Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Info Sec > 3) Authorization and Access Control > Flashcards

3) Authorization and Access Control Flashcards

1
Q

What dictates that we should only allow the bare minimum of access, as needed?

A

Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Restricting access to resources.

A

Denying access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Giving access to resources.

A

Allowing access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Partial access to resources.

A

Limiting access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

(T/F) Access controls are policies or procedures used to control access to certain items.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access to a resource is determined by the resource owner.

A

Discretionary access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access to a resource is determined based on job duties.

A

Role-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access to a resource is determined by a group or an individual who has the authority to decide who gets access.

A

Mandatory access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access to a resource is determined by the traits of a person, resource, or an environment.

A

Attribute-based access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is implemented through the use of access controls?

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Enables us to determine what users are allowed to do.

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

States that we should allow only the bare minimum access required in order for a given party to perform a needed functionality.

A

Principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The act of doing something that is prohibited by a law or rule.

A

Violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An act that grants a particular party access to a given resource.

A

Allowing access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

An act that prevents a party from accessing something, such as logging on to a machine or entering the lobby of our building after hours.

A

Denying access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An act that allows some access to a given resource, but only up to a certain point.

A

Limiting access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate.

A

Sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The ability to remove access from a resource at any point in time.

A

Revocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Typically built to a certain resource, these contain the identifiers of the party allowed to access the resource and what the party is allowed to do.

20
Q

ACLs are typically built to a certain resource, they contain the identifiers of the party allowed to access the resource and what the party is allowed to do. What does ACL stand for?

A

Access control list

21
Q

In this method of security, a person’s capabilities are oriented around the use of a token that controls their access.

A

Capability-based security

22
Q

A type of attack that is more common in systems that use ACLs rather than capabilities.

A

The confused deputy problem

23
Q

A type of attack that misuses the authority of the browser on the user’s computer.

24
Q

CSRF is a type of attack that misuses the authority of the browser on the user’s computer. What does CSRF stand for?

A

Cross-site request forgery

25
A client-side attack that takes advantage of some of the page rendering features that are available in newer browsers.
Clickjacking
26
Access is determined by the owner of the resource in question.
DAC
27
DAC is determined by the owner of the resource in question. What does DAC stand for?
Discretionary access control
28
Similar to MAC in that access controls are set by an authorized person responsible for doing so, rather than by the owner of the resource. In this model, access is based on the role the individual is performing.
RBAC
29
RBAC is based on the role the individual is performing. What does RBAC stand for?
Role-based access control
30
Access is based on attributes.
Attribute-based access control
31
Attributes of a particular individual.
Subject attributes
32
Attributes that relate to a particular resource.
Resource attributes
33
Attributes that relate to environmental conditions.
Environmental attributes
34
Designed to prevent conflicts of interest. Three main resource classes are considered in this model: objects, company groups, and conflict classes.
The Brewer and Nash model
35
A combination of DAC and MAC, primarily concerned with the confidentiality of the resource. Two security properties define how information can flow to and from the resource: the simple security property and the * property.
The Bell-LaPadula model
36
Primarily concerned with protecting the integrity of data, even at the expense of confidentiality. Two security rules: the simple integrity axiom and the * integrity axiom.
The Biba model
37
A method by which a person follows directly behind another person who authenticates to the physical access control measure, thus allowing the follower to gain access without authenticating.
Tailgating
38
Access controls that regulate movement into and out of buildings or facilities.
Physical access controls
39
An access control model that includes many tiers of security and is used extensively by military and government organizations and those that handle data of a very sensitive nature.
Multilevel access control model
40
Access is decided by a group or individual who has the authority to set access on resources.
MAC
41
MAC is decided by a group or individual who has the authority to set access on resources. What does MAC stand for?
Mandatory access control
42
A client-side attack that involves the attacker placing an invisible layer over something on a website that the user would normally click on, in order to execute a command differing from what the user thinks they are performing.
Clickjacking
43
What type of access control can prevent the confused deputy problem.
Capability-based security
44
Confidential Services Inc. is a military-support branch consisting of 1,400 computers with Internet access and 250 servers. All employees are required to have security clearances. What access control model would be most appropriate for this organization?
Mandatory access control
45
A user who creates a network share and sets permissions on that share is employing which model of access control?
Discretionary access control
46
A VPN connection that is set to time out after 24 hours is demonstrating which model of access control?
Attribute-based access control

Info Sec (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions