QS0013-03: Access Control Policy

Question 1

QS0013-01: Access Control Policy

What is the purpose of the Access Control Policy?

Answer 1

To protect confidentiality, integrity, and availability of information and resources at LabLynx.

Question 2

QS0013-01: Access Control Policy

What are “Users” responsible for?

Answer 2

User passwords must remain confidential. All actions, processes, or activity performed with a personal user ID is the responsibility of the assigned user.

Question 3

QS0013-01: Access Control Policy

What are the DevOps Administrators’ responsibilities?

Answer 3

1. Ensure minimum requirements are met by controlling user IDs and passwords effectively.
2. Validating approval before granting access.

Question 4

QS0013-01: Access Control Policy

Which access control technique provides a straightforward way of granting or denying access for a user performing a specific job?

Answer 4

Role-based Access

Question 5

QS0013-01: Access Control Policy

Password Management is an example of a:

1. Corrective Control
2. Preventive Control
3. Directive Control

Answer 5

Preventive Control

Question 6

QS0013-01: Access Control Policy

Vendor maintenance accounts must be disabled within 48 hours after use. (True/False)

Answer 6

False

Correct Answer: Vendor maintenance accounts must be disabled immediately after use.

Question 7

QS0013-01: Access Control Policy

Which form needs to be completed if an individual is terminated?

Answer 7

The Personnel Termination Checklist (F0004)

Question 8

QS0013-01: Access Control Policy

How soon must the access rights be reviewed if the user changes responsibilities?

Answer 8

No later than three business days after responsibility change.

Question 9

QS0013-01: Access Control Policy

How quickly must inactive accounts be disabled or removed?

Answer 9

Inactive accounts must be disabled after 60 days and may be removed where this will not compromise audit trails.