Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Free Resources

Difficulty IndexLearn — Free ChaptersIT GlossaryFree Tools & LabsStudy GuidesCareer RoadmapsBrowse by VendorCisco Command ReferenceCCNA Scenarios

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Access Controls Concepts practice sets

ISC2 CC Access Controls Concepts • Complete Question Bank

ISC2 CC Access Controls Concepts — All Questions With Answers

Complete ISC2 CC Access Controls Concepts question bank — all 0 questions with answers and detailed explanations.

110
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Access Controls Concepts/All Questions
Question 1easymultiple choice
Read the full Access Controls Concepts explanation →

Which principle ensures that users are granted only the minimum permissions necessary to perform their job functions?

Question 2mediummultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is reviewing physical access controls. Which control is considered an external perimeter security measure?

Question 3hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization implements a policy where no single employee can approve a financial transaction over $10,000; a second manager must also approve. This is an example of which access control principle?

Question 4easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a logical access control?

Question 5mediummultiple choice
Read the full Access Controls Concepts explanation →

According to NIST SP 800-63, which password policy is most recommended?

Question 6hardmultiple choice
Read the full Access Controls Concepts explanation →

A company wants to implement account lockout to prevent brute-force attacks. Which lockout threshold is most appropriate according to common best practices?

Question 7easymultiple choice
Read the full Access Controls Concepts explanation →

What is the process of claiming an identity called?

Question 8mediummultiple choice
Read the full Access Controls Concepts explanation →

An LDAP distinguished name (DN) is written as 'CN=John Smith,OU=Sales,DC=company,DC=com'. What does 'CN' represent?

Question 9mediummultiple choice
Read the full Access Controls Concepts explanation →

A security analyst notices that a user is accessing files in a department they do not work in. Which principle is being violated?

Question 10hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization uses a Privileged Access Management (PAM) solution. Which of the following is a primary benefit of PAM?

Question 11easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is a recommended practice for administrative accounts?

Question 12mediummultiple choice
Read the full Access Controls Concepts explanation →

A company implements a visitor management policy requiring all visitors to sign in, wear a badge, and be escorted. Which access control principle does this primarily support?

Question 13mediummulti select
Read the full Access Controls Concepts explanation →

A security administrator is configuring a session timeout policy. Which of the following are valid reasons for implementing session timeouts? (Choose TWO.)

Question 14hardmulti select
Read the full Access Controls Concepts explanation →

An organization is designing a defense-in-depth strategy for physical security. Which of the following are examples of layered physical controls? (Choose THREE.)

Question 15hardmulti select
Read the full Access Controls Concepts explanation →

A company is implementing separation of duties for financial transactions. Which of the following are examples of this principle? (Choose TWO.)

Question 16easymultiple choice
Read the full Access Controls Concepts explanation →

Which principle ensures that a user is granted only the permissions necessary to perform their job functions, thereby reducing the potential impact of a compromised account?

Question 17mediummultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is configuring a system to prevent unauthorized access after a user leaves their workstation unattended. Which access control mechanism should be implemented?

Question 18hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization wants to implement a physical access control that requires two different credentials to enter a high-security server room. Which concept does this best represent?

Question 19easymultiple choice
Read the full Access Controls Concepts explanation →

A company requires that financial transactions be approved by two different managers before execution. This is an example of which access control principle?

Question 20mediummultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is a recommended practice for password security according to NIST SP 800-63?

Question 21mediummultiple choice
Read the full Access Controls Concepts explanation →

A security analyst notices multiple failed login attempts from a single IP address within a short period. Which control would best mitigate this brute force attack?

Question 22hardmultiple choice
Read the full Access Controls Concepts explanation →

In a directory service such as Active Directory, which component is responsible for storing information about users, groups, and computers in a hierarchical structure?

Question 23mediummultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a logical access control?

Question 24easymultiple choice
Read the full Access Controls Concepts explanation →

What is the difference between identification and authentication?

Question 25mediummultiple choice
Read the full Access Controls Concepts explanation →

A system administrator has a regular user account for daily work and a separate account with elevated privileges. Which principle is being applied?

Question 26hardmultiple choice
Read the full Access Controls Concepts explanation →

An LDAP distinguished name is written as: CN=John Smith,OU=Sales,DC=company,DC=com. What do the 'OU' and 'DC' components represent?

Question 27easymultiple choice
Read the full Access Controls Concepts explanation →

Which type of access control is implemented by a cable lock attached to a laptop?

Question 28mediummulti select
Read the full Access Controls Concepts explanation →

A security team is designing a visitor management policy. Which TWO of the following are essential components? (Select TWO.)

Question 29hardmulti select
Read the full Access Controls Concepts explanation →

A company wants to implement defense in depth for its data center. Which THREE of the following controls should be included? (Select THREE.)

Question 30mediummulti select
Read the full Access Controls Concepts explanation →

Which TWO of the following are recommended practices for managing privileged accounts? (Select TWO.)

Question 31easymultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is configuring user permissions and ensures that each user has only the minimum rights needed to perform their job. Which access control principle is the administrator applying?

Question 32mediummultiple choice
Read the full Access Controls Concepts explanation →

A bank implements a policy that requires two different employees to approve any wire transfer over $10,000. One employee initiates the transfer, and another approves it. This is an example of which access control principle?

Question 33hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization uses a layered security approach: perimeter fencing, access badge readers at building entrances, biometric scanners in server rooms, and cable locks on laptops. This strategy best exemplifies which access control concept?

Question 34easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a logical access control?

Question 35mediummultiple choice
Read the full Access Controls Concepts explanation →

According to modern password guidance from NIST SP 800-63, which of the following is the most important factor when setting password requirements?

Question 36mediummultiple choice
Read the full Access Controls Concepts explanation →

An organization configures account lockout after 5 failed login attempts within 15 minutes. This control is designed to mitigate which type of attack?

Question 37hardmultiple choice
Read the full Access Controls Concepts explanation →

An employee is assigned a user account with read-only access to the sales database. However, the employee's job requires viewing only customer contact information, not sales figures. Which access control principle is being violated?

Question 38mediummultiple choice
Read the full Access Controls Concepts explanation →

In the context of identification and authentication, which of the following is an example of authentication?

Question 39easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following best describes the purpose of a session timeout?

Question 40hardmultiple choice
Read the full Access Controls Concepts explanation →

A system administrator uses a separate administrative account with elevated privileges only when performing system maintenance, and uses a standard user account for daily activities like email. This practice aligns with which principle?

Question 41mediummultiple choice
Read the full Access Controls Concepts explanation →

An organization uses Active Directory to manage user accounts. Which protocol does Active Directory primarily use to query and modify directory services?

Question 42mediummultiple choice
Read the full Access Controls Concepts explanation →

A visitor signs in at a company's reception, receives a badge, and is escorted throughout the building. This process is part of which type of access control?

Question 43mediummulti select
Read the full Access Controls Concepts explanation →

A security analyst is reviewing access control mechanisms. Which TWO of the following are examples of logical access controls? (Select two.)

Question 44hardmulti select
Read the full Access Controls Concepts explanation →

An organization is designing a privileged access management (PAM) solution. Which THREE of the following are best practices for managing privileged accounts? (Select three.)

Question 45mediummulti select
Read the full Access Controls Concepts explanation →

Which TWO of the following correctly describe components of a directory service distinguished name (DN) in LDAP? (Select two.)

Question 46easymultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is configuring user permissions and wants to ensure that each user has only the access rights necessary to perform their job. Which principle is being applied?

Question 47mediummultiple choice
Read the full Access Controls Concepts explanation →

An organization requires that financial transactions over $10,000 be approved by two different managers. This is an example of which access control principle?

Question 48hardmultiple choice
Read the full Access Controls Concepts explanation →

A security engineer is designing a physical security plan. Which combination of controls best represents defense in depth for a data center?

Question 49easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a logical access control?

Question 50mediummultiple choice
Read the full Access Controls Concepts explanation →

According to NIST SP 800-63, which password policy is most effective for user authentication?

Question 51mediummultiple choice
Read the full Access Controls Concepts explanation →

An account lockout policy is implemented to protect against which type of attack?

Question 52hardmultiple choice
Read the full Access Controls Concepts explanation →

In a directory service using LDAP, what is the distinguished name (DN) for a user named John Smith in the Sales organizational unit of the company domain company.com?

Question 53easymultiple choice
Read the full Access Controls Concepts explanation →

Which process involves verifying the identity of a user who claims to be a specific person?

Question 54mediummultiple choice
Read the full Access Controls Concepts explanation →

A company implements a policy where users must swipe their access card and then enter a PIN to enter the data center. This is an example of:

Question 55hardmultiple choice
Read the full Access Controls Concepts explanation →

An administrator configures a Group Policy Object (GPO) in Active Directory to enforce account lockout after 5 failed attempts within 15 minutes. Which type of control is this?

Question 56mediummultiple choice
Read the full Access Controls Concepts explanation →

What is the primary purpose of a Privileged Access Management (PAM) solution?

Question 57easymultiple choice
Read the full Access Controls Concepts explanation →

Which access control principle restricts access to data based on the user's job role and tasks?

Question 58mediummulti select
Read the full Access Controls Concepts explanation →

A security analyst is reviewing physical security controls. Which TWO are examples of perimeter physical controls? (Select TWO.)

Question 59hardmulti select
Read the full Access Controls Concepts explanation →

An organization is implementing a visitor management policy. Which THREE should be included? (Select THREE.)

Question 60hardmulti select
Read the full Access Controls Concepts explanation →

According to NIST SP 800-63 recommendations for password policies, which THREE practices are recommended? (Select THREE.)

Question 61easymultiple choice
Read the full Access Controls Concepts explanation →

Which access control principle ensures that a user is granted only the minimum permissions necessary to perform their job functions?

Question 62mediummultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is implementing controls to prevent a single employee from approving and disbursing payments. Which principle is being applied?

Question 63hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization implements a policy requiring employees to use a separate administrator account for privileged tasks and a different account for daily activities. Which principle does this support?

Question 64easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a physical access control at the building entrance?

Question 65mediummultiple choice
Read the full Access Controls Concepts explanation →

A company requires all visitors to sign in, wear a visible badge, and be escorted while on premises. This is an example of:

Question 66mediummultiple choice
Read the full Access Controls Concepts explanation →

According to NIST SP 800-63, which password policy is recommended to enhance security?

Question 67mediummultiple choice
Read the full Access Controls Concepts explanation →

An account lockout policy is designed to mitigate which type of attack?

Question 68hardmultiple choice
Read the full Access Controls Concepts explanation →

A session timeout automatically logs out a user after a period of inactivity. This control primarily protects against:

Question 69easymultiple choice
Read the full Access Controls Concepts explanation →

In the identification and authentication process, which step occurs first?

Question 70mediummultiple choice
Read the full Access Controls Concepts explanation →

An LDAP distinguished name (DN) is formatted as: CN=John Smith,OU=Sales,DC=company,DC=com. Which component represents the organizational unit?

Question 71hardmultiple choice
Read the full Access Controls Concepts explanation →

A Privileged Access Management (PAM) solution is used to:

Question 72hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization wants to ensure that even if an attacker compromises a user's account, the damage is limited. Which principle is most directly applied?

Question 73mediummulti select
Read the full Access Controls Concepts explanation →

A security analyst is reviewing physical security controls. Which TWO are considered layered physical security measures for external perimeter protection?

Question 74mediummulti select
Read the full Access Controls Concepts explanation →

Which THREE are recommended practices for password policies according to current guidelines?

Question 75hardmulti select
Read the full Access Controls Concepts explanation →

An organization wants to implement defense in depth for its server room. Which THREE controls should be included?

Question 76mediummultiple choice
Read the full Access Controls Concepts explanation →

A company implements a policy where no single employee can approve a purchase order over $10,000. Instead, two managers must jointly approve it. Which security principle does this practice exemplify?

Question 77easymultiple choice
Read the full Access Controls Concepts explanation →

An organization uses fencing, bollards, and lighting around the perimeter, guards at the main entrance, and biometric readers on server room doors. This approach is an example of:

Question 78hardmultiple choice
Read the full Access Controls Concepts explanation →

A security auditor discovers that a user's account has been granted full access to all financial databases, even though the user only needs to view quarterly reports. Which access control principle has been violated most directly?

Question 79mediummultiple choice
Read the full Access Controls Concepts explanation →

A company configures its firewall to block all inbound traffic except for specific necessary services. This approach aligns with which access control principle?

Question 80mediummultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is the primary purpose of a visitor log and escort policy?

Question 81hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization enforces a password policy requiring a minimum of 15 characters with no complexity requirements, and does not force periodic changes. This policy aligns with which current best practice?

Question 82easymultiple choice
Read the full Access Controls Concepts explanation →

Which of the following is an example of a logical access control?

Question 83mediummultiple choice
Read the full Access Controls Concepts explanation →

In Active Directory, a GPO is used to enforce a policy that automatically locks user sessions after 15 minutes of inactivity. This is an example of which type of access control?

Question 84mediummultiple choice
Read the full Access Controls Concepts explanation →

A user enters a username and password to access a system. Which phase of the access control process does entering the username represent?

Question 85hardmultiple choice
Read the full Access Controls Concepts explanation →

An LDAP distinguished name is formatted as: CN=John Smith,OU=Sales,DC=company,DC=com. What does OU represent?

Question 86easymultiple choice
Read the full Access Controls Concepts explanation →

Which account type is considered highest risk and should be protected with strict controls, including separate daily use accounts?

Question 87mediummultiple choice
Read the full Access Controls Concepts explanation →

An organisation implements an account lockout policy that locks an account after 5 failed login attempts within 15 minutes. This control is designed to prevent:

Question 88hardmulti select
Read the full Access Controls Concepts explanation →

A security architect is designing controls to protect a data center. Which TWO of the following are examples of physical access controls? (Select TWO.)

Question 89mediummulti select
Read the full Access Controls Concepts explanation →

Which THREE of the following are best practices for privileged account management? (Select THREE.)

Question 90mediummulti select
Read the full Access Controls Concepts explanation →

Which TWO of the following are components of the identification and authentication process? (Select TWO.)

Question 91easymultiple choice
Read the full Access Controls Concepts explanation →

A security administrator is configuring access rights for a new employee. Which principle ensures the employee is granted only the minimum permissions necessary to perform their job duties?

Question 92easymultiple choice
Read the full Access Controls Concepts explanation →

An organization requires that a financial transaction must be initiated by one employee and approved by a manager before processing. Which access control principle does this enforce?

Question 93mediummultiple choice
Read the full Access Controls Concepts explanation →

A system administrator has an account with full administrative privileges. To reduce risk, the organization implements a policy requiring the admin to use a separate, non-privileged account for daily tasks like email and web browsing. This practice aligns with which principle?

Question 94mediummultiple choice
Read the full Access Controls Concepts explanation →

A company's physical security includes fencing, security guards, access badges, and biometric locks on server room doors. This layered approach is an example of which access control concept?

Question 95mediummultiple choice
Read the full Access Controls Concepts explanation →

In a directory service like Active Directory, which component is used to organize users, groups, and computers into a hierarchical structure for applying policies?

Question 96hardmultiple choice
Read the full Access Controls Concepts explanation →

An organization's password policy requires passwords to be at least 8 characters long and prohibits common passwords found in breach databases. This policy aligns with which guideline?

Question 97hardmultiple choice
Read the full Access Controls Concepts explanation →

A security analyst notices repeated failed login attempts from a single IP address. The account is locked after 10 failed attempts. This is an example of which type of control?

Question 98mediummultiple choice
Read the full Access Controls Concepts explanation →

An employee uses their username to claim an identity and then enters a password to prove it. What is the term for the process of proving the claimed identity?

Question 99easymultiple choice
Read the full Access Controls Concepts explanation →

A visitor enters a company building and is required to sign in, present identification, and wear a visitor badge. This is an example of which type of access control?

Question 100hardmultiple choice
Read the full Access Controls Concepts explanation →

In an LDAP directory, an entry is represented as 'CN=John Smith,OU=Sales,DC=company,DC=com'. What does 'CN' stand for?

Question 101mediummulti select
Read the full Access Controls Concepts explanation →

A security administrator is implementing controls to protect a server room. Which TWO physical security layers should be included as part of a defense-in-depth strategy? (Select TWO.)

Question 102easymulti select
Read the full Access Controls Concepts explanation →

Which TWO are examples of logical access controls? (Select TWO.)

Question 103mediummulti select
Read the full Access Controls Concepts explanation →

Which THREE are key components of Active Directory? (Select THREE.)

Question 104hardmulti select
Read the full Access Controls Concepts explanation →

A security architect is designing an access control policy based on the principle of need-to-know. Which TWO practices support this principle? (Select TWO.)

Question 105mediummulti select
Read the full Access Controls Concepts explanation →

Which THREE are best practices for password management according to modern guidelines? (Select THREE.)

Question 106mediummulti select
Read the full Access Controls Concepts explanation →

A security auditor is reviewing access controls at a financial institution. The auditor identifies a scenario where one employee can initiate a payment transaction, and the same employee can also approve it. Which access control principle is being violated, and what is the primary risk?

Question 107mediummulti select
Read the full Access Controls Concepts explanation →

A company's security policy requires that employees use only the minimum permissions needed to perform their job functions. This practice reduces the potential impact if an account is compromised. Which TWO access control principles are being applied?

Question 108hardmulti select
Read the full Access Controls Concepts explanation →

An organization wants to implement layered physical security for its data center. Which THREE of the following controls would be considered part of a defense-in-depth physical security strategy?

Question 109mediummulti select
Read the full Access Controls Concepts explanation →

A system administrator is configuring account lockout policies to mitigate brute-force attacks. Which TWO settings are most critical for this purpose?

Question 110easymulti select
Read the full Access Controls Concepts explanation →

An employee claims to have accessed a confidential document that is not related to their job role. The security team investigates and finds that the employee's account had read access to the folder containing the document. Which TWO access control concepts were likely violated?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 25 Questions→ISC2 CC Practice Test 2 — 25 Questions→ISC2 CC Practice Test 3 — 25 Questions→ISC2 CC Practice Test 4 — 25 Questions→ISC2 CC Practice Test 5 — 25 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Security PrinciplesBusiness Continuity, Disaster Recovery, and Incident ResponseAccess Controls ConceptsSecurity OperationsNetwork SecurityBusiness Continuity, DR & Incident Response

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Access Controls Concepts setsAll Access Controls Concepts questionsISC2 CC Practice Hub