C726 - REVIEW EXAM QUESTIONS WITH COMPLETE
SOLUTIONS AND VERIFIED ANSWERS 2025/2026
Background checks - ANSWER ->Administrative controls
Open Authentication (OAuth 2.0) - ANSWER ->identity
technology is an open request for comments (RFC) standard
that provides access delegation of online websites
Federated identity management (FIM) - ANSWER ->identity
management solution allows multiple organizations to share
identities based on a common method
credential management system - ANSWER ->solution that
allows employees to store usernames and passwords
Discretionary - ANSWER ->The vice president of a company
distributes corporate policies by emailing employees links to
the files. An IT professional needs to implement a solution that
,allows only the vice president to manage who can edit
corporate policies.
Which access control model should this professional
implement?
or
'
A company develops project management software. The design
requires the project manager to control access to the project
files.
Role Based - ANSWER ->A company wants only members of its
database administrator team to have administrative access to
all SQL server databases.
Which access control model should this company apply?
Mandatory - ANSWER ->A word-processing program uses
document labels to determine which users can access files. For
example, only members of the legal department can access files
labeled legal.
It uses classification of data or labels
,Access aggregation - ANSWER ->The collective entitlements
granted by multiple systems to one user; can lead to
authorization creep.
example
An attacker uses multiple websites to collect public information
and pieces together a profile to be used for identity
impersonation.
Side Channel - ANSWER ->type of attack that is passive and
noninvasive and intended to observe the operation of a device
Rule-based - ANSWER ->A company secures its network by
closing specific ports on its firewalls.
Attribute-based - ANSWER ->An organization plans to design
and implement a new IT architecture. The architecture should
be flexible, and the access-control management system should
use several different characteristics of users, the network, and
devices on the network.
Mandatory access control - ANSWER ->Which environment type
allows a user to gain access to objects using classification labels
in a compartmentalized environment
, What is a characteristic of discretionary access controls -
ANSWER ->Every object has an owner
Which framework achieves the needs of stakeholders and the
goals of an enterprise? - ANSWER ->Control objectives for
information and related technology (CoBIT)
Capability Maturity Model Integration (CMMI) - ANSWER ->
The Open Group Architecture Framework (TOGAF) - ANSWER ->
Payment card industry data security standard (PCI-DSS) -
ANSWER ->
Committee of Sponsoring Organizations of the Treadway
Commission (COSO) - ANSWER ->
Which description suggests that a process has reached the
highest level of maturity possible under capability maturity
model integration? - ANSWER ->The process is optimized, with
a focus on continuous improvement.
Which framework is focused solely on process and process
maturity and has five levels of maturity? - ANSWER ->CMMI
SOLUTIONS AND VERIFIED ANSWERS 2025/2026
Background checks - ANSWER ->Administrative controls
Open Authentication (OAuth 2.0) - ANSWER ->identity
technology is an open request for comments (RFC) standard
that provides access delegation of online websites
Federated identity management (FIM) - ANSWER ->identity
management solution allows multiple organizations to share
identities based on a common method
credential management system - ANSWER ->solution that
allows employees to store usernames and passwords
Discretionary - ANSWER ->The vice president of a company
distributes corporate policies by emailing employees links to
the files. An IT professional needs to implement a solution that
,allows only the vice president to manage who can edit
corporate policies.
Which access control model should this professional
implement?
or
'
A company develops project management software. The design
requires the project manager to control access to the project
files.
Role Based - ANSWER ->A company wants only members of its
database administrator team to have administrative access to
all SQL server databases.
Which access control model should this company apply?
Mandatory - ANSWER ->A word-processing program uses
document labels to determine which users can access files. For
example, only members of the legal department can access files
labeled legal.
It uses classification of data or labels
,Access aggregation - ANSWER ->The collective entitlements
granted by multiple systems to one user; can lead to
authorization creep.
example
An attacker uses multiple websites to collect public information
and pieces together a profile to be used for identity
impersonation.
Side Channel - ANSWER ->type of attack that is passive and
noninvasive and intended to observe the operation of a device
Rule-based - ANSWER ->A company secures its network by
closing specific ports on its firewalls.
Attribute-based - ANSWER ->An organization plans to design
and implement a new IT architecture. The architecture should
be flexible, and the access-control management system should
use several different characteristics of users, the network, and
devices on the network.
Mandatory access control - ANSWER ->Which environment type
allows a user to gain access to objects using classification labels
in a compartmentalized environment
, What is a characteristic of discretionary access controls -
ANSWER ->Every object has an owner
Which framework achieves the needs of stakeholders and the
goals of an enterprise? - ANSWER ->Control objectives for
information and related technology (CoBIT)
Capability Maturity Model Integration (CMMI) - ANSWER ->
The Open Group Architecture Framework (TOGAF) - ANSWER ->
Payment card industry data security standard (PCI-DSS) -
ANSWER ->
Committee of Sponsoring Organizations of the Treadway
Commission (COSO) - ANSWER ->
Which description suggests that a process has reached the
highest level of maturity possible under capability maturity
model integration? - ANSWER ->The process is optimized, with
a focus on continuous improvement.
Which framework is focused solely on process and process
maturity and has five levels of maturity? - ANSWER ->CMMI
