Chapter 11 - Access Control Fundamentals

10 September 2022
4.7 (114 reviews)
44 test answers

Unlock all answers in this set

Unlock answers (40)
question
A user or a process functioning on behalf of the user that attempts to access an object is known as the
answer
subject
question
The action that is taken by a subject over an object is called a(n):
answer
operation
question
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
answer
access control model
question
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
answer
Mandatory Access Control
question
In a UAC prompt, what color is used to indicate the lowest level of risk?
answer
gray
question
Which access control model is considered to be the least restrictive?
answer
Discretionary Access Control
question
Select below the access control model that uses access based on a user's job function within an organization:
answer
Role Based Access Control
question
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
answer
Rule Based Access Control
question
When using Role Based Access Control (RBAC), permissions are assigned to:
answer
Roles
question
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
answer
Separation of duties
question
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
answer
Access Control List
question
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
answer
Orphaned
question
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
answer
Account expiration
question
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
answer
RADIUS
question
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
answer
authentication request
question
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
answer
Kerberos
question
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
answer
TACACS
question
Entries within a Directory Information Base are arranged in a tree structure called the:
answer
DIT
question
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
answer
DAP
question
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
answer
LDAP injection
question
The mechanism used in an information system for granting or denying approval to use specific resources.
answer
Access Control
question
A set of permissions that is attached to an object.
answer
Access Control List
question
A predefined framework found in hardware and software that a custodian can use for controlling access.
answer
Access Control Model
question
The process of setting a user's account to expire.
answer
Account Expiration
question
The least restrictive access control model in which the owner of the object has total control over it.
answer
Discretionary Access Control
question
The second version of the Terminal Access Control Access Control System (TACACS) authentication service.
answer
Extended TACACS
question
A Microsoft Windows feature that provides centralized management and configuration of computers and remote users.
answer
Group Policy
question
Rejecting access unless a condition is explicitly met.
answer
Implicit Deny
question
The act of moving individuals from one job responsibility to another.
answer
Job Rotation
question
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
answer
Kerberos
question
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
answer
LDAP injection
question
Providing only the minimum amount of privileges necessary to perform a job or function.
answer
Least Privilege
question
A protocol for a client application to access an X.500 directory.
answer
LDAP
question
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
answer
Mandatory Access Control
question
Requiring that all employees take vacations.
answer
Mandatory Vacations
question
An industry standard authentication service with widespread support across nearly all vendors of networking equipment.
answer
RADIUS
question
A "real-world" access control model in which access is based on a user's job function within the organization.
answer
Role Based Access Control
question
An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.
answer
Rule Based Access Control
question
Transporting LDAP traffic over Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
answer
Secure LDAP
question
An Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data.
answer
Security Assertion Markup Language
question
The practice of requiring that processes should be divided between two or more individuals.
answer
Separation of Duties
question
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
answer
TACACS+
question
An authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.
answer
TACACS
question
Limitation imposed as to when a user can log in to a system or access resources.
answer
Time-of-Day Restrictions