Deciding whom you let in -- and, more importantly, whom you keep out -- is at the core of every enterprise security strategy. When it comes to granting, restricting or denying access to resources, infosec professionals must understand how to use different types of access control systems that manage identification, authentication and authorization of both people and devices.
These are some of the key principles covered in Domain 5 of the CISSP exam -- Identity and Access Management -- which means test-takers need to be prepared to answer questions about types of access control systems and methods. From multifactor authentication to cloud-based identity services, CISSP candidates should have a working knowledge of the various ways to prevent the bad guys -- or even just the good-but-unauthorized ones -- from accessing enterprise assets.
Test your knowledge in these areas with 10 multiple-choice questions about some different types of access control systems, authorization mechanisms and identity services covered in Domain 5.
The following quiz is excerpted from the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition, ©2015 John Wiley & Sons, All Rights Reserved.
CISSP® is a registered mark of (ISC)².