Questions derived from the CISSP – CISSP ISC2 Self-Test Software Practice Test.
Objective: Access Controls
SubObjective: Control access by applying concepts/methodology/techniques
Item Number: CISSP.1.1.28
Single Answer, Multiple Choice
Which technology allows users to freely access all systems to which their account has been granted access after the initial authentication?
- Smart cards
- Single sign-on
- Biometric device
D. Single sign-on
Single sign-on allows users to freely access all systems to which their account has been granted access after the initial authentication. This is considered both an advantage and a disadvantage. It is an advantage because the user only has to log in once and does not have to constantly re-authenticate when accessing other systems. It is a disadvantage because the maximum authorized access is possible if a user account and its password are compromised.
Discretionary access control (DAC) and mandatory access control (MAC) are access control models that help companies design their access control structure. They provide no authentication mechanism by themselves.
Smart cards are authentication devices that can provide increased security by requiring insertion of a valid smart card to log on to the system. They do not determine the level of access allowed to a system.
A biometric device can provide increased security by requiring verification of a personal asset, such as a fingerprint, for authentication. They do not determine the level of access allowed to a system.
Single sign-on was created to dispose of the need to maintain multiple user account and password to access multiple systems. With single sign-on, a user is given an account and password that logs on to the system and grants the user access to all systems to which the user’s account has been granted.
CISSP All-in-One Exam Guide, Chapter 4: Access Control, Single Sign-On, pp. 149-151.