CERTIFIED BUILDING OFFICIAL MM
MANAGEMENT PRACTICE EXAM 2026
QUESTIONS WITH FULL SOLUTIONS GRADED
A+
● Authorization - Determines whether a user is permitted to access a
particular resource. NIST 800-82
● Connected Tokens - Must be physically connected to the computer
with which the user is authenticating.
● Contactless Tokens - Form a logical connection to the client computer
but do not require a physical connection.
● Compensating controls - Introduced when the existing capabilities of a
system do not support the requirements of a policy.
● Corrective control - These controls remedy the circumstances that
enabled unwarranted activity, and/or return conditions to where they
were prior to the unwanted activity.
, ● Disconnected Tokens - Have neither a physical nor logical connection
to the client computer.
● Deterrent control - Controls that prescribe some sort of punishment,
ranging from embarrassment to job termination or jail time for
noncompliance. Their intent is to dissuade people from performing
unwanted acts.
● Directive control - Controls dictated by organizational and legal
authorities.
● Entitlement - A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what
purpose.
● False Accept (Type II) - Incorrectly identifying an unauthorized entity
as valid.
● False Reject (Type I) - Incorrectly identifying an authorized entity as
invalid.
● Identity Management - The many different functions or activities used
by an organization to validate, control, update, and establish access
permissions for identities associated with an entity which seeks to have
an association or relationship with an organization. This may include
identity proofing, generation of user identities within the organization's
MANAGEMENT PRACTICE EXAM 2026
QUESTIONS WITH FULL SOLUTIONS GRADED
A+
● Authorization - Determines whether a user is permitted to access a
particular resource. NIST 800-82
● Connected Tokens - Must be physically connected to the computer
with which the user is authenticating.
● Contactless Tokens - Form a logical connection to the client computer
but do not require a physical connection.
● Compensating controls - Introduced when the existing capabilities of a
system do not support the requirements of a policy.
● Corrective control - These controls remedy the circumstances that
enabled unwarranted activity, and/or return conditions to where they
were prior to the unwanted activity.
, ● Disconnected Tokens - Have neither a physical nor logical connection
to the client computer.
● Deterrent control - Controls that prescribe some sort of punishment,
ranging from embarrassment to job termination or jail time for
noncompliance. Their intent is to dissuade people from performing
unwanted acts.
● Directive control - Controls dictated by organizational and legal
authorities.
● Entitlement - A set of rules, defined by the resource owner, for
managing access to a resource (asset, service, or entity) and for what
purpose.
● False Accept (Type II) - Incorrectly identifying an unauthorized entity
as valid.
● False Reject (Type I) - Incorrectly identifying an authorized entity as
invalid.
● Identity Management - The many different functions or activities used
by an organization to validate, control, update, and establish access
permissions for identities associated with an entity which seeks to have
an association or relationship with an organization. This may include
identity proofing, generation of user identities within the organization's
