Domain 1: Access Controls

Question 1

Physical Controls

Answer 1

Doors, Locks, Fences, etc

Question 2

Logical Controls

Answer 2

ACL’s, IDS, FW, routers, Virus protection, activity logging

Question 3

Administrative controls

Answer 3

Baners, Signs, policies, Procedures, directives, rules & regs, documents or log-on screens

Question 4

The types of controls

Answer 4

Physical, Logical , Administrative

Question 5

Physical Assets

Answer 5

Tangible things such as the building, property, business, equipment, and people

Question 6

Digital assets

Answer 6

Generally consist of the data contained or stored on the IT systems

Question 7

Information assets

Answer 7

The content information represented by the digital data

Question 8

Most important asset to protect

Answer 8

People

Question 9

Assurance procedures

Answer 9

Procedures that ensure that the access control mechanisms correctly implement the security policy

Question 10

Subject

Answer 10

User or entity taking the action or accessing a resource such as a database. Always active. May change roles

Question 11

Object

Answer 11

Item or resource being acted upon by a subject. Always passive. May change roles.

Question 12

Finger scan technology

Answer 12

Only the features extracted from the fingerprint are stored

Question 13

Fingerprint technology

Answer 13

Entire fingerprints are stored

Question 14

False Rejection Rate (FRR)

Answer 14

Type 1 Error. Percentage of time a biometric system rejects a known good user, thus not allowing access

Question 15

False Acceptance Rate (FAR)

Answer 15

Type II Error. Percentage of time a biometric system falsely identifies as good an unknown user, thus allowing access.

Question 16

Crossover Error Rate (CER)

Answer 16

CER is where the false rejection rate and false acceptance rate cross over. Lower CER means better biometric authentication system.

Question 17

Signature Dynamics

Answer 17

Biometric factor of handwriting analysis

Question 18

Voiceprint

Answer 18

Stored voice in the biometric system

Question 19

Keystroke Dynamics (aka Keystroke pattern recognition)

Answer 19

Recognizes how an individual types on a keyboard. Measures flight time (time between keystrokes) and dwell (length of time a key is pressed).

Question 20

Dual Control

Answer 20

Two individuals must work together to gain access. aka Split Knowledge, Separation of Duties.

Question 21

Reverse authentication

Answer 21

User authenticates to the system, then they also have knowledge the system is in fact genuine. Use chosen images or personal security questions.

Question 22

Account Callback

Answer 22

System texts or emails person back with a passcode when they try to authenticate.

Question 23

Session-Level Access Control

Answer 23

Restrict or Allow actions during a specific communication session. Login Notification, User Inactivity, Multiple logons, Origination location, Session time limit, Continuous Auth (IPsec)

Question 24

View-based access control

Answer 24

Security control mechanism that restricts the users actions or displays only the data available to them based on their rights.

Question 25

Data-level access control

Answer 25

Deals with protecting data in any of its three states. In process. In transit. At rest.

Question 26

Content-based or Contextual Access Control

Answer 26

Based on the form or content of the actual data. Data content rules.

Question 27

Physical Data and Printed Media Access Control

Answer 27

Handling and storage access procedures of physical devices

Question 28

Assurance of accountability

Answer 28

Accountability is the result of a strong identification and authentication system. (Prove they are who they say they are)

Question 29

Trusted Domain

Answer 29

Contains the user requesting access to a resource in another domain

Question 30

Trusting Domain

Answer 30

aka Resource Domain. Containst the resource to which access is desired.

Question 31

One way trust

Answer 31

Users in one domain may access resources in the second domain, but not vice-versa.

Question 32

Two-way trust

Answer 32

Both domains trust each other. All AD domains are automatically two way trust.

Question 33

Transitive trusts

Answer 33

A trusts B. B trusts C. So A trusts C.

Question 34

Cloud Vendor Reliability

Answer 34

Financials and ability to provide safeguards and security controls

Question 35

Data Clearing and Cleansing

Answer 35

Refers to data that may remain on cloud storage after a cloud size is reduced. What happens to data that remains after size reduction?

Question 36

Cloud client encroachment

Answer 36

If one client has legal issues, it could impact other clients. If one client is attacked, the attacker might access other clients on the same system.

Question 37

Included by exception

Answer 37

Whitelist, explicitly allowed.

Question 38

Capability table

Answer 38

Access control list

Question 39

False positive (re: Authentication)

Answer 39

Unknown user has been identified and authenticated and allowed access to a system.

Question 40

False negative (re: Authentication)

Answer 40

Known good user is denied access to the system

Question 41

OPIE

Answer 41

One time password in everything

Question 42

System-Level Access Control

Answer 42

Value of the system. Method of accessing the information.

Question 43

Capabilities List (MAC)

Answer 43

Security clearances. Labels applied to subjects

Question 44

Security classifications

Answer 44

aka Information classifications. Labels assigned to objects

Question 45

Special Access Programs (SAPs)

Answer 45

Control access, distribution, and protection to particularly sensitive info (top secret military info).

Question 46

SCI

Answer 46

200-300 SCI compartments. Each compartment has a code word. Intelligence info.

Question 47

MAC TCB (Trusted Computer Base) components

Answer 47

Reference monitor, Security Kernel, Audit File

Question 48

Reference Monitor

Answer 48

Compares subject and object security labels prior to allowing access

Question 49

Bell-LaPadulla Model

Answer 49

No read up, no write down

Question 50

Biba Model

Answer 50

Information integrity (of objects). Seeks to not increase the integrity of info at a lower level. May not read at a lower level and write to a higher level (No read down, No write up)

Question 51

Clark-Wilson Model

Answer 51

Concerned with object integrity and separation of duties.

Question 52

Brewer-Nash Model (Chinese Wall)

Answer 52

Prohibits conflicts of interest. Objects are classified in a manner that indicates conflicts of interest.