(ISC)2 Certified in Cybersecurity Practice Exam

Which of the following statements about access control mechanisms is accurate?

• A. Biometric systems are always accurate
• B. Physical controls can be the only method needed
• C. Administrative controls are redundant
• D. Multiple control types enhance security

The correct answer is: Multiple control types enhance security

The selected answer highlights the importance of using a combination of different types of access control mechanisms to strengthen overall security. When multiple control types are implemented—such as physical, administrative, and technical controls—they create a layered defense approach. This is known as defense in depth, where each layer serves as a safeguard against potential breaches. This approach is beneficial because if one control fails or is compromised, other controls can still provide protection. For instance, if a biometric authentication system is bypassed, other methods, like security personnel or surveillance cameras, can help prevent unauthorized access. Additionally, using multiple control types can address various vulnerabilities and threats, ensuring that security is not overly reliant on a single mechanism. Other options do not accurately represent the nuances of access control mechanisms. For example, biometric systems, while often highly reliable, are not infallible and can sometimes produce false positives or negatives. Physical controls, like locks and barriers, are important but may not be sufficient alone without complementary administrative and technical measures. Lastly, administrative controls—such as policies and procedures—are fundamental to establishing guidelines and responsibilities, rather than being seen as redundant. Therefore, recognizing the value of integrating various control types is essential for effective security management.