Section 2: 35–45%I7

Logical and Physical Access Controls

Exam Insight

Access controls are the most heavily tested area of ISC because they enforce confidentiality and integrity at the gate. You must be able to distinguish authentication from authorization, name the access control models, and recognize the right physical, network, and cryptographic control for a given goal.

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA Wants You to Know

1Distinguish the three authentication factors and explain what makes authentication multi-factor.
2Separate authentication (who you are) from authorization (what you may do).
3Compare the RBAC, MAC, and DAC access control models.
4Describe user provisioning, deprovisioning, periodic access reviews, and privileged access management.
5Identify appropriate physical and network controls for a stated objective.
6Compare symmetric and asymmetric encryption, hashing, and PKI, and contrast data at rest with data in transit.