CompTIA CySA+ Practice Questions: Access Control

21 free, exam-style CompTIA CySA+ (CS0-003) practice questions covering Access Control. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.

🚀 Take the full CompTIA CySA+ quiz 📘 CompTIA CySA+ study guide

Q1. What is the PRIMARY benefit of role-based access control (RBAC)? (Q-627ff1)

Explanation: RBAC assigns permissions based on job functions, simplifying administration. Learn more.

Q2. Which authentication factor is considered 'something you are'? (Q-924451)

Explanation: Biometrics (like fingerprints) fall under 'something you are' authentication. Learn more.

Q3. What does the 'A' in 'AAA' security stand for? (Q-628003)

Explanation: AAA = Authentication, Authorization, and Accounting. Learn more.

Q4. Which control mitigates insider threats? (Q-924467)

Explanation: Least privilege limits user access to only what's necessary. Learn more.

Q5. Which control mitigates brute-force attacks? (Q-924474)

Explanation: Account lockouts prevent repeated login attempts. Learn more.

Q6. Which control prevents unauthorized USB device usage? (Q-924478)

Explanation: USB blocking restricts unauthorized peripheral devices. Learn more.

Q7. Which Linux file contains hashed user passwords? (Q-924491)

Explanation: /etc/shadow stores password hashes with stricter permissions than /etc/passwd. Learn more.

Q8. Which Linux command changes file permissions to owner RWX, group RX, others X? (Q-924497)

Explanation: 7 (RWX) for owner, 5 (RX) for group, 1 (X) for others. Learn more.

Q9. Which Windows feature can prevent credential dumping attacks? (Q-924501)

Explanation: Credential Guard isolates LSASS to prevent credential theft. Learn more.

Q10. What is the MAIN security concern with biometric authentication? (Q-628038)

Explanation: Biometric data can't be changed like passwords if stolen. Learn more.

Q11. What is the PRIMARY purpose of a hardware security token? (Q-628039)

Explanation: Hardware tokens (e.g., YubiKey) provide physical MFA. Learn more.

Q12. Which Windows feature prevents executable files from running in temp folders? (Q-924507)

Explanation: AppLocker can block execution from suspicious locations like %TEMP%. Learn more.

Q13. What does FIDO2 provide for authentication? (Q-628045)

Explanation: FIDO2 enables phishing-resistant authentication via hardware tokens/biometrics. Learn more.

Q14. What does VDI stand for in endpoint security? (Q-628052)

Explanation: VDI centralizes desktop environments in secure data centers. Learn more.

Q15. Which Linux command checks for SUID binaries? (Q-924517)

Explanation: find / -perm -4000 locates files with SUID (Set User ID) bits set. Learn more.

Q16. Which Windows feature prevents LSASS credential dumping? (Q-924523)

Explanation: Credential Guard isolates LSASS memory using virtualization. Learn more.

Q17. What does FIDO2 provide for authentication? (Q-628061)

Explanation: FIDO2 enables phishing-resistant auth via hardware tokens/biometrics. Learn more.

Q18. Which Windows feature prevents executable files from running in temp folders? (Q-924535)

Explanation: AppLocker can block execution from suspicious locations like %TEMP%. Learn more.

Q19. What does FIDO2 provide for authentication? (Q-628073)

Explanation: FIDO2 enables phishing-resistant auth via hardware tokens/biometrics. Learn more.

Q20. Which Windows feature prevents executable files from running in temp folders? (Q-924545)

Explanation: AppLocker can block execution from suspicious locations like %TEMP%. Learn more.

Q21. What does FIDO2 provide for authentication? (Q-628083)

Explanation: FIDO2 enables phishing-resistant auth via hardware tokens/biometrics. Learn more.

More CompTIA CySA+ practice topics