Which policy defines the resources being protected and the rules that control access to them?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which policy defines the resources being protected and the rules that control access to them?

Explanation:
Defining what needs protection and who may access it is the job of an access control policy. This policy lists the resources that must be safeguarded—like files, databases, devices, and services—and it specifies the authorization rules that determine who can access those resources, what kind of access they have (read, write, execute), and under what conditions (roles, groups, attributes, time windows, location, or multi-factor requirements). It guides how access is enforced and audited, and it embodies principles such as least privilege and need-to-know. Remote-Access Policy, by contrast, focuses on securing connections from remote locations and may cover authentication methods and VPN requirements, but it doesn’t define all protected resources and the full set of access rules for internal resources. User-Account Policy deals with how accounts are created, managed, and decommissioned, including password policies, rather than detailing what resources exist and how access to them is controlled. Information-Protection Policy covers data handling, classification, encryption, and protection measures, not the specific access-control rules for resources.

Defining what needs protection and who may access it is the job of an access control policy. This policy lists the resources that must be safeguarded—like files, databases, devices, and services—and it specifies the authorization rules that determine who can access those resources, what kind of access they have (read, write, execute), and under what conditions (roles, groups, attributes, time windows, location, or multi-factor requirements). It guides how access is enforced and audited, and it embodies principles such as least privilege and need-to-know.

Remote-Access Policy, by contrast, focuses on securing connections from remote locations and may cover authentication methods and VPN requirements, but it doesn’t define all protected resources and the full set of access rules for internal resources. User-Account Policy deals with how accounts are created, managed, and decommissioned, including password policies, rather than detailing what resources exist and how access to them is controlled. Information-Protection Policy covers data handling, classification, encryption, and protection measures, not the specific access-control rules for resources.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy