UnixTime

Research Note

EXAM-027 - Endpoint, Privileged Access, and Information Access Restriction

- A.8.1 is not just anti-malware or laptop encryption. - BYOD is in scope when it accesses organizational information. - VPN does not solve endpoint security by itself. - A.8.2...

On this page

Memory cues

Control Cue
A.8.1 User End Point Devices Protect information reachable through user devices
A.8.2 Privileged Access Rights Restrict, log, review, and remove powerful access
A.8.3 Information Access Restriction Restrict information, functions, exports, and support access by policy and business need

Likely exam traps

  • A.8.1 is not just anti-malware or laptop encryption.
  • BYOD is in scope when it accesses organizational information.
  • VPN does not solve endpoint security by itself.
  • A.8.2 covers both allocation and use of privilege.
  • Trusted administrators still need approval, logging, and review.
  • Emergency access needs procedure, post-use review, and restoration checks.
  • A.8.3 is broader than login control; it includes application roles, data, functions, reports, exports, print, database paths, and dynamic support sessions.
  • Shared databases and report builders can bypass application access restrictions.

Quick comparison

Question A.8.1 A.8.2 A.8.3
Main concern User devices accessing information Powerful access rights Access to information, assets, functions, databases, reports, and exports
Evidence Device inventory, MDM/EDR reports, patch/encryption, remote access Privileged register, approvals, admin IDs, logs, reviews Access rule matrix, application roles, database permissions, export controls, dynamic session logs
Common failure Unmanaged BYOD or non-compliant endpoints Shared admin accounts or stale privilege Over-broad roles, shared database bypass, uncontrolled exports
Audit method Sample devices and compliance reports Sample privileged users and activity logs Sample roles, reports, exports, maintenance utilities, and support sessions

Practical mentor takeaway

Exam lens

A.8.1 asks whether the device is trustworthy enough to access information. A.8.2 asks whether powerful access is justified, traceable, reviewed, and removed. A.8.3 asks whether ordinary and temporary access to information/functions is restricted according to policy and business need.

  • Iso27001
  • Exam
  • Technological controls

Note Metadata

Aliases: A.8.1 A.8.2 A.8.3 exam cues

Source: 09-Exam-Preparation/EXAM-027-Endpoint-and-Privileged-Access.md