Review Questions



                1.  Which of the following would not be an asset that an organization
                    would want to protect with access controls?

                    A.  Information

                    B.  Systems

                    C.  Devices

                    D.  Facilities

                    E.  None of the above


                2.  Which of the following is true related to a subject?

                    A.  A subject is always a user account.

                    B.  The subject is always the entity that provides or hosts the
                        information or data.

                    C.  The subject is always the entity that receives information about
                        or data from an object.

                    D.  A single entity can never change roles between subject and
                        object.

                3.  Which of the following types of access control uses fences, security

                    policies, security awareness training, and antivirus software to stop
                    an unwanted or unauthorized activity from occurring?

                    A.  Preventive

                    B.  Detective

                    C.  Corrective

                    D.  Authoritative

                4.  What type of access controls are hardware or software mechanisms
                    used to manage access to resources and systems, and provide

                    protection for those resources and systems?

                    A.  Administrative