(ISC)2 Certified in Cybersecurity Practice Exam

What general term is used to describe the measures ensuring only authorized people have access to sensitive information?

• A. Access Control
• B. Data Encryption
• C. Network Security
• D. Data Retention

The correct answer is: Access Control

Access control refers to the strategies and measures implemented to ensure that only authorized individuals can access sensitive information. This fundamental cybersecurity principle involves identifying, authenticating, and authorizing users before granting them access to confidential data and systems. It encompasses various technologies and policies, such as user permissions, roles, and authentication methods like passwords, biometrics, and multi-factor authentication. The significance of access control lies in its ability to protect sensitive data from unauthorized access, thereby reducing the risk of data breaches and compliance violations. By managing who can view or interact with certain information, organizations can safeguard their assets and maintain control over their data. In contrast, other options like data encryption, network security, and data retention, while important components of an overall cybersecurity strategy, do not specifically focus on the access aspect. Data encryption ensures the confidentiality of information in transit or at rest, network security involves protecting the integrity and usability of networks, and data retention pertains to the policies around how long data is stored and when it can be disposed of. These terms, although relevant to data protection, do not encapsulate the concept of limiting access based on authorization.