Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCCDomainsAccess Controls Concepts
CCFree — No Signup

Access Controls Concepts

Practice CC Access Controls Concepts questions with full explanations on every answer.

58questions

Start practicing

Access Controls Concepts — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CC Domains

Access Controls ConceptsBusiness Continuity, DR & Incident ResponseSecurity PrinciplesNetwork SecuritySecurity Operations

Practice Access Controls Concepts questions

10Q20Q30Q50Q

All CC Access Controls Concepts questions (58)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

An organization wants to implement the principle of least privilege for its database administrators. Which approach best achieves this goal?

2

A security auditor discovers that a user has been granted read and write access to a sensitive file, but the user's job only requires read access. Which access control principle has been violated?

3

Which access control model uses subject and object labels to enforce access based on a security policy?

4

A company implements a policy where a financial transaction must be initiated by one employee and approved by a different employee. This is an example of which access control concept?

5

An organization uses Active Directory and wants to grant a group of temporary interns access to a shared folder for exactly 30 days. Which access control approach is most efficient?

6

Which TWO are characteristics of Role-Based Access Control (RBAC)?

7

Which THREE are valid methods for authenticating a user in an access control system?

8

You are the security administrator for a mid-sized e-commerce company. The company uses a Linux-based web server running Apache, with a MySQL database backend. User authentication is handled via LDAP. Recently, the security team discovered that a former employee's account was used to access the customer database two weeks after the employee was terminated. The account had not been disabled. The database contains personally identifiable information (PII). The incident was traced to an internal IP address from the marketing department. The marketing department's network segment is not segregated from the database server. Additionally, the database server's firewall rules allow any internal IP to connect to the MySQL port (3306). The company has a written policy that accounts must be disabled within 24 hours of termination, but the HR department did not notify IT in a timely manner. Which combination of controls would BEST prevent a recurrence of this incident?

9

A company is implementing an access control system to protect sensitive data. Employees in the finance department must access financial records, but only during business hours and from company-issued devices. Which access control model best supports these requirements?

10

A security administrator is reviewing the principles of access control. Which TWO of the following are core components of the AAA framework? (Select TWO.)

11

Refer to the exhibit. A security analyst notices that a user with the Finance role is able to write to /finance/data from a macOS device at 10:00 AM. The policy shown is the only policy affecting this resource. What is the most likely reason for this behavior?

12

Drag and drop the steps to configure a static route on a Cisco IOS router into the correct order.

13

Drag and drop the steps to implement a firewall rule allowing inbound HTTPS traffic into the correct order.

14

Match each security control type to its description.

15

Match each authentication factor to an example.

16

A system administrator needs to grant a user the ability to read files in a specific folder but not modify them. Which access control principle should be applied?

17

A financial company requires that any transaction over $10,000 must be approved by two different managers before being processed. This is an example of which access control principle?

18

During a security audit, it is discovered that a contractor has access to customer databases that were not required for their project. Which step should be taken first to mitigate the risk?

19

An organization implements an access control system where users are assigned to groups, and permissions are granted to groups rather than individuals. This is known as:

20

A user reports that they are unable to access a shared network drive that they previously could access. The administrator checks permissions and finds the user's account is still a member of the correct group. What should the administrator check next?

21

In a defense-in-depth strategy, which access control mechanism provides the most granular control over user permissions?

22

Which access control model allows the owner of a resource to decide who can access it?

23

A system administrator notices that a user has been granted read and write permissions to a folder but should only have read access. Which type of access control issue does this represent?

24

When implementing a role-based access control (RBAC) system, what is the primary challenge organizations face?

25

An organization is implementing a new access control system based on the principle of least privilege. Which two of the following practices are essential to achieving least privilege? (Select TWO)

26

A security analyst is troubleshooting an access control issue where a user cannot access a file even though they seem to have the correct permissions. Which three of the following should the analyst investigate? (Select THREE)

27

Which two of the following are examples of physical access controls? (Select TWO)

28

Refer to the exhibit. The file is readable and writable by everyone. A user from the marketing team, user2, needs to be able to read the file but not write to it. Which command should the administrator use to achieve this?

29

Refer to the exhibit. A user from the Auditors group is unable to access the folder. What is the most likely cause?

30

Refer to the exhibit. A user with this policy tries to list objects in bucket1 but gets an access denied error. What is the most likely reason?

31

A company needs to enforce access based on attributes such as time of day and location. Which access control model is most appropriate?

32

An organization wants to ensure that no single employee can both request and approve a payment. Which access control principle does this enforce?

33

In a MAC environment implementing Bell-LaPadula, a subject with Secret clearance attempts to read an object classified as Confidential and write to an object classified as Top Secret. Which operations are permitted?

34

Which authentication factor does a smart card represent?

35

After a reorganization, a company using RBAC finds that many users have accumulated permissions that no longer align with their job functions. What is the best practice to address this?

36

In a Bell-LaPadula MAC model, which of the following operations is prohibited?

37

What is the primary purpose of identification in the context of access control?

38

Which component of the AAA framework determines what resources an authenticated user can access?

39

In a typical Windows environment, which access control model is used for managing file permissions?

40

Based on the exhibit, which statement about the access control list is true?

41

An IAM policy is shown in the exhibit. Which action is permitted for the attached user?

42

The exhibit shows recent authentication logs. What type of attack is most likely indicated?

43

Which TWO of the following are examples of physical access controls?

44

Which TWO scenarios best illustrate the principle of least privilege?

45

Which THREE components are part of the AAA framework?

46

A help desk technician needs to reset a user's password, but the security policy requires that the technician does not know the new password. Which access control concept prevents the technician from knowing the password?

47

An organization implements a policy where users must swipe their ID card and enter a PIN to access a secure room. This is an example of which access control principle?

48

After a security audit, a company discovers that several employees have access to financial systems that are not required for their job roles. Which access control model would best prevent this issue in the future?

49

A system administrator needs to grant a contractor temporary access to a server for patching. The contractor should only have access during the patching window. Which access control implementation method is most appropriate?

50

A company uses a mandatory access control (MAC) system where all files are labeled 'Confidential', 'Secret', or 'Top Secret'. A user with 'Secret' clearance tries to read a 'Top Secret' file. What is the outcome?

51

An organization wants to implement a system that enforces access decisions based on a user's attributes (e.g., department, clearance, time) and environmental conditions. Which model is best?

52

Which TWO are examples of technical access controls?

53

Which TWO are principles of access control?

54

Which THREE are examples of administrative access controls?

55

A financial firm has a data center with strict access controls. Employees must use smart cards and PINs to enter a mantrapped entrance. Recently, an unauthorized person gained access by following an employee through the mantrapped door (tailgating). The security team reviews logs and finds that the door was opened twice in quick succession, indicating tailgating occurred. The firm wants to implement a solution that prevents tailgating without slowing down authorized access. Which action should they take?

56

A hospital uses role-based access control (RBAC) for its electronic health records. Nurses can view patient records; doctors can view and edit; administrators can only view administrative data. Recently, a nurse was able to edit a patient's record, which should only be allowed for doctors. The investigation finds that the nurse's role was incorrectly assigned a 'doctor' role due to a misconfiguration. To prevent recurrence, the access control system should be reviewed. Which is the best long-term solution?

57

A small business uses a cloud file storage service that allows sharing links. An employee mistakenly shared a folder containing customer data via a public link. The business wants to prevent such incidents in the future without blocking legitimate sharing. Which access control method should they implement?

58

A government agency uses a multi-level security system with mandatory access control (MAC). A user with Secret clearance attempts to write data to a file classified as Confidential. Under the Bell-LaPadula model, which rule applies and what is the outcome?

Practice all 58 Access Controls Concepts questions

Other CC exam domains

Business Continuity, DR & Incident ResponseSecurity PrinciplesNetwork SecuritySecurity Operations

Frequently asked questions

What does the Access Controls Concepts domain cover on the CC exam?

The Access Controls Concepts domain covers the key concepts tested in this area of the CC exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CC domains — no account required.

How many Access Controls Concepts questions are in the CC question bank?

The Courseiva CC question bank contains 58 questions in the Access Controls Concepts domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Access Controls Concepts for CC?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Access Controls Concepts questions for CC?

Yes — the session launcher on this page draws questions exclusively from the Access Controls Concepts domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CC domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

SY0-701CISSPSSCP