New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 5 Question 11 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 11
Topic #: 5
[All ISSMP Questions]

Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information?

Each correct answer represents a complete solution. Choose three.

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

The following are examples of the administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information.

Training and awareness

Policy enforcement

Personnel registration and accounting

Disaster preparedness and recovery plans

Administrative controls can be security policies or items such as standards, guidelines, and procedures for individuals to follow to ensure security. Administrative controls are the foundations from which technical and physical controls are implemented.

Answer options C and E are incorrect. Network authentication and encryption are examples of technical controls.


by Sylvie at May 03, 2022, 08:29 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Golda
4 months ago
Wait, how does encryption fit into this? Seems off to me.
upvoted 0 times
...
Vanda
4 months ago
I agree, C and D are must-haves for any organization!
upvoted 0 times
...
Ozell
4 months ago
Not sure about B, isn’t that more about recovery than access?
upvoted 0 times
...
Sharika
4 months ago
I think A is also important for managing resources.
upvoted 0 times
...
Corrinne
5 months ago
Definitely C and D are key for access control.
upvoted 0 times
...
Scarlet
5 months ago
I feel like disaster preparedness and recovery plans don't really fit the criteria for access control, but I could be wrong.
upvoted 0 times
...
Juan
5 months ago
Training and awareness seems like it could be relevant, but I’m a bit confused about whether it directly determines access to resources.
upvoted 0 times
...
Javier
5 months ago
I think employee registration and accounting might be one of the answers, but I'm not entirely sure if it fits the definition of administrative controls.
upvoted 0 times
...
Elvis
5 months ago
I remember practicing with a similar question, and I think network authentication is definitely an administrative control.
upvoted 0 times
...
Walker
5 months ago
Okay, let me see. The definition of done is meant to establish clear criteria for when a piece of work is truly finished, right? So I think options B and D are the most relevant - it helps the team have a shared understanding, and also informs sprint planning. I'll select those.
upvoted 0 times
...
Rashida
5 months ago
Hmm, I'm a bit unsure about this one. I'll need to review my notes on the Service Portfolio to make sure I understand the key data objects.
upvoted 0 times
...
Alana
5 months ago
I'm a little confused by the friend function declaration. Does that mean the << operator is not a member function of the class? I'll have to double-check how that works.
upvoted 0 times
...

Save Cancel