(ISC)2 Certified in Cybersecurity Practice Exam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the (ISC)2 Certified in Cybersecurity Exam with comprehensive quizzes and extensive question banks. Enhance your skills with detailed explanations and practice tests designed to improve your expertise for the certification exam. Get exam-ready now!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which term refers to the instruction used to allow or deny access by comparing a subject's identity with an access control list?

  1. Policy

  2. Rule

  3. Standard

  4. Procedure

The correct answer is: Rule

The correct answer is the term "Rule." In the context of access control, a rule is a specific instruction that defines whether a particular user (the subject) has permission to access certain resources based on their identity. These rules are typically implemented within an access control list (ACL), which enumerates the permissions assigned to various users or system entities. When a system is determining access permissions, it evaluates the identity of the user against the conditions set forth in the rule. If criteria in the rule are met, access may be granted; if not, access is denied. This process ensures that only authorized users can access sensitive data or resources, thereby enhancing security. In contrast, the other terms represent different concepts within the framework of security and governance. A policy is a high-level statement of intent that outlines the security principles and objectives for an organization. A standard represents a baseline of requirements and rules that guide policy implementation and practices. A procedure entails the specific steps or tasks that must be followed to comply with the policies and standards. Although all these terms are interconnected in an organizational context, "Rule" specifically aligns with the operational aspects of access control as defined in the question.

More Questions Like This