Access Control Flashcards
Access control methodology that only uses access control lists to maintain subject permissions for objects:
Discretionary access control
What is the least reliable value for logical access control to use?
Physical location
What is best paired with a password to provide improved security?
A biometric factor
What AC methodology only uses ACL’s to maintain subject permissions for subjects
Discretionary access control
What is the access control method where the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object.
Mandatory Access Control
What is best paired with a password to provide more secure authentication?
A biometric factor
What would be the least reliable value for a logical access control to use?
Physical location
Why would someone be opposed to Biometric Authentication?
Biometric authentication can reveal PII and medical information about a person (especially when using the iris and retinal patterns)
What is the CIA triad?
Confidentiality, Integrity, Availability
What function of the CIA triad does Hashing provide?
Integrity
What function of the CIA triad does Cryptography provide?
Confidentiality
What function of the CIA triad does Authentication provide?
Availability (to only the right people, ideally)
What authentication service grants access through tickets?
Kerberos
What AC model enforces permissions based on data labels?
Mandatory Access Control
What authentication service uses the X.500 spec?
Lightweight Directory Access Protocol (LDAP)
What are the three most effective authentication factors?
Something you are, Something you know, Something you have
What is Role Based Access Control?
A list of user roles matched with the levels of access they require to perform their function (often in a matrix)
What does RADIUS stand for?
Remote Authentication Dial-In User Service
What is Diameter?
A more powerful version of RADIUS (not backwards compatible) with much greater capability notably the use of Extensible Authentication Protocol.
What is Role Based Access Control?
A list of rules defining user roles and the levels of access they require to perform their function
What is need-to-know ideology?
If a person has sufficient privilege to view information but does not require that information for the execution of their duties, then they do not get access.
List three Type 2 authentication inputs
Common Access Card (CAC), RFID Card, Token
What is the benefit of De-centralized Access control?
Policy is easily adjusted to local laws and requirements
What is summary of the Bell-La Padula Security model?
3 Rules
- Simple: read access no read above your level
- *: write access up, not down
- strong *: no read/write
What complexity constitutes a “strong” password?
8 characters minimum, with at least one of uppercase, lowercase, numbers and special characters.
What principle should prevent any one person from performing multiple job functions that may allow them to commit fraud?
Separation of duties
What type of password must be regenerated each time a user logs in?
One-time password
What constitutes a strong password?
8 characters minimum, with at least one of uppercase, lowercase, numbers and special characters.
If a contractor has an account (e-mail or login) within your organization, when should her access expire?
The day her contract expires.
Why should an organization require administrators to disable user accounts of ex-employees?
To ensure that user keys are retained.
What it is it an example of if you are required to use a thumbprint scan and PIN to gain access to a system?
Dual-factor authentication
What type of authentication stores credentials in a central database and allows them to access multiple systems after logging on only one time?
Single Sign-on
Who is ultimately responsible for the Information Security of an organization?
The data owner (CEO, Executive Director, etc.)
