Questions about CISSP "Access Control" domain.

s2008

Hi,

I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

Question#1:
Is "Rule-Based Access Control" a DAC or NDAC?
Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?

Question#2:
Do "Authentication" in access control officially 3 or 4 types?
Because according to the quiz at the same site above it is 3, which are:
Type1: Something you know.
Type2: Something you have.
Type3: Something you are.
But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

GAngel

s2008 wrote: »

Hi,

I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

Question#1:
Is "Rule-Based Access Control" a DAC or NDAC?
Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?

Question#2:
Do "Authentication" in access control officially 3 or 4 types?
Because according to the quiz at the same site above it is 3, which are:
Type1: Something you know.
Type2: Something you have.
Type3: Something you are.
But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

1)In most cases it would be mandatory access control. (Specific rules/policy's based on an object).

2) I only know the three but i have not read the newest isc book this year so they could have added a fourth in theory.

Also keep in mind most of these tests are not updated very often. That question could be from 5 years ago and their's no way to know.

kriscamaro68

s2008 wrote: »

Hi,

I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

Question#1:
Is "Rule-Based Access Control" a DAC or NDAC?
Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?

Question#2:
Do "Authentication" in access control officially 3 or 4 types?
Because according to the quiz at the same site above it is 3, which are:
Type1: Something you know.
Type2: Something you have.
Type3: Something you are.
But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

I agree with GAngel. I have never even heard of ndac unless they are referring to network discretionary access control which still makes no sense. As for signature being a forth never heard of it being something you do. Thats a new one to me.

s2008

kriscamaro68 wrote: »

I agree with GAngel. I have never even heard of ndac unless they are referring to network discretionary access control which still makes no sense. As for signature being a forth never heard of it being something you do. Thats a new one to me.

NDAC stands for "Non Discretionary Access Control".

According to "www.freepracticetests.org" under NDAC we have:
1) Rule-Based Access Control.
2) Role-Based Access Control.

showstoppermd

According to the official guide, the author states "There are three fundamental types of authentication" (OIG P59)

He goes on to state that there is a potential fourth factor of "somewhere you are" (OIG P60).

I'm thinking according to ISC2 there are currently only 3.