Which of the following security design principles says ‘access decisions should be based on permission rather than exclusion’?Group of answer choicesFail-safe defaultsComplete mediationSeparation of privilegeLeast Astonishment

Rebecca, a security professional, was instructed to limit employees’ access to critical resources. For this purpose, she implemented an access principle that provides permission to access only necessary resources that are required for their job tasks. The permissions can be extended later based on changes in their job roles. Identify the access principle implemented by Rebecca in the above scenario.Group of answer choicesPrinciple of least privilege (POLP)Rule-based access controlNeed-to-knowSeparation of duties (SoD)

Which of the following best expresses the primary goal when controlling access to assets?Group of answer choicesEnsure that only valid objects can authenticate on a system.Prevent unauthorized access to subjects.Ensure that all subjects are authenticated.Preserve confidentiality, integrity, and availability of systems and data.

If different user groups with different security access levels need to access the same information, which of the following actions should management take?Group of answer choicesDecrease the security level of the information to ensure accessibility and usability of the information.Decrease the classification label on the information.Require specific written approval each time an individual needs to access the informationIncrease the security controls on the information.

Question 81 ptsWhat type of access control approaches is suitable when several people in the organization perform the same role or task?       Group of answer choicesLattice-based access controlDiscretionary access controlMandatory access controlRole/task-based access control

________ is the ability to ensure that messages and data are only available to those authorized to view them.Group of answer choicesAvailabilityConfidentialityIntegrityPrivacy