D488 | D488 Cybersecurity Architecture and
Engineering Exam 3 Version 2 Questions with
Correct Answers and Expert Explanation for Each
Question
1. Which component of Identity and Access Management (IAM) is responsible for
ensuring that a user is who they claim to be?
A. Authorization
B. Auditing
C. Accounting
D. Authentication
Correct Answer: D
Expert Explanation: Authentication is the process of verifying the identity of a
user, device, or system. It typically involves checking credentials such as passwords,
tokens, or biometric data against a stored record. This step occurs before a user is
granted any permissions within the system environment. Without robust
authentication, the integrity of the entire access control system is compromised. It
serves as the first line of defense in protecting organizational resources from
unauthorized access.
,2. An organization implements a policy where users must provide a password and a
fingerprint scan to log in. What type of security control is this?
A. Single-factor authentication
B. Discretionary access control
C. Multi-factor authentication
D. Attribute-based access control
Correct Answer: C
Expert Explanation: Multi-factor authentication (MFA) requires users to provide
two or more different categories of credentials. In this scenario, the password
represents something the user knows, while the fingerprint is something the user is.
By requiring multiple factors, the security posture is significantly strengthened
against credential theft. This approach ensures that even if one factor is
compromised, the attacker still lacks the other required credentials. MFA is a core
requirement in modern cybersecurity frameworks to mitigate identity-related risks.
3. Which access control model assigns permissions based on the specific job functions
of an individual within an organization?
A. ABAC
B. MAC
C. DAC
,D. RBAC
Correct Answer: D
Expert Explanation: Role-Based Access Control (RBAC) simplifies management by
grouping permissions into roles that correspond to job duties. Users are then
assigned to these roles rather than having permissions managed on an individual
basis. This model reduces administrative overhead and ensures consistency across
the organization. It is highly effective in large enterprises where employees
frequently change positions or departments. RBAC helps maintain the principle of
least privilege by ensuring roles only have necessary access rights.
4. In the context of biometrics, what does the Crossover Error Rate (CER) represent?
A. The speed at which a user is authenticated
B. The total number of users stored in the database
C. The point where False Rejection Rate and False Acceptance Rate are equal
D. The percentage of failed login attempts over time
Correct Answer: C
Expert Explanation: The Crossover Error Rate (CER) is a critical metric used to
evaluate the overall accuracy of a biometric system. It identifies the specific point
where the rate of false positives equals the rate of false negatives. A lower CER
indicates a more accurate and reliable biometric sensor or algorithm. Organizations
, use this metric to compare different biometric products during the procurement
phase. Balancing these two error types is essential for maintaining both security and
user convenience.
5. Which principle dictates that users should only have the minimum level of access
necessary to perform their job functions?
A. Implicit Deny
B. Need to Know
C. Least Privilege
D. Separation of Duties
Correct Answer: C
Expert Explanation: The Principle of Least Privilege (PoLP) is a fundamental
security concept focused on limiting access rights for users. It ensures that any user,
program, or process has only the bare minimum privileges required to complete its
task. By restricting access, organizations can limit the potential damage caused by
accidents or malicious actions. This principle is vital for reducing the attack surface
and containing potential security breaches. Implementing PoLP requires continuous
monitoring and regular reviews of user permissions.
Engineering Exam 3 Version 2 Questions with
Correct Answers and Expert Explanation for Each
Question
1. Which component of Identity and Access Management (IAM) is responsible for
ensuring that a user is who they claim to be?
A. Authorization
B. Auditing
C. Accounting
D. Authentication
Correct Answer: D
Expert Explanation: Authentication is the process of verifying the identity of a
user, device, or system. It typically involves checking credentials such as passwords,
tokens, or biometric data against a stored record. This step occurs before a user is
granted any permissions within the system environment. Without robust
authentication, the integrity of the entire access control system is compromised. It
serves as the first line of defense in protecting organizational resources from
unauthorized access.
,2. An organization implements a policy where users must provide a password and a
fingerprint scan to log in. What type of security control is this?
A. Single-factor authentication
B. Discretionary access control
C. Multi-factor authentication
D. Attribute-based access control
Correct Answer: C
Expert Explanation: Multi-factor authentication (MFA) requires users to provide
two or more different categories of credentials. In this scenario, the password
represents something the user knows, while the fingerprint is something the user is.
By requiring multiple factors, the security posture is significantly strengthened
against credential theft. This approach ensures that even if one factor is
compromised, the attacker still lacks the other required credentials. MFA is a core
requirement in modern cybersecurity frameworks to mitigate identity-related risks.
3. Which access control model assigns permissions based on the specific job functions
of an individual within an organization?
A. ABAC
B. MAC
C. DAC
,D. RBAC
Correct Answer: D
Expert Explanation: Role-Based Access Control (RBAC) simplifies management by
grouping permissions into roles that correspond to job duties. Users are then
assigned to these roles rather than having permissions managed on an individual
basis. This model reduces administrative overhead and ensures consistency across
the organization. It is highly effective in large enterprises where employees
frequently change positions or departments. RBAC helps maintain the principle of
least privilege by ensuring roles only have necessary access rights.
4. In the context of biometrics, what does the Crossover Error Rate (CER) represent?
A. The speed at which a user is authenticated
B. The total number of users stored in the database
C. The point where False Rejection Rate and False Acceptance Rate are equal
D. The percentage of failed login attempts over time
Correct Answer: C
Expert Explanation: The Crossover Error Rate (CER) is a critical metric used to
evaluate the overall accuracy of a biometric system. It identifies the specific point
where the rate of false positives equals the rate of false negatives. A lower CER
indicates a more accurate and reliable biometric sensor or algorithm. Organizations
, use this metric to compare different biometric products during the procurement
phase. Balancing these two error types is essential for maintaining both security and
user convenience.
5. Which principle dictates that users should only have the minimum level of access
necessary to perform their job functions?
A. Implicit Deny
B. Need to Know
C. Least Privilege
D. Separation of Duties
Correct Answer: C
Expert Explanation: The Principle of Least Privilege (PoLP) is a fundamental
security concept focused on limiting access rights for users. It ensures that any user,
program, or process has only the bare minimum privileges required to complete its
task. By restricting access, organizations can limit the potential damage caused by
accidents or malicious actions. This principle is vital for reducing the attack surface
and containing potential security breaches. Implementing PoLP requires continuous
monitoring and regular reviews of user permissions.
