Questions about CISSP "Access Control" domain.

s2008s2008 Banned Posts: 38 ■■□□□□□□□□
Hi,

I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

Question#1:
Is "Rule-Based Access Control" a DAC or NDAC?
Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?


Question#2:
Do "Authentication" in access control officially 3 or 4 types?
Because according to the quiz at the same site above it is 3, which are:
Type1: Something you know.
Type2: Something you have.
Type3: Something you are.
But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

Comments

  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    s2008 wrote: »
    Hi,

    I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

    Question#1:
    Is "Rule-Based Access Control" a DAC or NDAC?
    Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?


    Question#2:
    Do "Authentication" in access control officially 3 or 4 types?
    Because according to the quiz at the same site above it is 3, which are:
    Type1: Something you know.
    Type2: Something you have.
    Type3: Something you are.
    But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

    1)In most cases it would be mandatory access control. (Specific rules/policy's based on an object).

    2) I only know the three but i have not read the newest isc book this year so they could have added a fourth in theory.

    Also keep in mind most of these tests are not updated very often. That question could be from 5 years ago and their's no way to know.
  • kriscamaro68kriscamaro68 Member Posts: 1,186 ■■■■■■■□□□
    s2008 wrote: »
    Hi,

    I will be taking the CISSP after two weeks, and I have some questions that need clarifications, I would appreciate any advice in this matter.

    Question#1:
    Is "Rule-Based Access Control" a DAC or NDAC?
    Because according to the quiz at "www.freepracticetests.org" it says NDAC and accuses ISC2 books of being wrong on this!, so what is it?


    Question#2:
    Do "Authentication" in access control officially 3 or 4 types?
    Because according to the quiz at the same site above it is 3, which are:
    Type1: Something you know.
    Type2: Something you have.
    Type3: Something you are.
    But in my ISC2 book there is another type which is "Something you do" (e.g., signature dynamics)!

    I agree with GAngel. I have never even heard of ndac unless they are referring to network discretionary access control which still makes no sense. As for signature being a forth never heard of it being something you do. Thats a new one to me.
  • s2008s2008 Banned Posts: 38 ■■□□□□□□□□
    I agree with GAngel. I have never even heard of ndac unless they are referring to network discretionary access control which still makes no sense. As for signature being a forth never heard of it being something you do. Thats a new one to me.
    NDAC stands for "Non Discretionary Access Control".

    According to "www.freepracticetests.org" under NDAC we have:
    1) Rule-Based Access Control.
    2) Role-Based Access Control.
  • showstoppermdshowstoppermd Member Posts: 10 ■□□□□□□□□□
    According to the official guide, the author states "There are three fundamental types of authentication" (OIG P59)

    He goes on to state that there is a potential fourth factor of "somewhere you are" (OIG P60).

    I'm thinking according to ISC2 there are currently only 3.
Sign In or Register to comment.