Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-CISA 3.0 - ISACA > 5.3 : Logical Access (Doshi) > Flashcards

5.3 : Logical Access (Doshi) Flashcards

1
Q

Logical access controls in information technology is used for the following (4):

A

(1) identification
(2) authentication
(3) authorization, and
(4) accountability in computer information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The two main types of access controls:

A

(1) physical and

(2) logical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Physical access control

A

Limits access to campuses, buildings, facilities, and physical IT assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Logical access control

A

Limits connections to computer networks, system files and data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Four main categories of access controls are:

A

(1) Mandatory Access Control (MAC)
(2) Discretionary access control (DAC)
(3) Role-based access control
(4) Rule-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mandatory Access Control (MAC)

A

is logical access control that cannot be controlled or modified by normal users or data owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Discretionary Access Control (DAC)

A

(DACs) are logical access control that may be activated or modified by the data owners at their discretion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

MAC compared to DAC ; in terms of data security, which is the best choice

A

MACs are better choice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Steps to follow when implementing logical access control:

A

(1) Inventory of IS resources
(2) Classification of IS resources
(3) Grouping/labeling of IS resources
(4) Creation of an access control list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the first step on data classification?

A

Identify the owner of the data/application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Automated password management tool vs Manual password management tool

A

In any given scenario, an automated password management tool works as best preventive control and ensures compliance with password management policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Preventive controls as compared to detective and deterrent controls

A

In any given scenario, PREFERENCE to be given to PREVENTATIVE controls as compared to detective or deterrent controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Automated controls as compared to manual controls

A

In any given scenario, preference to be given to automated controls as compared to manual controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the prime objective of review of logical access control?

A

to ensure access have been assigned as per organization’s authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In any given scenario, data owner/system owner is ultimately responsible

A

for defining the access rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In any given scenario, following are the logical steps for data classification:

A
  • First step is to have inventory of Information Assets.
  • Second step is to establish ownership.
  • Third step is classification of IS resources.
  • Fourth step is labelling of IS resources.
  • Fifth step is creation of access control list.
17
Q

In any given scenario, accountability for the maintenance of proper security controls over information assets resides with

A

the data owner/system owner.

18
Q

In any given scenario, greatest benefit of well defined data classification policy is

A

decreased cost of control.

19
Q

In any given scenario, most important objective of data protection is to

A

(i) ensure integrity/confidentiality of data and (ii) establish appropriate access control guidelines.

20
Q

Data classification must take into account following requirements:

A
  • Legal/Regulatory/Contractual
  • Confidentiality
  • Integrity
  • Availability
21
Q

In information technology, logical access controls are tools and protocols used for

A

identification, authentication, authorization, and accountability in computer information systems.

22
Q

The four main categories of access control are:

A

Mandatory access control

Discretionary access control

Role-based access control

Rule-based access control

23
Q

Mandatory Access Control: Mandatory Access Controls (MACs) are logical access control that cannot be

A

controlled or modified by normal users or data owners.

24
Q

Discretionary Access Control: Discretionary Access Controls (DACs) are logical access control that may be

A

activated or modified by the data owners at their discretion.

25
Q

)In any given scenario, MACs are BEST choice in terms of data security

A

as compared to DACs.

26
Q

In any given scenario, following are the steps for implementing logical access controls:

A

(a) Inventory of IS resources.
(b) Classification of IS resources.
(c) Grouping/labelling of IS resources.
(d) Creation of an access control list.

27
Q

In any given scenario, first step in data classification is

A

to identify the owner of the data/application.

28
Q

In any given scenario, an automated password management tool works as

A

BEST preventive control and ensures compliance with password management policy.

29
Q

Please note below access control best practices for wireless security. Invariably 2-3 questions will be there on this concept:

A

(a)Enable MAC address filtering:

Every Machine (PC/Laptop/Mobiles) has a unique identification number. That is known as Media Access Control (MAC) address. So through this control, you allow access to only selected devices. Any other device trying to access you network will be rejected by your router.

(b)Disable SSID (Service set identifier) broadcasting

A Service Set Identifier (SSID) is the wireless network name broadcast by a router and it is visible for all wireless devices. When a wireless device searches the area for wireless networks it will detect the SSID.

(c)Enable WPA-2 (Wi-Fi protected access) protection:

Encryption helps to scrambles the information we send through wireless network into a code so that it’s difficult for other to access. Using encryption is the effective way to secure your network from intruders.

30
Q

Two main types of encryption are available for this purpose:

A

Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP).

31
Q

WPA 2 is the strongest

A

encryption standard for wireless connection as on today.

32
Q

In any given scenario, preference to be given to preventive controls

A

as compared to detective or deterrent controls.

33
Q

)In any given scenario, preference to be given to automated controls

A

as compared to manual controls.

34
Q

In any given scenario, default deny access control policy (i.e. deny all traffic except selected ones) is more robust and stringent access control policy

A

as compared to default allow access control policy (i.e. allow all traffic except selected ones)

35
Q

Prime objective of review of logical access control is

A

to ensure access have been assigned as per organisation’s authorization.

ag-CISA 3.0 - ISACA (43 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions