CND - Module 3 Exam Questions with Correct Answers Latest Update 2025-2026
What are the three elements of network security? - Answers Network Security Controls, Network
Security Protocols, Network Security Devices
What are network security controls? - Answers The security features that should be
appropriately configured and implemented to ensure network security. The cornerstones of any
systematic discipline of security. Security controls work together to allow or restrict access to
organization's resources based on identity management.
What are network security protocols? - Answers Protocols implement security related
operations to ensure the security and integrity of data in transit. Ensure the security of data
passing through the network. Implement methods that restrict unauthorized users from
accessing the network. Use encryption and cryptographic techniques to maintain security of
messages passing through the network.
What are network security devices? - Answers Devices that are deployed to protect computer
networks from unwanted traffic and threats. These devices can be categorized into active
devices, passive devices, and preventative devices. Also consists of UTM, which combines
features of all the devices.
What are the 7 network security controls? - Answers Access Control, Identification,
Authentication, Authorization, Accounting, Cryptography, Security Policy
What are access controls? - Answers The selective restriction of access to a place or other
system/network resource. Protects information assets by determining who can an cannot
access them. Involves user identification, authentication, authorization, and accountability.
Method for reducing the risk of data getting affected by providing limited access to users for
accessing computer resources. Helps maintain integrity, confidentiality, and availability of
information. Grants permissions based on user's access permissions and associated roles.
Includes file permissions, program permissions, and data rights.
What are the 4 main access control terms? - Answers Subject, Object, Reference Monitor,
Operation
What is an access control subject? - Answers User or process, which attempts to access the
objects. Subjects are those entities that perform certain actions on the system.
What is an access control object? - Answers An explicit resource on which access restriction is
imposed. Access controls implemented on the objects further control actions performed by the
user.
What is an access control reference monitor? - Answers Monitors the restrictions imposed
according to certain access control rules. Implements a set of rules on the ability of the subject
to perform certain actions on the object.
,What is an access control operation? - Answers An action performed by the subject on the
object. For example, user trying to delete a file. Here, the user is the subject, delete is the
operation, and file is the object.
What are the access control principles? What are the general steps in access control? - Answers
Deals with restricting or allowing the access controls to users or processes. Step 1. Users have
user have to provide their credentials while logging into the system. Step 2. System validates
users with the provided credentials such as password, fingerprint, etc. with the database. Step 3.
Once the identification is successful, the system provides the user with access to the system. 4.
The system then allows the user to perform only those operations or access only those
resources for which the user is authorized.
what are the 3 main parts for an access control instruction? - Answers Target - Permissions are
set for certain attributes and entities. These attributes and entities are known as targets.
Permissions - Permissions set for the target explains the actions allowed or denied for those
targets. Bind Rule - Specifies the subject to access control instructions.
What are the 9 administrative access controls? - Answers Security Policy, Monitoring and
supervising, Separation of duties, Job rotation, Information classification, Personnel procedures,
Investigations, Testing, Security awareness and training.
What is security policy and procedure (access controls)? - Answers Determine the method of
implementing security practices in an organization. These specify the extent to which the
company can accept a risk and specifies the level of actions allows in the organization.
What is personnel controls/procedures (access controls)? - Answers Determine the methods by
which employees may handle the security principles. Personnel controls specify the steps taken
in the case of any non-compliance issue. The change of security determines the steps taken
right from the hiring of an employee until the employee leaves or shift to any other department.
What is supervisory structure (access controls)? - Answers Supervisory structure consists of
members that are responsible for the actions performed by the other employees in the
organization in the context of security.
What is security awareness and training (access controls)? - Answers Trains employees I an
organization about the importance of access control. The training assists the employees to limit
the attacks in the network and assists them in detecting and controlling the viruses and worms.
What is testing (access controls)? - Answers Testing of the access controls brings out the
weaknesses in the network, checks if all the access controls are working properly and evaluate
the procedures and policies aligned for the proper functioning of the organization.
What is job rotation (access controls)? - Answers Job rotation improves error detection and
fraud disclosures. Job rotation policy along with separation of duties is a good administrative
access control. However, job rotation prevents employees to take up multiple roles at a time,
, which adds overhead to access control system. One needs to be aware of the impact of job
rotation on access control system.
What is separation of duties (access controls)? - Answers Separation of duties comes into play
when a single operation requires more than one person to complete it. When one individual is
responsible for completing a task, it gives them more power and the security risk is high.
Whereas, if the same task is accomplished by a team of people, proper checks and balances are
maintained and there is less chance for errors.
What is information classification (access controls)? - Answers Implementing access control is
impossible without information classification. The information can be classified as: public,
private, secret, proprietary, confidential, etc. Process of information classification: 1.
Understand data classification project goals. 2. Build data classification policy. 3. Build data
classification standards. 4. Create tools to support the process. 5. Determine application
owners. 6. Determine data owners and data owner delegates. 7. Categorize information. 8.
Define the audit process. 9. Save information in a repository. 10. Give user training. 11. Review
and update information classification at regular intervals.
What is investigation (access controls)? - Answers Investigate the logs for all doubtful activities
and violations and make a report for further actions. Investigate unexpected information system
related activities. Study the investigations periodically and make changes to access
authorizations.
What is a physical access control? - Answers A set of security measures taken to prevent
authorized access to physical devices.
What are the 10 common physical security controls? - Answers Fences, Locks, Badge system,
Security guard, Biometric system, Mantrap doors, Lighting, Motion detectors, Closed-circuit TVs,
Alarms
What are the 3 physical access control categories? - Answers Prevention Access Controls,
Deterrence Controls, Detection Controls
What are prevention access controls? - Answers Used to prevent unwanted or unauthorized
access to resources. Such as fences, locks, biometrics, mantraps, etc.
Wha are deterrence controls? - Answers Used to discourage violation of security policies. Such
as security guards, warning signs, etc.
What are detection controls? - Answers Used to detected unauthorized access attempts. Such
as CCTVs, alarms, etc.
What is a technical access control? - Answers A set of security measures taken to ensure
confidentiality, integrity, and availability of the resources.
What are the three elements of network security? - Answers Network Security Controls, Network
Security Protocols, Network Security Devices
What are network security controls? - Answers The security features that should be
appropriately configured and implemented to ensure network security. The cornerstones of any
systematic discipline of security. Security controls work together to allow or restrict access to
organization's resources based on identity management.
What are network security protocols? - Answers Protocols implement security related
operations to ensure the security and integrity of data in transit. Ensure the security of data
passing through the network. Implement methods that restrict unauthorized users from
accessing the network. Use encryption and cryptographic techniques to maintain security of
messages passing through the network.
What are network security devices? - Answers Devices that are deployed to protect computer
networks from unwanted traffic and threats. These devices can be categorized into active
devices, passive devices, and preventative devices. Also consists of UTM, which combines
features of all the devices.
What are the 7 network security controls? - Answers Access Control, Identification,
Authentication, Authorization, Accounting, Cryptography, Security Policy
What are access controls? - Answers The selective restriction of access to a place or other
system/network resource. Protects information assets by determining who can an cannot
access them. Involves user identification, authentication, authorization, and accountability.
Method for reducing the risk of data getting affected by providing limited access to users for
accessing computer resources. Helps maintain integrity, confidentiality, and availability of
information. Grants permissions based on user's access permissions and associated roles.
Includes file permissions, program permissions, and data rights.
What are the 4 main access control terms? - Answers Subject, Object, Reference Monitor,
Operation
What is an access control subject? - Answers User or process, which attempts to access the
objects. Subjects are those entities that perform certain actions on the system.
What is an access control object? - Answers An explicit resource on which access restriction is
imposed. Access controls implemented on the objects further control actions performed by the
user.
What is an access control reference monitor? - Answers Monitors the restrictions imposed
according to certain access control rules. Implements a set of rules on the ability of the subject
to perform certain actions on the object.
,What is an access control operation? - Answers An action performed by the subject on the
object. For example, user trying to delete a file. Here, the user is the subject, delete is the
operation, and file is the object.
What are the access control principles? What are the general steps in access control? - Answers
Deals with restricting or allowing the access controls to users or processes. Step 1. Users have
user have to provide their credentials while logging into the system. Step 2. System validates
users with the provided credentials such as password, fingerprint, etc. with the database. Step 3.
Once the identification is successful, the system provides the user with access to the system. 4.
The system then allows the user to perform only those operations or access only those
resources for which the user is authorized.
what are the 3 main parts for an access control instruction? - Answers Target - Permissions are
set for certain attributes and entities. These attributes and entities are known as targets.
Permissions - Permissions set for the target explains the actions allowed or denied for those
targets. Bind Rule - Specifies the subject to access control instructions.
What are the 9 administrative access controls? - Answers Security Policy, Monitoring and
supervising, Separation of duties, Job rotation, Information classification, Personnel procedures,
Investigations, Testing, Security awareness and training.
What is security policy and procedure (access controls)? - Answers Determine the method of
implementing security practices in an organization. These specify the extent to which the
company can accept a risk and specifies the level of actions allows in the organization.
What is personnel controls/procedures (access controls)? - Answers Determine the methods by
which employees may handle the security principles. Personnel controls specify the steps taken
in the case of any non-compliance issue. The change of security determines the steps taken
right from the hiring of an employee until the employee leaves or shift to any other department.
What is supervisory structure (access controls)? - Answers Supervisory structure consists of
members that are responsible for the actions performed by the other employees in the
organization in the context of security.
What is security awareness and training (access controls)? - Answers Trains employees I an
organization about the importance of access control. The training assists the employees to limit
the attacks in the network and assists them in detecting and controlling the viruses and worms.
What is testing (access controls)? - Answers Testing of the access controls brings out the
weaknesses in the network, checks if all the access controls are working properly and evaluate
the procedures and policies aligned for the proper functioning of the organization.
What is job rotation (access controls)? - Answers Job rotation improves error detection and
fraud disclosures. Job rotation policy along with separation of duties is a good administrative
access control. However, job rotation prevents employees to take up multiple roles at a time,
, which adds overhead to access control system. One needs to be aware of the impact of job
rotation on access control system.
What is separation of duties (access controls)? - Answers Separation of duties comes into play
when a single operation requires more than one person to complete it. When one individual is
responsible for completing a task, it gives them more power and the security risk is high.
Whereas, if the same task is accomplished by a team of people, proper checks and balances are
maintained and there is less chance for errors.
What is information classification (access controls)? - Answers Implementing access control is
impossible without information classification. The information can be classified as: public,
private, secret, proprietary, confidential, etc. Process of information classification: 1.
Understand data classification project goals. 2. Build data classification policy. 3. Build data
classification standards. 4. Create tools to support the process. 5. Determine application
owners. 6. Determine data owners and data owner delegates. 7. Categorize information. 8.
Define the audit process. 9. Save information in a repository. 10. Give user training. 11. Review
and update information classification at regular intervals.
What is investigation (access controls)? - Answers Investigate the logs for all doubtful activities
and violations and make a report for further actions. Investigate unexpected information system
related activities. Study the investigations periodically and make changes to access
authorizations.
What is a physical access control? - Answers A set of security measures taken to prevent
authorized access to physical devices.
What are the 10 common physical security controls? - Answers Fences, Locks, Badge system,
Security guard, Biometric system, Mantrap doors, Lighting, Motion detectors, Closed-circuit TVs,
Alarms
What are the 3 physical access control categories? - Answers Prevention Access Controls,
Deterrence Controls, Detection Controls
What are prevention access controls? - Answers Used to prevent unwanted or unauthorized
access to resources. Such as fences, locks, biometrics, mantraps, etc.
Wha are deterrence controls? - Answers Used to discourage violation of security policies. Such
as security guards, warning signs, etc.
What are detection controls? - Answers Used to detected unauthorized access attempts. Such
as CCTVs, alarms, etc.
What is a technical access control? - Answers A set of security measures taken to ensure
confidentiality, integrity, and availability of the resources.
