C726 - REVIEW EXAM QUESTIONS WITH COMPLETE
SOLUTIONS GUARANTEED PASS 2025/2026
Discretionary - ANSWER ->The vice president of a company distributes
corporate policies by emailing employees links to the files. An IT
professional needs to implement a solution that allows only the vice
president to manage who can edit corporate policies.
Which access control model should this professional implement?
or
'
A company develops project management software. The design
requires the project manager to control access to the project files.
Role Based - ANSWER ->A company wants only members of its
database administrator team to have administrative access to all SQL
server databases.
Which access control model should this company apply?
Mandatory - ANSWER ->A word-processing program uses document
labels to determine which users can access files. For example, only
members of the legal department can access files labeled legal.
,It uses classification of data or labels
Access aggregation - ANSWER ->The collective entitlements granted by
multiple systems to one user; can lead to authorization creep.
example
An attacker uses multiple websites to collect public information and
pieces together a profile to be used for identity impersonation.
Side Channel - ANSWER ->type of attack that is passive and noninvasive
and intended to observe the operation of a device
Rule-based - ANSWER ->A company secures its network by closing
specific ports on its firewalls.
Attribute-based - ANSWER ->An organization plans to design and
implement a new IT architecture. The architecture should be flexible,
and the access-control management system should use several
different characteristics of users, the network, and devices on the
network.
Mandatory access control - ANSWER ->Which environment type allows
a user to gain access to objects using classification labels in a
compartmentalized environment
What is a characteristic of discretionary access controls - ANSWER -
>Every object has an owner
,Which framework achieves the needs of stakeholders and the goals of
an enterprise? - ANSWER ->Control objectives for information and
related technology (CoBIT)
Capability Maturity Model Integration (CMMI) - ANSWER ->
The Open Group Architecture Framework (TOGAF) - ANSWER ->
Payment card industry data security standard (PCI-DSS) - ANSWER ->
Committee of Sponsoring Organizations of the Treadway
Commission (COSO) - ANSWER ->
Which description suggests that a process has reached the highest level
of maturity possible under capability maturity model integration? -
ANSWER ->The process is optimized, with a focus on continuous
improvement.
Which framework is focused solely on process and process maturity
and has five levels of maturity? - ANSWER ->CMMI Applying need-to-
know principle - ANSWER ->Re-mediate access aggregation
Which security control can be applied to prevent eavesdropping
attacks? - ANSWER ->encryption
Security Analyst - ANSWER ->The security analyst is a strategic role that
helps to develop policies, standards, and guidelines and ensures the
security elements are implemented properly. The security analyst's
, participation in the system design phase of the system development
life cycle provides maximum benefit to the organization.
User - ANSWER ->A user routinely accesses corporate data and must
have the appropriate level of access assigned. Users should participate
in the system requirement definition stage to ensure that the system
meets user requirements.
Data owner - ANSWER ->The data owner approves data classes and
alters the classes as needs arise. This role must ensure that appropriate
security controls and user access rights are in place.
Security administrator - ANSWER ->The security administrator creates
new user accounts and passwords, implements security software, and
tests patches and software components. This role is more functional in
nature as compared to the security analyst role.
Security Policy - ANSWER ->A security policy defines the broad security
objectives of an organization, establishes authority and responsibilities
of individuals, and is strategic in nature.
Line Conditioner - ANSWER ->Fluctuations in voltage supply, such as
spike and surges, can damage electronic circuits and components. A
line conditioner ensures clean and steady voltage supply by filtering the
incoming power and eliminating fluctuations and interference.
Preventative Controls (edit controls and limit check) - ANSWER >Edit
controls are an example of preventative controls. Edit controls are
typically used in forms. Single-line edit controls are useful for retrieving
SOLUTIONS GUARANTEED PASS 2025/2026
Discretionary - ANSWER ->The vice president of a company distributes
corporate policies by emailing employees links to the files. An IT
professional needs to implement a solution that allows only the vice
president to manage who can edit corporate policies.
Which access control model should this professional implement?
or
'
A company develops project management software. The design
requires the project manager to control access to the project files.
Role Based - ANSWER ->A company wants only members of its
database administrator team to have administrative access to all SQL
server databases.
Which access control model should this company apply?
Mandatory - ANSWER ->A word-processing program uses document
labels to determine which users can access files. For example, only
members of the legal department can access files labeled legal.
,It uses classification of data or labels
Access aggregation - ANSWER ->The collective entitlements granted by
multiple systems to one user; can lead to authorization creep.
example
An attacker uses multiple websites to collect public information and
pieces together a profile to be used for identity impersonation.
Side Channel - ANSWER ->type of attack that is passive and noninvasive
and intended to observe the operation of a device
Rule-based - ANSWER ->A company secures its network by closing
specific ports on its firewalls.
Attribute-based - ANSWER ->An organization plans to design and
implement a new IT architecture. The architecture should be flexible,
and the access-control management system should use several
different characteristics of users, the network, and devices on the
network.
Mandatory access control - ANSWER ->Which environment type allows
a user to gain access to objects using classification labels in a
compartmentalized environment
What is a characteristic of discretionary access controls - ANSWER -
>Every object has an owner
,Which framework achieves the needs of stakeholders and the goals of
an enterprise? - ANSWER ->Control objectives for information and
related technology (CoBIT)
Capability Maturity Model Integration (CMMI) - ANSWER ->
The Open Group Architecture Framework (TOGAF) - ANSWER ->
Payment card industry data security standard (PCI-DSS) - ANSWER ->
Committee of Sponsoring Organizations of the Treadway
Commission (COSO) - ANSWER ->
Which description suggests that a process has reached the highest level
of maturity possible under capability maturity model integration? -
ANSWER ->The process is optimized, with a focus on continuous
improvement.
Which framework is focused solely on process and process maturity
and has five levels of maturity? - ANSWER ->CMMI Applying need-to-
know principle - ANSWER ->Re-mediate access aggregation
Which security control can be applied to prevent eavesdropping
attacks? - ANSWER ->encryption
Security Analyst - ANSWER ->The security analyst is a strategic role that
helps to develop policies, standards, and guidelines and ensures the
security elements are implemented properly. The security analyst's
, participation in the system design phase of the system development
life cycle provides maximum benefit to the organization.
User - ANSWER ->A user routinely accesses corporate data and must
have the appropriate level of access assigned. Users should participate
in the system requirement definition stage to ensure that the system
meets user requirements.
Data owner - ANSWER ->The data owner approves data classes and
alters the classes as needs arise. This role must ensure that appropriate
security controls and user access rights are in place.
Security administrator - ANSWER ->The security administrator creates
new user accounts and passwords, implements security software, and
tests patches and software components. This role is more functional in
nature as compared to the security analyst role.
Security Policy - ANSWER ->A security policy defines the broad security
objectives of an organization, establishes authority and responsibilities
of individuals, and is strategic in nature.
Line Conditioner - ANSWER ->Fluctuations in voltage supply, such as
spike and surges, can damage electronic circuits and components. A
line conditioner ensures clean and steady voltage supply by filtering the
incoming power and eliminating fluctuations and interference.
Preventative Controls (edit controls and limit check) - ANSWER >Edit
controls are an example of preventative controls. Edit controls are
typically used in forms. Single-line edit controls are useful for retrieving
