smartcard
B. Token
C. Discretionary access control
D. Mandatory access control

Answer: A

Explanation:
Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that can include data regarding the authorized bearer. This data can then be used for identification and/or authentication purposes.

CompTIA Security+ Question I-64

Users require access to a certain server depending on their job function. Which of the following would be the MOST appropriate strategy for securing the server?

A. Common access card
B. Role based access control
C. Discretionary access control
D. Mandatory access control

Answer: B

Explanation:
Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role.

CompTIA Security+ Question H-40

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control

Answer: A

Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels Public Sensitive Private Confidential

MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.

CompTIA Security+ Question F-1

After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system

Answer: D

Explanation:
A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability.

CompTIA Security+ Question E-76

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann’s administrative capabilities. Which of the following systems should be deployed?

A. Role-based
B. Mandatory
C. Discretionary
D. Rule-based

Answer: C

Explanation:
In a Discretionary Access Control (DAC) model, network users have some fl exibility regarding how information is accessed. This model allows users to share information dynamically with other users. Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner. In this question, Ann has requested that she have the ability to assign read and write privileges to her folders. Read and write access to Ann’s files will be granted by Ann at her discretion. Therefore, this is an example of Discretionary Access Control.

CompTIA Security+ Question C-11

Peter Has read and write access to his own home directory. Peter and Ann are collaborating on a project, and Peter would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

A. Role-based access control
B. Rule-based access control
C. Mandatory access control
D. Discretionary access control

Answer: D

Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.

CompTIA Security+ Question B-57

Which of the following common access control models is commonly used on systems to ensure a “need to know” based on classification levels?

A. Role Based Access Controls
B. Mandatory Access Controls
C. Discretionary Access Controls
D. Access Control List

Answer: B

Explanation:
Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.

CompTIA Security+ Question B-45

Ann is a member of the Sales group. She needs to collaborate with Peter, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann:read/write
Sales Group:read
IT Group:no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Peter?

A. Add Peter to the Sales group.
B. Have the system administrator give Peter full access to the file.
C. Give Peter the appropriate access to the file directly.
D. Remove Peter from the IT group and add him to the Sales group.

Answer: C

Explanation:
Peter needs access to only one file. He also needs to ‘edit’ that file. Editing a file requires Read and Write access to the file. The best way to provide Peter with the minimum required permissions to edit the file would be to give Peter the appropriate access to the file directly.