Access Control Flashcards
You are creating an access control model that will allow you to assign specific access policies depending on which network a user is on and not necessarily on the actual identity of the specific user. Which privilege management access control model would you use?
Rule-based access control
Discretionary access control
Attribute-based access control
Rule-based access control
Rule-based access control is defined with an access control list (ACL), which specifies a set of rules that must be followed before access is granted. Rule-based access control does not necessarily have to be tied to an authorized identity and could involve access permissions based on network location, content of messages (such as e-mail text or attachments), and other types of content filtering
You must create an access control mechanism for your server and network room, which houses all your organization’s servers and primary networking equipment. Which of the following methods would be the most secure?
Access list
Smart card access
ID badge
Smart card access
Smart card access would provide the most security. The server room door will not unlock unless a user inserts her smart card and has the proper authorization to enter the room
You are designing file security for a new file server for your sales department. Each user will have his own private and secure directory as well as a shared group directory. Which of the following should be the initial default access level for each user before you assign permissions?
Full access
Read and Write access
No access
No access
You should use the principle of implicit deny, which means that, by default, a user should have no access permission at all unless explicitly permitted. You can then assign Read/Write access for each user to his own home directory and Read/Write access to the shared directory. This ensures you start with the most secure default configuration
You have recently had several laptops stolen after hours when employees leave unattended laptops on their desks after they leave work. Which of the following policies should you implement to increase security and prevent theft?
Make sure users are logged out of laptops before they leave.
Set a hardware password.
Lock all unattended laptops in a cabinet after hours.
Lock all unattended laptops in a cabinet after hours.
If employees are not taking their laptops home with them, these devices should be removed from their desks and put in a locked cabinet until the users return the next day. Cable locks are useful for security during office hours, but can be cut by a determined thief. Logging out of the laptop or setting hardware passwords can prevent unauthorized access, but will not deter theft
Which of the following best practices discourages corruption by ensuring that users do not have the same amount of access and privileges for too long a time?
Least privilege
Separation of duties
Job rotation
Job rotation
Job rotation ensures greater security because no single employee retains the same amount of access control for an area for an extended period of time. This can prevent internal corruption, whereby long-term employees, because of their deep knowledge of their area of duty, might be more inclined to take advantage of their position and enhanced access
Your company has defined working hours for a call center department. There have been several instances of employees using company resources to download Internet content after work hours. Which of the following can you implement to improve security?
Use MAC address filtering to prevent access on suspect computers.
Set access time restrictions.
Shut down all computers after work hours.
Set access time restrictions.
By setting time restrictions on network access, you prevent employees from being able to log in and access the network after working hours are complete
You have had a rash of hacking incidents where weak employee passwords are being hacked through brute-force methods and unauthorized users are gaining access to the network. Which of the following security policies is most efficient for preventing brute-force hacking attempts on employee passwords?
Password rotation
Password expiration
Limiting logon attempts
Limiting logon attempts
You can limit logon attempts to lock out the user’s account if an incorrect password has been entered too many times. Although password length, complexity, rotation, and expiration are helpful security measures, brute-force attacks can most efficiently be stopped by limiting the number of attempted logons
You have already implemented a password expiration and rotation policy that forces your users to change their password every 60 days. However, you find that many users are simply using their same password again. Which of the following can you implement to improve security?
Password history
Password complexity
Limiting logon attempts
Password history
When password history is enabled, the system can remember a user’s former passwords. When the current password expires, the system forces the user to use a new password that is not the same as one of her previous passwords
A military building uses strict access control where a user must use smart card access to enter the main door of the facility. Then he must meet a security guard at a second door to present an ID badge and enter his PIN number. What security feature is used in this access control mechanism?
Implicit deny
Three-tier access control
Man-trap
Man-trap
When a company uses a man-trap, each user must be authenticated to be able to enter the first door of the facility. When he has entered the first door, it is closed, and the user is physically trapped between the first and second doors. The user must pass an additional round of authentication to gain access through the second door
