Domain 3 Flashcards
(20 cards)
Who can modify security rules in a system governed by Mandatory Access Control (MAC)?
Trusted subjects designated as security administrators
In what type of environment does role-based access control work well?
High-staff turnover and similar access requirements
What term is used to describe the situation where someone inherits expanded permissions that are not appropriate for their role in Role-based Access Control (RBAC)?
Privilege creep (or permissions creep) is the term which refers to someone inheriting expanded permissions that are not appropriate for their role in RBAC.
What is the key feature of just-in-time privileged access management?
Role-based subsets of privileges
What is the purpose of Privileged Access Management (PAM)?
PAM limits administrative access by granting role-based, real-time privileges only when necessary, reducing constant exposure to high-level access.
Why are static administrative privileges a security risk?
Static privileges, such as constant Domain Admin access, can be exploited by threats like ransomware to cause widespread damage, as they remain active 24/7.
How does Just-in-Time (JIT) access in PAM improve security?
JIT access ensures elevated privileges are only active during specific tasks, reducing risks during routine operations, like checking email, which can be done with lower-level access.
What are privileged accounts, and who typically uses them?
Privileged accounts have elevated permissions beyond normal users and are used by roles such as system administrators, IT support, and security analysts for managing systems, data, and infrastructure.
What measures are used to mitigate risks associated with privileged accounts?
Measures include extensive logging, stringent access controls like MFA and just-in-time access, deeper trust verification, and more frequent auditing.
How can privileges be delegated securely for specific roles?
Privileges can be tailored to roles, such as granting Help Desk personnel the ability to reset passwords without broader domain access, with actions logged and audited for security.
What are the primary elements of organizational security monitoring?
Physical access controls: Regulate entry and exit.
Monitoring: Use of cameras, motion sensors, and other technologies.
Auditing and logging: Recording events to support compliance and investigations.
How are cameras and sensors used for perimeter security?
Cameras: Deterrence, detection, and forensic evidence.
Sensors: Technologies like infrared, microwave, and vibration sensors alert organizations to breaches or intrusions.
What is the purpose of logs in physical security, and how should they be managed?
Logs record events for compliance and forensic use. They should:
Be protected from tampering and unauthorized access. Follow retention policies based on legal and business requirements. Be reviewed regularly to detect anomalies and improve security.
Why is Discretionary Access Control (DAC) not considered very scalable?
It relies on the discretion of individual object owners
What is the two-person rule in the context of security strategy?
Two people must be in an area together
Why is it recommended to disable accounts for a period before deletion when an employee leaves the company?
To preserve the integrity of audit trails or files
Lakshmi presents a user ID and a password to a system to log on.
Which of the following characteristics must the password have?
Confidential
What is user provisioning in identity management?
Managing access to resources and information systems
What does behavioral biometrics measure?
User actions, such as voiceprints and keystroke dynamics
Which is a physical control that prevents “piggybacking” or “tailgating,” when an unauthorized person follows an authorized person into a controlled area?
Turnstile
