Chapter 11

Question 1

A user or a process functioning on behalf of the user that attempts to access an object is known as the

Answer 1

Subject

Question 2

The action that is taken by a subject over an object is called a(n):

Answer 2

Operation

Question 3

What is the name for a predefined framework that can be used for controlling access, and is embedded
into software and hardware?

Answer 3

Access Control Model

Question 4

What access control model below is considered to be the most restrictive access control model, and
involves assigning access controls to users strictly according to the custodian?

Answer 4

Mandatory Access Control

Question 5

In a UAC prompt, what color is used to indicate the lowest level of risk?

Answer 5

Gray

Question 6

Which access control model is considered to be the least restrictive?

Answer 6

Discretionary Access Control

Question 7

Select below the access control model that uses access based on a user’s job function within an
organization:

Answer 7

Role Based Access Control

Question 8

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

Answer 8

Rule Based Access Control

Question 9

When using Role Based Access Control (RBAC), permissions are assigned to:

Answer 9

Roles

Question 10

A vulnerable process that is divided between two or more individuals to prevent fraudulent
application of the process is known as:

Answer 10

Separation of duties

Question 11

A list that specifies which subjects are allowed to access an object and what operations they can
perform on it is referred to as a(n):

Answer 11

ACL

Question 12

User accounts that remain active after an employee has left an organization are referred to as being
what type of accounts?

Answer 12

Orphaned

Question 13

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an
account is no longer active?

Answer 13

Account expiration

Question 14

Although designed to support remote dial-in access to a corporate network, what service below is
commonly used with 802.1x port security for both wired and wireless LANs?

Answer 14

RADIUS

Question 15

During RADIUS authentication, what type of packet includes information such as identification of a
specific AP that is sending the packet and the username and password?

Answer 15

authentication request

Question 16

Select below the authentication system developed by the Massachusetts Institute of Technology
(MIT) to verify the identity of network users:

Answer 16

Kerberos

Question 17

What authentication service commonly used on UNIX devices involves communicating user
authentication information to a centralized server?

Answer 17

TACACS

Question 18

Entries within a Directory Information Base are arranged in a tree structure called the:

Answer 18

DIT

Question 19

The X.500 standard defines a protocol for a client application to access an X.500 directory known as
which of the following options?

Answer 19

DAP

Question 20

What kind of attack allows for the construction of LDAP statements based on user input statements,
which can then be used to access the LDAP database or modify the database’s information?

Answer 20

LDAP injection