ch 12

Question 1

Granting or denying approval to use specific resources

Answer 1

• Access Control

Question 2

Consists of fencing, hardware door locks, and mantraps to limit contact with devices

Answer 2

Physical access control

Question 3

Consists of technology restrictions that limit users on computers from accessing data

Answer 3

Technical access control

Question 4

what is it called when Presenting credentials

Answer 4

Identification

Question 5

what is it called when Checking the credentials

Answer 5

Authentication

Question 6

what is it called when Granting permission to take action

Answer 6

Authorization

Question 7

A record that is preserved of who accessed the network, what resources they accessed, and when they disconnected

Answer 7

Accounting

Question 8

A specific resource

Answer 8

Object

Question 9

A user or process functioning on behalf of a user

Example: computer user

Answer 9

Subject

Question 10

The action taken by the subject over an object

Example: deleting a file

Answer 10

Operation

Question 11

Standards that provide a predefined framework for hardware or software developers
Use the appropriate model to configure the necessary level of control

Answer 11

Access control model

Question 12

(D A C)

Answer 12

• Discretionary Access Control

Question 13

Least restrictive model
Every object has an owner
Owners have total control over their objects
Owners can give permissions to other subjects over their objects

Answer 13

• Discretionary Access Control (D A C)

Question 14

• (M A C)

Answer 14

Mandatory Access Control

Question 15

Most restrictive access control model User has no freedom to set any controls or distribute access to other subjects
Typically found in military settings

Answer 15

• (M A C) Mandatory Access Control

Question 16

Every entity is an object and is assigned a classification label that represents the relative importance of the object

Answer 16

Labels

Question 17

a hierarchy based on the labels is used

Answer 17

Levels

Question 18

grants permissions by matching object labels with subject labels

Answer 18

M A C

Question 19

(B L P)

Answer 19

Bell-LaPadula

Question 20

(M I C)

Answer 20

Mandatory Integrity Control

Question 21

(U A C)

Answer 21

User Access Control

Question 22

• a Windows feature that controls user access to resources

Answer 22

User Access Control (U A C)

Question 23

(RBAC)

Answer 23

Role Based Access Control

Question 24

Also called Non-Discretionary Access Control

Access permissions are based on user’s job function

Answer 24

(RBAC) Role Based Access Control

Question 25

(RBAC)

Answer 25

Rule-Based Access Control

Question 26

Dynamically assigns roles to subjects based on a set of rules defined by a custodian Each resource object contains access properties based on the rules

Answer 26

(RBAC) Rule-Based Access Control

Question 27

When initially setting up an account, take these into consideration:

Answer 27

``` Employee accounts Creating location-based policies Establishing standard naming conventions Creating time-of-day restrictions Enforcing least privilege ```

Question 28

Employee On-boarding steps:

Answer 28

``` Scheduling Job duties Socializing Work space Training ```

Question 29

Employee offboarding Steps

Answer 29

Exit interview Back up all employee files from local computer and server Archive email Forward email to a manager or coworker Hide the name from the email address book

Question 30

- user accounts that remain active after an employee has left

Answer 30

Orphaned accounts

Question 31

an account that has not been accessed for a lengthy period

Answer 31

Dormant account

Question 32

relies upon location-based policies | Or establishing the geographical boundaries of where a mobile device can and cannot be used

Answer 32

Geofencing

Question 33

Means that only the minimum amount of privileges necessary to perform a job or function should be allocated

Answer 33

• Least Privilege

Question 34

the process of periodically revalidating a user’s account, access control, and membership role

Answer 34

Recertification

Question 35

intended to examine the permissions that a user has been given to determine if each is still necessary

Answer 35

Permission auditing and review

Question 36

– an audit process that looks at the applications that the user is provided, how frequently they are used, and how they are being used

Answer 36

Usage auditing and review

Question 37

• Best Practices for Access Control

Answer 37

Separation of duties Job rotation Mandatory vacations Clean desk policy

Question 38

the process should be divided between two or more individuals

Answer 38

• Separation of Duties

Question 39

Limits amount of time individuals are in a position to manipulate security configurations Helps expose potential avenues for fraud

Answer 39

• Job Rotation

Question 40

Limits fraud, because perpetrator must be present daily to hide fraudulent actions

Answer 40

• Mandatory Vacations

Question 41

Designed to ensure that all confidential or sensitive materials are removed form a user’s workspace and secured when the items not in use

Answer 41

• Clean Desk Policy

Question 42

(A C L s)

Answer 42

Access control lists

Question 43

A set of permissions attached to an object

Answer 43

Access control lists (A C L s)

Question 44

Each entry in the A C L table is called

Answer 44

access control entry (ACE)

Question 45

(SID)

Answer 45

Security identifier

Question 46

for the user or group account or logon session

Answer 46

Security identifier (SID)

Question 47

Permits the configuration of multiple computers by setting a single policy for enforcement

Answer 47

Group-based access control

Question 48

(A D)

Answer 48

Active Directory

Question 49

A Microsoft Windows feature that provides centralized management and configuration of computers and remote users using

Answer 49

Active Directory (A D)

Question 50

(G P O s)

Answer 50

Group Policy Objects

Question 51

Usually used in enterprise environments | Settings stored in

Answer 51

Group Policy Objects (G P O s)

Question 52

(L G P)

Answer 52

Local Group Policy

Question 53

Has fewer options than a Group Policy | Used to configure settings for systems not part of A D

Answer 53

Local Group Policy (L G P)

Question 54

• R A D I U S

Answer 54

Remote Authentication Dial In User Service

Question 55

Developed in 1992 Became an industry standard Originally designed for remote dial-in access to a corporate network

Answer 55

• R A D I U S

Question 56

Typically a device such as a wireless A P | Responsible for sending user credentials and connection parameters to the RADIUS server

Answer 56

R A D I U S client

Question 57

Authentication system developed at M I T Uses encryption and authentication for security Works like using a driver’s license to cash a check

Answer 57

• Kerberos (Tickets) (SSO)

Question 58

Symmetric based encryption

Answer 58

Originally DES now AES, 3DES Uses the Diffe-Hellman key agreement Requires mutual authentication

Question 59

(T A C A C S +)

Answer 59

• Terminal Access Control Access Control System

Question 60

Authentication service similar to R A D I U S Commonly used on UNIX devices Communicates by forwarding user authentication information to a centralized server

Answer 60

(T A C A C S +)

Question 61

(L D A P)

Answer 61

• Lightweight Directory Access Protocol

Question 62

A directory service is a database stored on a network Contains information about users and network devices Keeps track of network resources and user’s privileges to those resources

Answer 62

• Lightweight Directory Access Protocol (L D A P)

Question 63

Designed to run over T C P/I P A simpler subset of D A P Encodes protocol elements in simpler way than X.500

Answer 63

L D A P

Question 64

Weakness of L D A P

Answer 64

Can be subject to L D A P injection attacks Similar to S Q L injection attacks Occurs when user input is not properly filtered

Question 65

S A M L | E-COMMERSE

Answer 65

• Security Assertion Markup Language

Question 66

An Extensible Markup Language (X M L) standard that allows secure web domains to exchange user authentication and authorization data

Answer 66

S A M L | • Security Assertion Markup Language

Question 67

(C H A P)

Answer 67

Challenge-Handshake Authentication Protocol

Question 68

(M S - C H A P)

Answer 68

The Microsoft version of C H A P

Question 69

(P A P)

Answer 69

Password Authentication Protocol

Question 70

(E A P)

Answer 70

Extensible Authentication Protocol

Question 71

Defines the format of the messages Uses four types of packets: Request, response, success, and failure

Answer 71

E A P: