CCNA Sscp Access Controls Questions

6 of 81 questions · Page 2/2 · Sscp Access Controls topic · Answers revealed

76
Multi-Selectmedium

An organization is implementing a privileged access management (PAM) solution. Which THREE of the following are common PAM capabilities?

Select 3 answers
A.Just-in-time (JIT) provisioning of privileged access
B.Single sign-on for all applications
C.Password vaulting for storing privileged credentials securely
D.Self-service password reset for end users
E.Recording and monitoring of privileged sessions
AnswersA, C, E

JIT provisioning grants temporary elevated privileges, reducing risk.

Why this answer

PAM includes password vaulting, session recording, and just-in-time provisioning to secure privileged accounts.

77
MCQeasy

Which access control model allows the owner of a resource to determine who can access it and what privileges they have?

A.Mandatory Access Control (MAC)
B.Attribute-Based Access Control (ABAC)
C.Discretionary Access Control (DAC)
D.Role-Based Access Control (RBAC)
AnswerC

DAC enables owners to grant access to others.

Why this answer

DAC (Discretionary Access Control) lets the owner control access permissions. Other models have different control mechanisms.

78
Multi-Selecteasy

A company is implementing an access control system for a high-security environment. Which TWO of the following are characteristics of Mandatory Access Control (MAC)?

Select 2 answers
A.Permissions are assigned to roles.
B.Access rules are defined by the system, not users.
C.Users can grant access to other users.
D.Subjects and objects have security labels.
E.Access is based on the owner's discretion.
AnswersB, D

MAC policies are centrally enforced.

Why this answer

MAC uses labels for subjects and objects, and access decisions are based on clearance and classification. Users cannot change permissions.

79
MCQhard

An organization implements a Privileged Access Management (PAM) solution. Which capability best describes granting temporary administrative rights just when needed?

A.Session recording
B.Just-in-time provisioning
C.Password vaulting
D.Role mining
AnswerB

JIT provisioning grants privileged access for a limited time and automatically revokes it.

Why this answer

Just-in-time (JIT) provisioning provides temporary elevated privileges that expire after use, reducing the attack surface.

80
Multi-Selecthard

A security architect is designing an access control system for a healthcare application that requires fine-grained access decisions based on user role, location, time of day, and patient consent. Which TWO access control models are best suited for this requirement?

Select 2 answers
A.Role-Based Access Control (RBAC) with constraints
B.Discretionary Access Control (DAC)
C.Non-Discretionary Access Control
D.Mandatory Access Control (MAC)
E.Attribute-Based Access Control (ABAC)
AnswersA, E

RBAC can incorporate constraints like time and location via role activation conditions.

Why this answer

ABAC (Attribute-Based Access Control) is designed for fine-grained policies using multiple attributes. RBAC can also be extended with constraints (e.g., time-of-day, location) to achieve similar results, though ABAC is more flexible. MAC is too rigid, DAC is too coarse, and non-discretionary is a broad term.

81
MCQmedium

Which federated identity protocol uses XML-based assertions and provides single sign-on across different security domains?

A.Kerberos
B.OAuth 2.0
C.OpenID Connect
D.SAML
AnswerD

SAML is XML-based for federated SSO.

Why this answer

SAML uses XML assertions to exchange authentication and authorization data between an identity provider and a service provider.

← PreviousPage 2 of 2 · 81 questions total

Ready to test yourself?

Try a timed practice session using only Sscp Access Controls questions.