
Explanation:
The following is a possible answer for the drag and drop question:

According to the CISSP CBK Official Study Guide1, access control is the process of granting or denying access to resources, data, or information, based on the identity, role, or credentials of the subject or the entity, as well as the security policies and rules of the system or the network. Access control can be classified into four types, which are:
* Administrative: Access control that is implemented through the policies, procedures, and processes that govern the management and monitoring of the access control system, such as the identification, authentication, authorization, and accountability of the subjects and the entities, as well as the classification, labeling, and handling of the resources, data, or information. An example of administrative access control is labeling of sensitive data, which is the process of applying security attributes or tags to the data that indicate the classification, sensitivity, or clearance of the data, such as top secret, secret, or confidential. Labeling of sensitive data helps to identify and distinguish the data based on their security attributes, as well as to inform and instruct the users or handlers of the data about the proper and secure handling and disposal of them.
* Technical: Access control that is implemented through the hardware, software, or firmware components or mechanisms that enforce and execute the access control policies and rules, such as the encryption, decryption, hashing, or digital signature of the data, or the biometrics, tokens, or certificates of the subjects or the entities. An example of technical access control is biometrics for authentication, which is the process of verifying and confirming the identity of the subject or the entity based on their physical or behavioral characteristics, such as the fingerprint, iris, voice, or signature of the subject or the entity.
Biometrics for authentication helps to ensure the authenticity and uniqueness of the subject or the entity, as it uses the characteristics that are inherent and distinctive to the subject or the entity, and that are difficult to forge, copy, or share.
* Logical: Access control that is implemented through the software or application components or mechanisms that restrict and regulate the access or use of the resources, data, or information, based on the logic, function, or operation of the system or the network, such as the passwords, usernames, roles, or permissions of the subjects or the entities, or the firewalls, routers, or switches of the system or the network. An example of logical access control is constrained user interface, which is the process of limiting or hiding the features or functions of the system or the network that are not relevant or authorized for the subject or the entity, such as the menus, buttons, or commands of the system or the network. Constrained user interface helps to reduce the complexity and confusion of the system or the network, as well as to prevent or minimize the errors or problems that may occur from the misuse or abuse of the system or the network.
* Physical: Access control that is implemented through the physical or tangible components or mechanisms that prevent or deter the unauthorized or unintended access or entry to the resources, data, or information, such as the locks, keys, doors, or windows of the premises or the facilities, or the
* badges, cards, or tags of the subjects or the entities. An example of physical access control is Radio Frequency Identification (RFID) badge, which is a device or a material that emits or responds to radio waves, and that contains or stores the identification or the information of the subject or the entity, such as the name, number, or photo of the subject or the entity. RFID badge helps to identify and locate the subject or the entity, as well as to grant or deny the access or entry to the premises or the facilities.