Certified Incident Handler (ECIH v3) — Question 25

An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy

Answer options

• A. Action group: group of actions performed by the users on resources
• B. Development group: group of persons who develop the policy
• C. Resource group: resources controlled by the policy
• D. Access group: group of users to which the policy applies

Correct answer: B

Explanation

The correct answer is B because the Development group refers to individuals involved in creating the policy, which is not a fundamental element of access control itself. The other options (A, C, and D) directly relate to the actions users can take, the resources involved, and the user groups affected by the policy.