Memory cues
| Control | Cue |
|---|---|
| A.8.1 User End Point Devices | Protect information reachable through user devices |
| A.8.2 Privileged Access Rights | Restrict, log, review, and remove powerful access |
| A.8.3 Information Access Restriction | Restrict information, functions, exports, and support access by policy and business need |
Likely exam traps
- A.8.1 is not just anti-malware or laptop encryption.
- BYOD is in scope when it accesses organizational information.
- VPN does not solve endpoint security by itself.
- A.8.2 covers both allocation and use of privilege.
- Trusted administrators still need approval, logging, and review.
- Emergency access needs procedure, post-use review, and restoration checks.
- A.8.3 is broader than login control; it includes application roles, data, functions, reports, exports, print, database paths, and dynamic support sessions.
- Shared databases and report builders can bypass application access restrictions.
Quick comparison
| Question | A.8.1 | A.8.2 | A.8.3 |
|---|---|---|---|
| Main concern | User devices accessing information | Powerful access rights | Access to information, assets, functions, databases, reports, and exports |
| Evidence | Device inventory, MDM/EDR reports, patch/encryption, remote access | Privileged register, approvals, admin IDs, logs, reviews | Access rule matrix, application roles, database permissions, export controls, dynamic session logs |
| Common failure | Unmanaged BYOD or non-compliant endpoints | Shared admin accounts or stale privilege | Over-broad roles, shared database bypass, uncontrolled exports |
| Audit method | Sample devices and compliance reports | Sample privileged users and activity logs | Sample roles, reports, exports, maintenance utilities, and support sessions |
Practical mentor takeaway
Exam lens
A.8.1 asks whether the device is trustworthy enough to access information. A.8.2 asks whether powerful access is justified, traceable, reviewed, and removed. A.8.3 asks whether ordinary and temporary access to information/functions is restricted according to policy and business need.
- Iso27001
- Exam
- Technological controls
Note Metadata
Aliases: A.8.1 A.8.2 A.8.3 exam cues
Source: 09-Exam-Preparation/EXAM-027-Endpoint-and-Privileged-Access.md