IS3340 CHAPTER 3 Flashcards
(36 cards)
An individual entry in a CACL is called ___?
ACCESS CONTROL ENTRY (ACE)
The list of access permissions for an object is called ___?
ACCESS CONTROL LIST (ACL)
Shared database of domain users, groups, computers, resources, and other information, along with network functionality to centralize and standardize network management and interoperation is called ___?
ACTIVE DIRECTORY
This is an access control approach that systematically nests individual user accounts in groups that make securing objects more general. It is an acronym for Accounts, Global groups, Universal groups, domain Local groups, and Permissions and is usually called ___?
AGULP
The process of collecting performance information on what actions were taken and storing that information for later analysis is called ___?
AUDITING
GUIDS used in the Windows registry to identity objects and record many of their attributes is called ___?
CLASS IDENTIFIERS (CLSIDs)
An international set of standards for functionality and assurance of computer security. This is supersedes the Orange Book as well as other standards and is called ___?
COMMON CRITERIA
The list of access permissions for an object, based on access granted by the object’s owner is called ___?
DISCRETIONARY ACCESS CONTROL LIST (DACL)
A server computer designated to handle Active Directory requests is called ___?
DOMAIN CONTROLLER
Access permissions to an object calculated based on the requesting subjects’ identification and group memberships is called ___?
EFFECTIVE PERMISSIONS
Identification value that is unique across all environments to keep track of an object across many computers is called ___?
GLOBALLY UNIQUE ID (GUID)
A set of named entities that define a group of users for the purposes of defining permissions that apply to multiple users is called ___?
GROUP
A computer network authentication protocol which allows computers to communicate in a secure manner across an insecure network, and the default authentication protocol for Windows. This is called ___?
KERBEROS
A computer designated to authenticate users and, upon authentication, issue Kerberos keys that will allow subjects to access objects is called ___?
KEY DISTRIBUTION CENTER (KDC)
User accounts that are defined using the principle of least privilege is called ___?
LEAST PRIVILEGE USER ACCOUNTS (LUAs)
Authentication protocol used in legacy Windows systems to support secure communication across an insecure network is called ___?
NETWORK TRANSLATION LAN MANAGER (NTLM)
This was one of the early formal standards for computer security. The United States Department of Defense Trusted Computer System Evaluation Criteria (DOD-5200.28-STD) is commonly called ___.
ORANGE BOOK
The practice of providing a user or process with only the necessary access required to carry out a task is called ___?
PRINCIPLE OF LEAST PRIVILEGE
An encryption key that can be shared and does not need to be kept private is called ___?
PUBLIC KEY
A document used by Windows to store all SIDs associated with a process is called ___?
SECURITY ACCESS TOKEN (SAT)
Windows feature that prompts users for a confirmation before escalating to administrator privileges is called ___?
USER ACCOUNT CONTROL
- Which of the following best describes the principle of least privilege?
- Providing the necessary access to carry out any task
- Providing access to the least number of objects possible
- Providing just the necessary access required to carry out a task
- Providing access equivalent to the least populated security group
Providing just the necessary access required to carry out a task
- Which type of user account is designed using the principle of least privilege?
- LUA
- SID
- GUID
- KDC
LUA
- What structure does the Windows operating system use to store collections of permissions for objects?
- ACE
- DACL
- GUID
- CLSID
DACL
