Which policy defines the resources being protected and the rules that control access to them?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which policy defines the resources being protected and the rules that control access to them?

Explanation:
Defining what needs protection and who may access it is the job of an access control policy. This policy lists the resources that must be safeguarded—like files, databases, devices, and services—and it specifies the authorization rules that determine who can access those resources, what kind of access they have (read, write, execute), and under what conditions (roles, groups, attributes, time windows, location, or multi-factor requirements). It guides how access is enforced and audited, and it embodies principles such as least privilege and need-to-know. Remote-Access Policy, by contrast, focuses on securing connections from remote locations and may cover authentication methods and VPN requirements, but it doesn’t define all protected resources and the full set of access rules for internal resources. User-Account Policy deals with how accounts are created, managed, and decommissioned, including password policies, rather than detailing what resources exist and how access to them is controlled. Information-Protection Policy covers data handling, classification, encryption, and protection measures, not the specific access-control rules for resources.

Defining what needs protection and who may access it is the job of an access control policy. This policy lists the resources that must be safeguarded—like files, databases, devices, and services—and it specifies the authorization rules that determine who can access those resources, what kind of access they have (read, write, execute), and under what conditions (roles, groups, attributes, time windows, location, or multi-factor requirements). It guides how access is enforced and audited, and it embodies principles such as least privilege and need-to-know.

Remote-Access Policy, by contrast, focuses on securing connections from remote locations and may cover authentication methods and VPN requirements, but it doesn’t define all protected resources and the full set of access rules for internal resources. User-Account Policy deals with how accounts are created, managed, and decommissioned, including password policies, rather than detailing what resources exist and how access to them is controlled. Information-Protection Policy covers data handling, classification, encryption, and protection measures, not the specific access-control rules for resources.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy