Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCCDomainsAccess Controls Concepts
CCFree — No Signup

Access Controls Concepts

Practice CC Access Controls Concepts questions with full explanations on every answer.

110questions

Start practicing

Access Controls Concepts — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

CC Domains

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice Access Controls Concepts questions

10Q20Q30Q50Q

All CC Access Controls Concepts questions (110)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

Which principle ensures that users are granted only the minimum permissions necessary to perform their job functions?

2

A security administrator is reviewing physical access controls. Which control is considered an external perimeter security measure?

3

An organization implements a policy where no single employee can approve a financial transaction over $10,000; a second manager must also approve. This is an example of which access control principle?

4

Which of the following is an example of a logical access control?

5

According to NIST SP 800-63, which password policy is most recommended?

6

A company wants to implement account lockout to prevent brute-force attacks. Which lockout threshold is most appropriate according to common best practices?

7

What is the process of claiming an identity called?

8

An LDAP distinguished name (DN) is written as 'CN=John Smith,OU=Sales,DC=company,DC=com'. What does 'CN' represent?

9

A security analyst notices that a user is accessing files in a department they do not work in. Which principle is being violated?

10

An organization uses a Privileged Access Management (PAM) solution. Which of the following is a primary benefit of PAM?

11

Which of the following is a recommended practice for administrative accounts?

12

A company implements a visitor management policy requiring all visitors to sign in, wear a badge, and be escorted. Which access control principle does this primarily support?

13

A security administrator is configuring a session timeout policy. Which of the following are valid reasons for implementing session timeouts? (Choose TWO.)

14

An organization is designing a defense-in-depth strategy for physical security. Which of the following are examples of layered physical controls? (Choose THREE.)

15

A company is implementing separation of duties for financial transactions. Which of the following are examples of this principle? (Choose TWO.)

16

Which principle ensures that a user is granted only the permissions necessary to perform their job functions, thereby reducing the potential impact of a compromised account?

17

A security administrator is configuring a system to prevent unauthorized access after a user leaves their workstation unattended. Which access control mechanism should be implemented?

18

An organization wants to implement a physical access control that requires two different credentials to enter a high-security server room. Which concept does this best represent?

19

A company requires that financial transactions be approved by two different managers before execution. This is an example of which access control principle?

20

Which of the following is a recommended practice for password security according to NIST SP 800-63?

21

A security analyst notices multiple failed login attempts from a single IP address within a short period. Which control would best mitigate this brute force attack?

22

In a directory service such as Active Directory, which component is responsible for storing information about users, groups, and computers in a hierarchical structure?

23

Which of the following is an example of a logical access control?

24

What is the difference between identification and authentication?

25

A system administrator has a regular user account for daily work and a separate account with elevated privileges. Which principle is being applied?

26

An LDAP distinguished name is written as: CN=John Smith,OU=Sales,DC=company,DC=com. What do the 'OU' and 'DC' components represent?

27

Which type of access control is implemented by a cable lock attached to a laptop?

28

A security team is designing a visitor management policy. Which TWO of the following are essential components? (Select TWO.)

29

A company wants to implement defense in depth for its data center. Which THREE of the following controls should be included? (Select THREE.)

30

Which TWO of the following are recommended practices for managing privileged accounts? (Select TWO.)

31

A security administrator is configuring user permissions and ensures that each user has only the minimum rights needed to perform their job. Which access control principle is the administrator applying?

32

A bank implements a policy that requires two different employees to approve any wire transfer over $10,000. One employee initiates the transfer, and another approves it. This is an example of which access control principle?

33

An organization uses a layered security approach: perimeter fencing, access badge readers at building entrances, biometric scanners in server rooms, and cable locks on laptops. This strategy best exemplifies which access control concept?

34

Which of the following is an example of a logical access control?

35

According to modern password guidance from NIST SP 800-63, which of the following is the most important factor when setting password requirements?

36

An organization configures account lockout after 5 failed login attempts within 15 minutes. This control is designed to mitigate which type of attack?

37

An employee is assigned a user account with read-only access to the sales database. However, the employee's job requires viewing only customer contact information, not sales figures. Which access control principle is being violated?

38

In the context of identification and authentication, which of the following is an example of authentication?

39

Which of the following best describes the purpose of a session timeout?

40

A system administrator uses a separate administrative account with elevated privileges only when performing system maintenance, and uses a standard user account for daily activities like email. This practice aligns with which principle?

41

An organization uses Active Directory to manage user accounts. Which protocol does Active Directory primarily use to query and modify directory services?

42

A visitor signs in at a company's reception, receives a badge, and is escorted throughout the building. This process is part of which type of access control?

43

A security analyst is reviewing access control mechanisms. Which TWO of the following are examples of logical access controls? (Select two.)

44

An organization is designing a privileged access management (PAM) solution. Which THREE of the following are best practices for managing privileged accounts? (Select three.)

45

Which TWO of the following correctly describe components of a directory service distinguished name (DN) in LDAP? (Select two.)

46

A security administrator is configuring user permissions and wants to ensure that each user has only the access rights necessary to perform their job. Which principle is being applied?

47

An organization requires that financial transactions over $10,000 be approved by two different managers. This is an example of which access control principle?

48

A security engineer is designing a physical security plan. Which combination of controls best represents defense in depth for a data center?

49

Which of the following is an example of a logical access control?

50

According to NIST SP 800-63, which password policy is most effective for user authentication?

51

An account lockout policy is implemented to protect against which type of attack?

52

In a directory service using LDAP, what is the distinguished name (DN) for a user named John Smith in the Sales organizational unit of the company domain company.com?

53

Which process involves verifying the identity of a user who claims to be a specific person?

54

A company implements a policy where users must swipe their access card and then enter a PIN to enter the data center. This is an example of:

55

An administrator configures a Group Policy Object (GPO) in Active Directory to enforce account lockout after 5 failed attempts within 15 minutes. Which type of control is this?

56

What is the primary purpose of a Privileged Access Management (PAM) solution?

57

Which access control principle restricts access to data based on the user's job role and tasks?

58

A security analyst is reviewing physical security controls. Which TWO are examples of perimeter physical controls? (Select TWO.)

59

An organization is implementing a visitor management policy. Which THREE should be included? (Select THREE.)

60

According to NIST SP 800-63 recommendations for password policies, which THREE practices are recommended? (Select THREE.)

61

Which access control principle ensures that a user is granted only the minimum permissions necessary to perform their job functions?

62

A security administrator is implementing controls to prevent a single employee from approving and disbursing payments. Which principle is being applied?

63

An organization implements a policy requiring employees to use a separate administrator account for privileged tasks and a different account for daily activities. Which principle does this support?

64

Which of the following is an example of a physical access control at the building entrance?

65

A company requires all visitors to sign in, wear a visible badge, and be escorted while on premises. This is an example of:

66

According to NIST SP 800-63, which password policy is recommended to enhance security?

67

An account lockout policy is designed to mitigate which type of attack?

68

A session timeout automatically logs out a user after a period of inactivity. This control primarily protects against:

69

In the identification and authentication process, which step occurs first?

70

An LDAP distinguished name (DN) is formatted as: CN=John Smith,OU=Sales,DC=company,DC=com. Which component represents the organizational unit?

71

A Privileged Access Management (PAM) solution is used to:

72

An organization wants to ensure that even if an attacker compromises a user's account, the damage is limited. Which principle is most directly applied?

73

A security analyst is reviewing physical security controls. Which TWO are considered layered physical security measures for external perimeter protection?

74

Which THREE are recommended practices for password policies according to current guidelines?

75

An organization wants to implement defense in depth for its server room. Which THREE controls should be included?

76

A company implements a policy where no single employee can approve a purchase order over $10,000. Instead, two managers must jointly approve it. Which security principle does this practice exemplify?

77

An organization uses fencing, bollards, and lighting around the perimeter, guards at the main entrance, and biometric readers on server room doors. This approach is an example of:

78

A security auditor discovers that a user's account has been granted full access to all financial databases, even though the user only needs to view quarterly reports. Which access control principle has been violated most directly?

79

A company configures its firewall to block all inbound traffic except for specific necessary services. This approach aligns with which access control principle?

80

Which of the following is the primary purpose of a visitor log and escort policy?

81

An organization enforces a password policy requiring a minimum of 15 characters with no complexity requirements, and does not force periodic changes. This policy aligns with which current best practice?

82

Which of the following is an example of a logical access control?

83

In Active Directory, a GPO is used to enforce a policy that automatically locks user sessions after 15 minutes of inactivity. This is an example of which type of access control?

84

A user enters a username and password to access a system. Which phase of the access control process does entering the username represent?

85

An LDAP distinguished name is formatted as: CN=John Smith,OU=Sales,DC=company,DC=com. What does OU represent?

86

Which account type is considered highest risk and should be protected with strict controls, including separate daily use accounts?

87

An organisation implements an account lockout policy that locks an account after 5 failed login attempts within 15 minutes. This control is designed to prevent:

88

A security architect is designing controls to protect a data center. Which TWO of the following are examples of physical access controls? (Select TWO.)

89

Which THREE of the following are best practices for privileged account management? (Select THREE.)

90

Which TWO of the following are components of the identification and authentication process? (Select TWO.)

91

A security administrator is configuring access rights for a new employee. Which principle ensures the employee is granted only the minimum permissions necessary to perform their job duties?

92

An organization requires that a financial transaction must be initiated by one employee and approved by a manager before processing. Which access control principle does this enforce?

93

A system administrator has an account with full administrative privileges. To reduce risk, the organization implements a policy requiring the admin to use a separate, non-privileged account for daily tasks like email and web browsing. This practice aligns with which principle?

94

A company's physical security includes fencing, security guards, access badges, and biometric locks on server room doors. This layered approach is an example of which access control concept?

95

In a directory service like Active Directory, which component is used to organize users, groups, and computers into a hierarchical structure for applying policies?

96

An organization's password policy requires passwords to be at least 8 characters long and prohibits common passwords found in breach databases. This policy aligns with which guideline?

97

A security analyst notices repeated failed login attempts from a single IP address. The account is locked after 10 failed attempts. This is an example of which type of control?

98

An employee uses their username to claim an identity and then enters a password to prove it. What is the term for the process of proving the claimed identity?

99

A visitor enters a company building and is required to sign in, present identification, and wear a visitor badge. This is an example of which type of access control?

100

In an LDAP directory, an entry is represented as 'CN=John Smith,OU=Sales,DC=company,DC=com'. What does 'CN' stand for?

101

A security administrator is implementing controls to protect a server room. Which TWO physical security layers should be included as part of a defense-in-depth strategy? (Select TWO.)

102

Which TWO are examples of logical access controls? (Select TWO.)

103

Which THREE are key components of Active Directory? (Select THREE.)

104

A security architect is designing an access control policy based on the principle of need-to-know. Which TWO practices support this principle? (Select TWO.)

105

Which THREE are best practices for password management according to modern guidelines? (Select THREE.)

106

A security auditor is reviewing access controls at a financial institution. The auditor identifies a scenario where one employee can initiate a payment transaction, and the same employee can also approve it. Which access control principle is being violated, and what is the primary risk?

107

A company's security policy requires that employees use only the minimum permissions needed to perform their job functions. This practice reduces the potential impact if an account is compromised. Which TWO access control principles are being applied?

108

An organization wants to implement layered physical security for its data center. Which THREE of the following controls would be considered part of a defense-in-depth physical security strategy?

109

A system administrator is configuring account lockout policies to mitigate brute-force attacks. Which TWO settings are most critical for this purpose?

110

An employee claims to have accessed a confidential document that is not related to their job role. The security team investigates and finds that the employee's account had read access to the folder containing the document. Which TWO access control concepts were likely violated?

Practice all 110 Access Controls Concepts questions

Other CC exam domains

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Frequently asked questions

What does the Access Controls Concepts domain cover on the CC exam?

The Access Controls Concepts domain covers the key concepts tested in this area of the CC exam blueprint published by ISC2. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all CC domains — no account required.

How many Access Controls Concepts questions are in the CC question bank?

The Courseiva CC question bank contains 110 questions in the Access Controls Concepts domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice Access Controls Concepts for CC?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only Access Controls Concepts questions for CC?

Yes — the session launcher on this page draws questions exclusively from the Access Controls Concepts domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your CC domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide

Related Exams

SY0-701CISSPSSCP