Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Info Sec > 3) Authorization and Access Control > Flashcards

3) Authorization and Access Control Flashcards

1
Q

What dictates that we should only allow the bare minimum of access, as needed?

A

Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Restricting access to resources.

A

Denying access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Giving access to resources.

A

Allowing access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Partial access to resources.

A

Limiting access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(T/F) Access controls are policies or procedures used to control access to certain items.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access to a resource is determined by the resource owner.

A

Discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access to a resource is determined based on job duties.

A

Role-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access to a resource is determined by a group or an individual who has the authority to decide who gets access.

A

Mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access to a resource is determined by the traits of a person, resource, or an environment.

A

Attribute-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is implemented through the use of access controls?

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Enables us to determine what users are allowed to do.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

States that we should allow only the bare minimum access required in order for a given party to perform a needed functionality.

A

Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The act of doing something that is prohibited by a law or rule.

A

Violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An act that grants a particular party access to a given resource.

A

Allowing access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An act that prevents a party from accessing something, such as logging on to a machine or entering the lobby of our building after hours.

A

Denying access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An act that allows some access to a given resource, but only up to a certain point.

A

Limiting access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate.

A

Sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The ability to remove access from a resource at any point in time.

A

Revocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Typically built to a certain resource, these contain the identifiers of the party allowed to access the resource and what the party is allowed to do.

A

ACLs

20
Q

ACLs are typically built to a certain resource, they contain the identifiers of the party allowed to access the resource and what the party is allowed to do. What does ACL stand for?

A

Access control list

21
Q

In this method of security, a person’s capabilities are oriented around the use of a token that controls their access.

A

Capability-based security

22
Q

A type of attack that is more common in systems that use ACLs rather than capabilities.

A

The confused deputy problem

23
Q

A type of attack that misuses the authority of the browser on the user’s computer.

A

CSRF

24
Q

CSRF is a type of attack that misuses the authority of the browser on the user’s computer. What does CSRF stand for?

A

Cross-site request forgery

25
Q

A client-side attack that takes advantage of some of the page rendering features that are available in newer browsers.

A

Clickjacking

26
Q

Access is determined by the owner of the resource in question.

A

DAC

27
Q

DAC is determined by the owner of the resource in question. What does DAC stand for?

A

Discretionary access control

28
Q

Similar to MAC in that access controls are set by an authorized person responsible for doing so, rather than by the owner of the resource. In this model, access is based on the role the individual is performing.

A

RBAC

29
Q

RBAC is based on the role the individual is performing. What does RBAC stand for?

A

Role-based access control

30
Q

Access is based on attributes.

A

Attribute-based access control

31
Q

Attributes of a particular individual.

A

Subject attributes

32
Q

Attributes that relate to a particular resource.

A

Resource attributes

33
Q

Attributes that relate to environmental conditions.

A

Environmental attributes

34
Q

Designed to prevent conflicts of interest. Three main resource classes are considered in this model: objects, company groups, and conflict classes.

A

The Brewer and Nash model

35
Q

A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two security properties define how information can flow to and from the resource: the simple security property and the * property.

A

The Bell-LaPadula model

36
Q

Primarily concerned with protecting the integrity of data, even at the expense of confidentiality. Two security rules: the simple integrity axiom and the * integrity axiom.

A

The Biba model

37
Q

A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating.

A

Tailgating

38
Q

Access controls that regulate movement into and out of buildings or facilities.

A

Physical access controls

39
Q

An access control model that includes many tiers of security and is used extensively by military and government organizations and those that handle data of a very sensitive nature.

A

Multilevel access control model

40
Q

Access is decided by a group or individual who has the authority to set access on resources.

A

MAC

41
Q

MAC is decided by a group or individual who has the authority to set access on resources. What does MAC stand for?

A

Mandatory access control

42
Q

A client-side attack that involves the attacker placing an invisible layer over something on a website that the user would normally click on, in order to execute a command differing from what the user thinks they are performing.

A

Clickjacking

43
Q

What type of access control can prevent the confused deputy problem.

A

Capability-based security

44
Q

Confidential Services Inc. is a military-support branch consisting of 1,400 computers with Internet access and 250 servers. All employees are required to have security clearances. What access control model would be most appropriate for this organization?

A

Mandatory access control

45
Q

A user who creates a network share and sets permissions on that share is employing which model of access control?

A

Discretionary access control

46
Q

A VPN connection that is set to time out after 24 hours is demonstrating which model of access control?

A

Attribute-based access control

Info Sec (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions