3 - Access Control Flashcards
- Authorization is often characterized by?a. An audit logb. A biometricc. A security label or classificationd. A challenge response token
C: Authorization is often characterized by a security label or classification.
- Which of the following can be used as either an identification or authentication factors?a. Employee codeb. Usernamec. Challenge-response tokend. Biometric
D: A biometric can be used as either an identification or an authentication factor.
- A fingerprint is an example of what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
C: A fingerprint is an example of a Type 3 authentication factor - something you are.
- Something you have is what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
B: Something you have is a Type 2 authentication factor.
- What are the three fundamental principles of security?a. Confidentiality, Integrity, Availabilityb. Authentication, Authorization, Accountabilityc. Accessibility, Integrity, Secrecyd. Privacy, Control, Prevention
A: The three fundamental principles of security are Confidentiality, Integrity, and Availability.
- What is the process of verifying the identify of a subject?a. Authorizationb. Authenticationc. Auditingd. Accountability
B: The process of identify verification is authentication.
- The most secure form of password is which of the following?a. Static passwordb. Dynamic passwordc. One time passwordd. Cognitive password
C: A one time password is the most secure type of password, since it is used only once then it becomes invalid. One-time passwords are a form of dynamic passwords. However, not all types of dynamic passwords are as secure as a one-time password.
- The False Acceptance Rate (Type II) error of a biometric device indicates what?a. The rate at which authorized users are not granted accessb. The rate at which authorized users are granted accessc. The rate at which unauthorized users are not granted accessd. The rate at which unauthorized users are granted access
D: A False Acceptance Rate (a Type II) error of a biometric device indicates the rate at which unauthorized users are granted access.
- A secure access control mechanism will default to?a. No accessb. Minimal accessc. Least privileged. Need to know access
A: A secure access control mechanism will default to no access.
- What is the primary disadvantage of single sign on?a. Password management and administrationb. Users can roam the network without further interactive authenticationc. User work task prohibitived. Length of time required to perform logon
B: The primary disadvantage of single sign on is that users can roam the network without further interactive authentication, less security is involved.
- A Type 1 authentication factor is also known as?a. Something you knowb. Something you havec. Something you ared. Something you do
A: A Type 1 authentication factor is something you know.
- Auditing is dependant upon all but which of the following?a. Identificationb. Accountabilityc. Authorizationd. Authentication
B: Auditing is not dependant upon accountability. In fact, accountability is dependant upon auditing. Accountability is the result of the mechanisms of identification, authentication, authorization, access control, and auditing which is used to hold people responsible for their online activities.
- When two types of authentication are employed to provide improved security, this is known as?a. Challenge-response authenticationb. One-time authenticationc. Single sign-ond. Two-factor authentication
D: The use of two forms of authentication is known as two-factor authentication.
- What type of password offers the best security possible for password-based authentication?a. One-time passwordsb. Static passwordsc. Dynamic passwordsd. Passphrases
A: One-time passwords offer the best security for password based authentication.
- Authorization can be illustrated by all but which of the following?a. need to knowb. access control matrixc. security labeld. password
D: A password is an example of an authentication factor, not an authorization method.
- Which of the following is not an example of a logical access control?a. Perimeter pad locked gatesb. Restricted database interfacesc. Forced logons to the operation systemd. Centralized remote access authentication services
A: Perimeter pad locked gates is an example of physical access control.
- Which of the following is not typically considered an identification factor?a. account numberb. passwordc. biometric featured. employee identification
B: A password is usually considered an authentication factor.
- Which of the following is usually not labeled as an entity that serves as a subject and an object?a. userb. databasec. programd. computers
A: Users are usually labeled only as subjects.
- Which of the follow is the act of providing the who of a subject and is the first step in establishing accountability?a. Authorizationb. Identificationc. Auditingd. Non-repudiation
B: Identification establishes the who of a subject and is the first step in establishing accountability.
- Which of the following represents the activity of verifying the claimed identity of a subject?a. authorizationb. accountabilityc. authenticationd. availability
C: Authentication represents the activity of verifying the claimed identity of a subject.
- A password is an example of what type of authentication factor?a. Type 1b. Type 2c. Type 3d. Type 4
A: A password is an example of a Type 1: something you know authentication factor.
- A Type 3 authentication factor is?a. Something you haveb. Something you arec. Something you knowd. Something you provide
B: A fingerprint is an example of a Type 3: something you are authentication factor.
- Which form of password may require unique or different interactions or responses from the subject each time they attempt to logon?a. static passwordb. dynamic passwordc. cognitive passwordd. passphrase
C: A cognitive password is a collection of question and answers that only the subject will know. A random Selection from the databank of available queries will be employed at each logon.
- Which of the following is also a dynamic password?a. passphraseb. PINc. smart cardd. one time password
D: A one time password is a form of dynamic password.
- Biometrics can be used directly for all but which of the following purposes?a. Identificationb. Physical access controlc. Accountabilityd. Authentication
C: Biometrics cannot be used directly to provide for accountability. Biometrics are used indirectly for accountability if they are employed as a means of identification or authentication.
- When used as an ____________ method, biometrics function as a one to one function.a. identificationb. authorizationc. impersonationd. authentication
D: When used as an authentication method, biometrics function as a one to one function.
- A Type I biometric error indicates what?a. The rate at which authorized users are not granted accessb. The rate at which authorized users are granted accessc. The rate at which unauthorized users are not granted accessd. The rate at which unauthorized users are granted access
A: A False Rejection Rate (Type I) error of a biometric device indicates the rate at which authorized users are not granted access.
- The primary use of the crossover error rate, when comparing devices, is what?a. sensitivity adjustmentb. comparison of similar biometric devicesc. configuration controld. reducing enrollment time
B: The primary use of the crossover error rate is to compare similar biometric devices.
- Which of the following is converted to a virtual password before being sent to the authentication server for processing?a. passphraseb. one time passwordc. fingerprint scand. cognitive password
A: A passphrase is converted to a virtual password, usually encrypted, before being sent to the authentication server for processing.
- An example of a Type 3 authentication factor is?a. Passwordb. Typing a passphrasec. Fingerprintd. Smart card
C: A fingerprint is an example of a Type 3: something you are authentication factor.
- What type of authentication token requires the subject to authenticate themselves to the token, then the token authenticates to the system?a. synchronous dynamic password tokenb. static password tokenc. asynchronous dynamic password tokend. challenge-response token
B: A static password token requires the subject to authenticate themselves to the token, then the token authenticates to the system.
- What type of access control is based on job description?a. group basedb. role basedc. transaction basedd. discretionary based
B: Role based access controls are based on job descriptions.
- Which of the following is the odd element in this set of items?a. need to knowb. access based on work tasksc. data classificationd. least privilege
C: Data classification is different from the others. Access under data classification controls is based on defined strata of confidentiality for both objects (i.e. assets) and subjects.
- Which of the following is a disadvantage of single sign on from the perspective of security?a. simplified password management and administrationb. less time required overall to perform logon and authenticationc. stronger passwords are often usedd. users can roam the network without additional authentication
D: Being able to roam the network without additional authentication is a disadvantage of single sign on.
- Which of the following is not an example of a single sign on technology?a. TACACSb. Kerberosc. SESAMEd. KryptoKnight
A: TACACS is an example of a centralized remote access authentication technology, not single sign on.
- What is the maximum enrollment time required at which a biometric device is generally considered acceptable to most users?a. 30 secondsb. 1 minutesc. 2 minutesd. 10 minutes
C: A maximum of 2 minutes for enrollment will ensure that the majority of users will accept the use of biometric devices for used in a secure environment.
- At what rate of subject processing is a biometric device considered by users to be acceptable?a. 50 subjects per minuteb. 2 subjects per minutec. 5 subjects per minuted. 10 subjects per minute
D: Any less than 10 subjects per minute is generally considered unacceptable as a rate of throughput processing.
- ______________ is what allows you to do what you are requesting from the system based on access criteria.a. authorizationb. identificationc. authenticationd. auditing
A: Authorization is what allows you to do what you are requesting from the system based on access criteria.
- What form of access control is not centrally managed?a. Discretionaryb. Mandatoryc. Nondiscretionaryd. Role based
A: Discretionary access control is not centrally managed.
- The most useful form of access control for environments with a high rate of personnel turnover is?a. Interpretiveb. Nondiscretionaryc. Mandatoryd. Discretionary
B: Role based or nondiscretionary access control is the most useful form of access control for environments with a high rate of personnel turnover.
- Which of the following is not considered a technique for controlling access?a. encryption b. rule base accessc. restricted interfaced. capability table
A: Encryption is not used as an access control technique, rather it is used to prevent disclosure.
- Role based access control is also known as?a. Discretionaryb. Mandatoryc. Nondiscretionaryd. Recursive
C: Role based access control is also known as nondiscretionary.
- ACLs are the most common implementation of what form of access control?a. Role basedb. Mandatoryc. Nondiscretionaryd. Discretionary
D: ACLs are the most common implementation of discretionary access control.
- What form of single sign on technology employs symmetric key cryptography and DES encryption to provide end-to-end security?a. Scriptingb. Kerberosc. SESAMEd. KryptoKnight
B: Kerberos employs symmetric key cryptography and DES encryption to provide end-to-end security.
- Which form of TACACS (Terminal Access Controller Access Control System) uses tokens for two factor authentication and supports dynamic password authentication?a. TACACS (Terminal Access Controller Access Control System)b. Dual-TACACS (Dual Terminal Access Controller Access Control System)c. XTACACS (Extended Terminal Access Controller Access Control System)d. TACACS+ (Terminal Access Controller Access Control System Plus)
D: TACACS+ (Terminal Access Controller Access Control System Plus) uses tokens for two factor authentication and supports dynamic password authentication.
- Which of the following is not an administrative access control method?a. work area separationb. policies and proceduresc. personnel controlsd. supervisory structure
A: Work area separation is a physical access control method.
- Which of the following is not a form of a centralized access control mechanism?a. RADIUS (Remote Authentication Dial-in User Service)b. Extended TACACS (XTACACS)c. Security domainsd. TACACS (Terminal Access Controller Access Control System)
C: Security domains are decentralized access control mechanisms. Security domains are based on a realm of trust rather than a centralized or single trusted system.