Access Control Flashcards

1
Q

What are the four Access Control Models

A

MAC (Mandatory AC) , DAC (Discretionary AC), RBAC (Role Based AC), ABAC (Attribute Based AC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe DAC

A

Discretionary Access Control is when the Access control policy is determined by the owner of the network resource.

When a folder is created by a user, they have the ability to choose who has access to the folder and what level of access they have

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the requirements of DAC

A
  1. Every object in a system must have an owner.
  2. Each owner determines access rights and permissions for each object
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe MAC

A

Mandatory Access Control is a model where the computer system determines the access control for a user.

MAC relies on security labels being assigned to every user (subject) and every file/folder/device or network connection (object)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a security label

A

A label assigned to a subject or object within MAC. Data labels create trust levels for all subjects and objects, and to access objects you must meet the minimum or greater trust level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How is MAC implemented

A

MAC used rule based and lattice based access control methods. Both are sub access control methods that rely on data labels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe Rule Based AC

A

A SUB Access Control of MAC

Label based access control that defines whether access should be granted or denied to objects by comparing the object label and subject label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe LBAC

A

A SUB Access Control of MAC

Lattice based Access control - utilizes complex mathematics to create sets of object and subjects that define how they interact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

True or False: MAC is an industry best practice

A

False: MAC is only used in high security environments due to its complex and expensive configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or False: MAC is a feature in FreeBSD and SeLinux

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe ABAC

A

Attribute based access control is a dynamic and context aware model that uses if then statements with Tags and dynamic authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe Role Based Access Control RBAC

A

Role Based Access Control

Model that is controlled by the system but utilized a set of permissions instead of a single data label to define permission levels.

Access based on job function is RBAC

**Power User accounts are RBAC Permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the best practices for Access Control

A

Implicit deny
Least Privilege
Separation of Duties
Job Rotations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explain Implicit deny and least privilege

A

Implicit deny - All resources should be denied by default and only allowed when explicitly stated.

Least Privilege - Users should have he lowest level of access needed to perform their job function - similar to “Need to Know” aspect of MAC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Explain Separation of Duties and Job Rotations

A

Separation of duties
includes requiring more than one person to conduct sensitive tasks or operations.
An example would be an admin having both a Standard user account and a power user account.

Job Rotation -
Users are cycled between jobs to learn operations reduce burnout and boredom.

Helps employees learn new skills in addition to identifying theft and fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True of False: OUs in ADUC are made to mimic major departments within in an organization

A

True

17
Q

List the permissions in windows from highest privilege to lowest.

A

Full Control
Modify
Read + Execute
List folder contents
Read
Write

18
Q

True or False: AD Groups can contain Groups?

A

True

19
Q

What is a group

A

collection of users based on common attributes (generally work roles)

20
Q

In Linux, what are the levels of access, and what are the letters for Owners, groups, and all users?

A

Read, Write, Execute

Owners - U
Groups - G
All users - A or O

21
Q

What is CHMOD

A

Program in Linux used to change the permissions or rights of a file or folder using a short hand numbering system.

22
Q

What are the numbers associated to Read, Write and Execute for CHMOD and how are the numbers organized in the CLI

A

Read = 4
Write = 2
Execute = 1
No access = 0

in the CLI it is Owner (U), Group(G), All Users(A or O)

23
Q

What does CHMOD 777 grant

A

It grants full access to Owners, Groups, and all users

24
Q

What does CHMOD 760 grant

A

Grants full access to owners, Read\Write to the group, and no access to all users.

25
Q

What is privilege creep?

A

occurs when users get additional acess over time as they move through roles.

VIOALATES PLOP

26
Q

What is User Access Recertification?

A

Process when each user’s rights and permissions are re-validated to ensure they are accurate.

27
Q

When should User Access Re-certification occur?

A

When users are hired, fired, or promoted

28
Q

True or False Permission inheritance will occur by default when a new folder is creted

A

True, any permission added or removed from the parent folder will be passed on to any child folders

29
Q

What is permission propagation

A

Occurs when permissions are passed to a subfolder from the parent through inheritance

30
Q

True or False: Adding users discretionarily to a folder via NTFS security settings is a best practice

A

False, users should belong to groups that have access to folders via NTFS security tab settings.

31
Q

FYI

A

If you copy a folder, the permissions of that folder are inherited from the parent folder that it is copied to.

IF you MOVE a folder,. then permissions are retained form its original permissions.

32
Q

What is the minumum password length Comptia wants

A

8

33
Q

What are the password best practices

A
  1. Force PW resets from default password, when new accounts are created
  2. Require frequent password resets (90 days)
  3. Always change default or admin passwords
  4. Disable built-in Guest account in Windows.
  5. Use strong password policies.
34
Q

What is the UAC

A

User Account Controls - Security component inside of windows that keeps ever users account running inside of standard privilege until an action is performed that requires privilege escalation.

It can be disabled from the control panel