IS3230 CHAPTER 8 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 8 > Flashcards

Flashcards in IS3230 CHAPTER 8 Deck (39):
1

In window-based systems, a value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL) is called ___.

ACCESS MASK

2

This stores information about objects on the network and makes this information available for authorized systems administrators and users. It gives network users access to permitted resources anywhere on the network using a single sign-on process. Also provides system admin with an intuitive hierarchical view of the network and a single point of administration for all network objects is called ___.

ACTIVE DIRECTORY

3

A collection of binary data stored in a relational database is called ___.

BINARY LARGE OBJECTS (BLOBs)

4

Objects that inherit certain characteristics, such as access controls, from a parent object is called ___.

CHILD OBJECTS

5

The stored data may be in archival form on tape or optical disc, on a hard disk, or sitting in a system's buffers is called ___.

DATA AT REST (DAR)

6

Data as it travels from one place to another, such as over a network is called ___.

DATA IN MOTION (DIM)

7

Rights that are given to a user by the owner of an object is called ___.

DELEGATED ACCESS RIGHTS

8

A DAC system where rights are assigned by the owner of the resource in question is called ___.

DISCRETIONARY ACCESS CONTROL LIST (DACL)

9

Access rights that are actively given to a user by an object owner is called ___.

EXPLICITLY DELEGATED RIGHTS

10

The outermost boundary of an Active Directory service. This may contain several domains is called ___.

FOREST

11

Rights that are inherited or otherwise passively assigned is called ___.

IMPLICITLY DELEGATED RIGHTS

12

A combination of hardware and software used to analyze network traffic passing through a single point on the network. It is designed to analyze traffic patterns to find suspicious activity is called ___.

INTRUSION DETECTION

13

An application layer protocol for querying and modifying directory services running under Transmission Control Protocol/Internet Protocol (TCP/IP)

LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP)

14

A patch to the Linux kernel and a set of administrative tools that attempt to enhance security is called ___.

LINUX INTRUSION DETECTION SYSTEM (LIDS)

15

A service that provides information to all systems on a network is called ___.

NETWORK INFORMATION SERVICE (NIS)

16

A logical structure that allows you to organize users, computers, and other objects into separate units for administrative purposes is called ___.

ORGANIZATIONAL UNIT (OU)

17

An object from which other objects inherit various properties including access controls is called ___.

PARENT OBJECT

18

Software that monitors network ports to detect a port scan attack. These attacks are usually the precursor to a more serious attack is called ___.

PORT SCAN DETECTOR

19

A mechanism used to control the output of a specific process is called ___.

PROCESS CONTROL SYSTEM (PCS)

20

A database that stores data in tables and provides for relationships between various data is called ___.

RELATIONAL DATABASE (RDB)

21

The superuser in Linux and UNIX systems is called ___.

ROOT

22

A security mechanism for isolating programs running in a shared environment is called ___.

SANDBOX

23

A user with full rights on a system is called ___.

SUPER ADMINISTRATOR

24

A command that allows an administrator to run processes as root without actually logging in under the root account in a Linux or UNIX system is called ___.

SUPER USER DO (SUDO)

25

A system-created access control list that handles the information assurance aspect of access controls is called ___.

SYSTEM ACCESS CONTROL LIST (SACL)

26

A multi-processing, multi-user family of operating systems originally developed by Bell Laboratories and most often used for servers is called ___.

UNIX

27

1. Data residing in a system's buffers is considered data at rest.
TRUE OR FALSE

TRUE

28

2. Data in motion is at higher risk than data at rest.
TRUE OR FALSE

FALSE

29

3. A(n) ___ is a list or collection of access control entities.

ACL

30

4. The three primary ACEs are access-denied, access-allowed, and ___.

System-audit

31

5. ___ in a database are an example of an application with internal access controls.

Binary large objects, or BLOBs

32

6. Which operating system(s) implements the most granular access controls?
1. Linux
2. UNIX
3. Windows
4. 1 and 2

Windows

33

7. In a Windows environment, what is an organizational unit?
1. A logical structure for organizing users, groups, and computers
2. A business unit
3. A group of related data
4. A logical structure for organizing firewall rules

A logical structure for organizing users, groups, and computers

34

8. A Window domain administrator has full control over all the computers in the domain.
TRUE OR FALSE

TRUE

35

9. A Windows domain administrator is the top-level authority in a Windows environment.
TRUE OR FALSE

FALSE

36

10. In which operating systems is rwxr-xr-x an example of rights notation?

UNIX and Linux

37

11. What does the sudo command in UNIX allow systems administrators to do?
1. Log in as root
2. Run any process as if they were logged in as another user
3. Disable the root user
4. Disable a user account

Run any process as if they were logged in as another user

38

12. The four rights on an NIS+ object are Read, Modify, Create, and ___.

Destroy

39

13. Why should an organization automate user creation? (Select two)
1. To save time and effort for the IT staff
2. To allow individuals to manage their own user accounts
3. To accurately add, modify, or remove access rights
4. To minimize the need for a full IT staff

To save time and effort for the IT staff
To accurately add, modify, or remove access rights