CCT 185: Mastering Access Control Models - Discretionary to Hybrid for the CISSP (Domain 5.4)

Unlock the secrets to mastering access control models essential for conquering the CISSP exam and advancing your cybersecurity expertise. Imagine having a comprehensive understanding of how discretionary, mandatory, role-based, risk-based, rule-based, attribute-based, and hybrid models function in various scenarios. This episode features Sean Gerber as he navigates the complex world of access control frameworks, offering insightful questions and real-world applications. Whether you're dealing with military security labels or defining access based on job responsibilities, gain the clarity needed to apply these models effectively in your cybersecurity practice.

Get ready to transform your CISSP exam preparation with unparalleled support from CISSP Cyber Training. Sean shares an exciting opportunity for exam success, emphasizing the power of dedicated study using a suite of comprehensive videos and guides. By committing to the program's blueprint, you can approach your certification journey with confidence and assurance. Join us and embrace this empowering learning experience that promises not just knowledge, but the keys to certification success.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go. Cybersecurity knowledge. All right, let's get started. Good morning. This is Sean Gerber with CISSP Cyber Training and today yes, today is CISSP Cyber Training Thursday and we're going to go over questions that are associated with that podcast that occurred on Monday, and this is going to be going over CISSP questions associated with access controls. Yes, it's going to be riveting CISSP questions. It's associated with access controls. Yes, it's going to be riveting. I guarantee you you will love it, you will enjoy it and you will be happy that you did it. All right, let's get started. So we're going to be going into these discretionary access controls. This is Cyber Training, podcast 93 and you're going to be dealing with the various pieces that are associated with these access controls. Okay, question one which of the following access control models is primarily based on the subject, clearance and the object's classification? A discretionary access controls, b mandatory access controls, c role-based access controls or D risk-based access controls. C role-based access controls or D risk-based access controls. Again, which of the following access controls is primarily based on the subject's clearance and the object's classification, and that is B mandatory access controls? These are based on clearance levels and security levels users are given, and this is basically option for objects such as documents and so forth, that are provided labels and if the user's clearance matches or exceeds the object's label, they are gained granted access. Question two which access control model is access determined by rules that are globally defined by a system administrator? A discretionary access control. B mandatory access control. C RBAC, which is a role-based access controls, or d rule-based access control, which is are you back that's? I know it's a lot of access controls. Again, which access control model is access determined by rules that are globally defined by a system administrator? Oh wait, that's rule-based access controls, question or answer D. Question three a company wants to grant access to its resources based on the department and job responsibilities of an employee. Which access control model is most suitable? Okay, a DAC discretionary access control. B, mac, c, rbac or D RUBAC, which is yourretionary Access Control? B, mac, c RBAC or D RUBAC, which is your rule-based access controls? Again, a company wants to grant access to its resources based on the department and job responsibilities of an employee. Which one would that be? And that would be role-based access controls? Answer C this is based on a defined roles within an organization and users who are assigned to these roles are based on a defined roles within an organization, and users who are defined assigned to these roles are based on their overall job function. Question four which model are permissions typically given or denied based on user-defined attributes, such as location, time and type of request? A Attribute-based controls, b Discretionary access controls, c Mandatory access controls. D Rule-based access controls? Again, which model or permissions are typically given or denied based on user-defined attributes, such as location, time and type of request? And it is A Attribute-based access controls, abac. That is the answer.

Speaker 1: 3:42 

Question 5. Controls A back. That is the answer. Question five which model is designed to evaluate the risk of an access attempt based on dynamic factors? A role-based access controls, b mandatory access controls, c risk-based access controls or D discretionary access controls? Again, which model is designed to evaluate risk of an access attempt based on dynamic factors? And that would be risk-based access controls. They are real time and are often based to run on context or environmental factors that allow or deny access based on the overall risk.

Speaker 1: 4:21 

Question six which model relies heavily on the discretion of an object owner to grant access? A mandatory access controls. B discretionary access controls. C are back. D are you back? Okay? Which model relies heavily on the discretion of the object owner to grant access? And the answer is B discretionary access controls. They determine who will have access to the resources, typically using access control lists which you will see with firewalls. That is the answer. Question of six the answer is B DAC.

Speaker 1: 4:56 

Question seven which of the following access control models can clearance levels include top secret, secret and confidential? In which access control model can a clearance include top secret, secret and confidential? In which access control model can a clearance include top secret, secret and confidential? A, dac, b, rbac, c, mac or D RUBAC? Again, which model can include top secret, secret and confidential? And the answer is C MAC. Mandatory access controls are security labels and clearances often used in government or military environments.

Speaker 1: 5:27 

Question eight a company wants to combine multiple access control models to develop a layered security approach. This is a characteristic of hybrid access controls. B would be RUBAC, c is MAC or D is ABAC attribute-based access controls. So a company wants to combine multiple access control models to develop a layered security approach and this would be A hybrid access controls. These are used for multiple controls to suit specific organizational needs. Question nine which model would a read-only attribute be most directly associated with an object? A discretionary access controls. B mandatory access controls. C ABAC or DRBAC? Again, which model would read-only attribute be the most directly associated with an object? Read-only attribute most directly associated with an object? And the answer is A discretionary access control. This allows owners to specifically put in place the specific, exact permissions needed for an individual users or groups using access control lists. Again, read-only attribute would be tied to a discretionary access control.

Speaker 1: 6:46 

Question 10. A security system prompts an additional authentication if a user logs in outside of business hours. This is an example of A RBAC, b, dac, c, rispac or DABAC Additional authentication if it's outside business hours and the answer is D ABAC. Abac can be used environmental attributes like time of day and other aspects to ensure that you have access, and that's an attribute-based access controls. Question 11, a firewall that blocks or allows users traffic based on port number is using which type of access control model? A our back, c are you back? Or B? Are you back? C, a back or D Mac? A firewall that blocks or allows traffic based on a port number is using which type of access control model? And the answer is risk-based. I should say rule-based. That's B. Are you-BAC? Ru-bac is a unit that sets predefined rules to allow or deny access, much like a firewall rule.

Speaker 1: 7:54 

Question 12. Which access control model can become highly complex as more attributes are considered for decision making? A RBAC, b, mac, c, dac or D? Abac? Again, which access control model can become highly complex as more attributes are considered for decision making? And the answer is D? Abac. Abac's flexibility and use for multiple attributes can lead to increased complexity and again, that is the answer to question 12.

Speaker 1: 8:25 

Question 13. Which access control model emphasizes the separation of duties or SOD, by assigning users to predefined roles? A? Rbac, c, rubac or B RUBAC, c, mac, d, dac? Again, which access control model emphasizes separation of duties by assigning users to predefined roles? And the answer is A RBAC. Role-based access controls are ensuring duties are segregated and separated by reducing the risk of unauthorized or malicious actions.

Speaker 1: 8:58 

Question 14, if an organization wanted to restrict access based on a user's project team and tasks within that team. Which model would be best? A attribute-based access controls, b role-based access controls, c discretionary access controls or D mandatory access controls. Again, organization wants to restrict access based on the user's project team and the task within the team, and it would be A. Attribute-based access controls are more suitable for such a specific and dynamic access decisions. The last melon, the last question which access control model is most likely to use an access matrix for decisions? A DAC, b, ru-bac, c, mac or D ABAC? Again, which access control model is most likely to use an access matrix for decisions? And the answer is A DAC. Discretionary access controls define the rights of each subject over different objects. So the answer is A DAC.

Speaker 1: 9:59 

All right, I hope you all have a wonderful day. We are just excited here at CISSP Cyber Training to help give you all the information you need to pass the CISSP exam. I guarantee you, go to CISSP Cyber Training. You'll have access to these videos. You'll have access to my content. I guarantee you you will pass the CISSP if you follow the blueprint that's outlined at the CISSP Cyber Training. You'll follow it. If you follow it, you'll pass it. It's that guaranteed. But you've got to follow it. If you follow it you'll pass it. It's that guaranteed. But you've got to follow it. If you don't follow it, then all bets are off. But if you follow it you will pass. All right, have a wonderful, wonderful day and we will catch you on the flip side, see ya.