ISC2 Certified in Cybersecurity Chapter 3 Exam with solutions

2



ISC2 Certified in Cybersecurity Chapter 3 Exam with
|| || || || || || || ||




solutions


A safeguard or countermeasure designed to preserve Confidentiality, Integrity and Availability of
|| || || || || || || || || || || ||




data.
A Control
||




_____ _____ involves limiting what objects can be available to what subjects according to what
|| || || || || || || || || || || || || || ||




rules.
Access Control ||




Access is based on three elements. What are they?
|| || || || || || || ||




1. Subjects
||




2. Objects
||




3. Rules
||




Generally an individual, process or device causing information to flow among objects or change
|| || || || || || || || || || || || || ||




to the system state. NIST SP800-53 R4
|| || || || || ||




Subject
Any entity that request access to our access and is the imitator of a request for service. therefore it
|| || || || || || || || || || || || || || || || || || ||




is referred to as "active".
|| || || ||




Subject
-Is a user, a process, a procedure, a client (or a server), a program, a device such as an endpoint,
|| || || || || || || || || || || || || || || || || || || ||




workstation, smartphone or removable storage device with onboard firmware. || || || || || || || ||




-Is active: it initiates a request for access to resources or services.
|| || || || || || || || || || ||




-Requests a service from an object. || || || || ||




-Should have a level of clearance (permissions) that relates to its ability to successfully access
|| || || || || || || || || || || || || || ||




service or resources. || ||




Subject
Passive information system-related entity (e.g., devices, files, records, tables, processes,
|| || || || || || || || || ||




programs, domains) containing or receiving information. NIST SP 800-53 Rev 4
|| || || || || || || || || ||




Object

, 2


A device process, person, user, program, server, client or other entity that responds to a request for
|| || || || || || || || || || || || || || || ||




service and is passive in that it takes no action until its called upon.
|| || || || || || || || || || || || || ||




Object
-Is a building, a computer, a file, a database, a printer or scanner, a server, a communications
|| || || || || || || || || || || || || || || || ||




resource, a block of memory, an input/output port, a person, a software task, thread or process
|| || || || || || || || || || || || || || ||




-Is anything that provides service to a user.
|| || || || || || ||




-Is passive. ||




-Responds to a request. || || ||




-May have a classification. || || ||




Object
An instruction developed to allow or deny access to a system by comparing the validated identity
|| || || || || || || || || || || || || || || ||




of the subject to an access control list.
|| || || || || || ||




Rule
This might be added to allow access from the inside network to the outside network.
|| || || || || || || || || || || || || ||




Rule
-Compare multiple attributes to determine appropriate access || || || || || ||




-Allow access to an object. || || || ||




-Define how much access is allowed. || || || || ||




-Deny access to an object. || || || ||




-Apply time-based access. || ||




Rule
Devices that enforce administrative security policies by filtering incoming traffic based on a set of
|| || || || || || || || || || || || || ||




rules.
||




Firewall
The use of multiple controls arranged in series to provide several consecutive controls to protect
|| || || || || || || || || || || || || || ||




an asset; also called defense in depth.
|| || || || || ||




Layered Defense ||




Information security strategy integrating people, technology, and operations capabilities to || || || || || || || || || ||




establish variable barriers across multiple layers and missions of the organization. NIST SP 800-
|| || || || || || || || || || || || ||




53 Rev 4 || ||




Defense in Depth || ||