ALMS INFORMATION SECURITY EXAMINATION
TEST 2026 SOLVED QUESTIONS
◉ Confidential Services Inc. is a military-support branch consisting
of 1,400 computers with Internet access and 250 servers. All
employees are required to have security clearances. From the
options listed below, what access control model would be most
appropriate for this organization? This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform
this task are A to H and alt+1 to alt+9.
A.Discretionary access control
B.Role-based access control
C.Attribute-based access control
D.Mandatory access control. Answer: D.Mandatory access control
◉ A VPN connection that is set to time out after 24 hours is
demonstrating which model of access control? This task contains the
radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Mandatory access control
B.Role-based access control
C.Attribute-based access control
,D.Discretionary access control. Answer: Attribute-based access
control
Lesson: Authorization and Access Control
Objective: More Advanced
◉ States that we should allow only the bare minimum access
required in order for a given party (person, user account, or
process) to perform a needed functionality. Answer: Principle of
least privilege
◉ Typically built to a certain resource, these contain the identifiers
of the party allowed to access the resource and what the party is
allowed to do.. Answer: Access control lists (ACLs)
◉ In this method of security, a person's capabilities are oriented
around the use of a token that controls their access (e.g. a personal
badge). Answer: Capability-based security
◉ A type of attack that is more common in systems that use ACLs
rather than capabilities. Answer: The confused deputy problem
◉ A type of attack that misuses the authority of the browser on the
user's computer. Answer: Cross-site request forgery (CSRF)
,◉ Access is determined by the owner of the resource in question.
Answer: Discretionary access control (DAC)
◉ Similar to MAC in that access controls are set by an authority
responsible for doing so, rather than by the owner of the resource. In
this model, access is based on the role the individual is performing.
Answer: Role-based access control (RBAC)
◉ Access is based on attributes (of a person, a resource, or an
environment). Answer: Attribute-based access control
◉ Designed to prevent conflicts of interest; commonly used in
industries that handle sensitive data. Three main resource classes
are considered in this model: objects, company groups, and conflict
classes.. Answer: The Brewer and Nash model
◉ A combination of DAC and MAC, primarily concerned with the
confidentiality of the resource. Two security properties define how
information can flow to and from the resource: the simple security
property and the * property.. Answer: The Bell-LaPadula model
◉ Primarily concerned with protecting the integrity of data, even at
the expense of confidentiality. Two security rules: the simple
integrity axiom and the * integrity axiom.. Answer: The Biba model
, ◉ An access control model that includes many tiers of security and
is used extensively by military and government organizations and
those that handle data of a very sensitive nature. Answer: Multilevel
access control model
◉ What process ensures compliance with applicable laws, policies,
and other bodies of administrative control, and detects misuse? This
task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization. Answer: C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
◉ Nessus is an example of a(n) _______________ tool. This task contains
the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
TEST 2026 SOLVED QUESTIONS
◉ Confidential Services Inc. is a military-support branch consisting
of 1,400 computers with Internet access and 250 servers. All
employees are required to have security clearances. From the
options listed below, what access control model would be most
appropriate for this organization? This task contains the radio
buttons and checkboxes for options. The shortcut keys to perform
this task are A to H and alt+1 to alt+9.
A.Discretionary access control
B.Role-based access control
C.Attribute-based access control
D.Mandatory access control. Answer: D.Mandatory access control
◉ A VPN connection that is set to time out after 24 hours is
demonstrating which model of access control? This task contains the
radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
A.Mandatory access control
B.Role-based access control
C.Attribute-based access control
,D.Discretionary access control. Answer: Attribute-based access
control
Lesson: Authorization and Access Control
Objective: More Advanced
◉ States that we should allow only the bare minimum access
required in order for a given party (person, user account, or
process) to perform a needed functionality. Answer: Principle of
least privilege
◉ Typically built to a certain resource, these contain the identifiers
of the party allowed to access the resource and what the party is
allowed to do.. Answer: Access control lists (ACLs)
◉ In this method of security, a person's capabilities are oriented
around the use of a token that controls their access (e.g. a personal
badge). Answer: Capability-based security
◉ A type of attack that is more common in systems that use ACLs
rather than capabilities. Answer: The confused deputy problem
◉ A type of attack that misuses the authority of the browser on the
user's computer. Answer: Cross-site request forgery (CSRF)
,◉ Access is determined by the owner of the resource in question.
Answer: Discretionary access control (DAC)
◉ Similar to MAC in that access controls are set by an authority
responsible for doing so, rather than by the owner of the resource. In
this model, access is based on the role the individual is performing.
Answer: Role-based access control (RBAC)
◉ Access is based on attributes (of a person, a resource, or an
environment). Answer: Attribute-based access control
◉ Designed to prevent conflicts of interest; commonly used in
industries that handle sensitive data. Three main resource classes
are considered in this model: objects, company groups, and conflict
classes.. Answer: The Brewer and Nash model
◉ A combination of DAC and MAC, primarily concerned with the
confidentiality of the resource. Two security properties define how
information can flow to and from the resource: the simple security
property and the * property.. Answer: The Bell-LaPadula model
◉ Primarily concerned with protecting the integrity of data, even at
the expense of confidentiality. Two security rules: the simple
integrity axiom and the * integrity axiom.. Answer: The Biba model
, ◉ An access control model that includes many tiers of security and
is used extensively by military and government organizations and
those that handle data of a very sensitive nature. Answer: Multilevel
access control model
◉ What process ensures compliance with applicable laws, policies,
and other bodies of administrative control, and detects misuse? This
task contains the radio buttons and checkboxes for options. The
shortcut keys to perform this task are A to H and alt+1 to alt+9.
A.Nonrepudiation
B.Deterrence
C.Auditing
D.Accountability
E.Authorization. Answer: C.Auditing
Lesson: Auditing and Accountability
Objective: Introduction
◉ Nessus is an example of a(n) _______________ tool. This task contains
the radio buttons and checkboxes for options. The shortcut keys to
perform this task are A to H and alt+1 to alt+9.
