IS3230 CHAPTER 1 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 1 > Flashcards

Flashcards in IS3230 CHAPTER 1 Deck (31):
1

The ability of a subject and an object to interact is called ___.

ACCESS

2

The process or mechanism of granting or denying use of a resource: typically applied to users or generic network traffic is called ___.

ACCESS CONTROL

3

The process of confirming the identity of a user. Also, ensuring that a sender and recipient are who they say they are is called ___.

AUTHENTICATION

4

A way of confirming the identity of a subject. The three ___ are "something you know"; "something you have"; and "something you are".

AUTHENTICATION FACTOR

5

The decision to allow or deny a subject access to an object. After a user has been authenticated, for example, authorization determines if the user has the rights to perform specific actions on the network or system. This is known as ___.

AUTHORIZATION

6

An authentication system based on physical characteristics or behavioral tendencies of an individual is called ___.

BIOMETRICS

7

The process by which a subject or object identifies itself to the access control system. In the case of users, ____ uniquely distinguishes an individual. In most cases it needs to be proved prior to authentication the user.

IDENTIFICATION

8

1. Anything that is passively acted upon by a subject or
2. The resource to which a subject desires access. Common ___ are data, networks, and printers.

OBJECT

9

A phrase or sentence used in place of a password is a ___ and is often used as mnemonic devices to help remember complex passwords.

PASSPHRASE

10

A secret combination of characters known only to the subject is a ___.

PASSWORD

11

The process of ensuring that no one without the proper credentials can physically access resources is called ___.

PHYSICAL SECURITY

12

1. A document that describes specific requirements or rules that must be met in a given area.
2. A formal statement of management intent regarding the business practices of an organization. A ___ is binding upon all affected individuals.

POLICIES

13

A defined series of steps or actions for achieving an objective or result. Example, a defined workflow used to enforce policies is considered a ___ or a set of ___. This is often written to ensure that tasks are completed in the same way each time, preventing unexpected problems.

PROCEDURES

14

Something only the subject and the authentication system know. It can be a piece of data that is known only to the parties that communicating with one another. A ___ is used for encryption.

SHARED SECRET

15

The user, network, system, process or application requesting access to a resource is called ___.

SUBJECT

16

Something the subject has that no one else does. Smart cards and challenge-response devices are comely used ___.

TOKEN

17

A technical method or control used to complete a task or achieve a goal, such as enforcing policies is called ___.

TOOLS

18

1. The three principal components of access control are ___, subjects, and objects.

Policies

19

2. The subject is always a human user.
TRUE OR FALSE

FALSE

20

3. Which of the following describes technical methods used to enforce policies?
1. Access control
2. Procedures
3. Tools
4. Physical security
5. Authentication

Tools

21

4. An organization typically uses procedures and tools together to enforce policies.
TRUE OR FALSE

TRUE

22

5. The three states of a subject in an access control scenario are authorized, unauthorized, and ___.

Unknown

23

6. Physical security is typically the responsibility of the IT department.
TRUE OR FALSE

FALSE

24

7. What is the first step in the access control process?
1. Logging in
2. Authorization
3. Authentication
4. Identification
5. Access

Identification

25

8. Which of the following is an example of the "something you know" authentication factor?
1. Username
2. Token
3. Password
4. Retinal Scan
5. Access control list

Password

26

9. Which of the following is an example of "something you have"?
1. Username
2. Token
3. Password
4. Retinal Scan
5. Access control list

Token

27

10. Which of the following is an example of "something you are?"
1. Username
2. Token
3. Password
4. Retinal Scan
5. Access control list

Retinal scan

28

11. Authorization rules can be as simple or complex as business needs require.
TRUE OR FALSE

TRUE

29

12. The four basic access levels are Author, Read only, No access, and___.

Administrative

30

13. Assigning group access controls eliminates individual accountability.
TRUE OR FALSE

FALSE

31

14. The two types of biometric authentication methods are ___ and physical.

Behavioral