Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SEC+ > ch 12 > Flashcards

ch 12 Flashcards

1
Q

Granting or denying approval to use specific resources

A

• Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Consists of fencing, hardware door locks, and mantraps to limit contact with devices

A

Physical access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Consists of technology restrictions that limit users on computers from accessing data

A

Technical access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is it called when Presenting credentials

A

Identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what is it called when Checking the credentials

A

Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is it called when Granting permission to take action

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A record that is preserved of who accessed the network, what resources they accessed, and when they disconnected

A

Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A specific resource

A

Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A user or process functioning on behalf of a user

Example: computer user

A

Subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The action taken by the subject over an object

Example: deleting a file

A

Operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Standards that provide a predefined framework for hardware or software developers
Use the appropriate model to configure the necessary level of control

A

Access control model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

(D A C)

A

• Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Least restrictive model
Every object has an owner
Owners have total control over their objects
Owners can give permissions to other subjects over their objects

A

• Discretionary Access Control (D A C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

• (M A C)

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Most restrictive access control model User has no freedom to set any controls or distribute access to other subjects
Typically found in military settings

A

• (M A C) Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Every entity is an object and is assigned a classification label that represents the relative importance of the object

A

Labels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

a hierarchy based on the labels is used

A

Levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

grants permissions by matching object labels with subject labels

A

M A C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

(B L P)

A

Bell-LaPadula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

(M I C)

A

Mandatory Integrity Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

(U A C)

A

User Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  • a Windows feature that controls user access to resources
A

User Access Control (U A C)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

(RBAC)

A

Role Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Also called Non-Discretionary Access Control

Access permissions are based on user’s job function

A

(RBAC) Role Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

(RBAC)

A

Rule-Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Dynamically assigns roles to subjects based on a set of rules defined by a custodian
Each resource object contains access properties based on the rules

A

(RBAC) Rule-Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

When initially setting up an account, take these into consideration:

A 
Employee accounts
Creating location-based policies
Establishing standard naming conventions
Creating time-of-day restrictions
Enforcing least privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Employee On-boarding steps:

A 
Scheduling
Job duties
Socializing
Work space
Training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Employee offboarding Steps

A

Exit interview
Back up all employee files from local computer and server
Archive email
Forward email to a manager or coworker
Hide the name from the email address book

30
Q
  • user accounts that remain active after an employee has left
A

Orphaned accounts

31
Q

an account that has not been accessed for a lengthy period

A

Dormant account

32
Q

relies upon location-based policies

Or establishing the geographical boundaries of where a mobile device can and cannot be used

A

Geofencing

33
Q

Means that only the minimum amount of privileges necessary to perform a job or function should be allocated

A

• Least Privilege

34
Q

the process of periodically revalidating a user’s account, access control, and membership role

A

Recertification

35
Q

intended to examine the permissions that a user has been given to determine if each is still necessary

A

Permission auditing and review

36
Q

– an audit process that looks at the applications that the user is provided, how frequently they are used, and how they are being used

A

Usage auditing and review

37
Q

• Best Practices for Access Control

A

Separation of duties
Job rotation
Mandatory vacations
Clean desk policy

38
Q

the process should be divided between two or more individuals

A

• Separation of Duties

39
Q

Limits amount of time individuals are in a position to manipulate security configurations
Helps expose potential avenues for fraud

A

• Job Rotation

40
Q

Limits fraud, because perpetrator must be present daily to hide fraudulent actions

A

• Mandatory Vacations

41
Q

Designed to ensure that all confidential or sensitive materials are removed form a user’s workspace and secured when the items not in use

A

• Clean Desk Policy

42
Q

(A C L s)

A

Access control lists

43
Q

A set of permissions attached to an object

A

Access control lists (A C L s)

44
Q

Each entry in the A C L table is called

A

access control entry (ACE)

45
Q

(SID)

A

Security identifier

46
Q

for the user or group account or logon session

A

Security identifier (SID)

47
Q

Permits the configuration of multiple computers by setting a single policy for enforcement

A

Group-based access control

48
Q

(A D)

A

Active Directory

49
Q

A Microsoft Windows feature that provides centralized management and configuration of computers and remote users using

A

Active Directory (A D)

50
Q

(G P O s)

A

Group Policy Objects

51
Q

Usually used in enterprise environments

Settings stored in

A

Group Policy Objects (G P O s)

52
Q

(L G P)

A

Local Group Policy

53
Q

Has fewer options than a Group Policy

Used to configure settings for systems not part of A D

A

Local Group Policy (L G P)

54
Q

• R A D I U S

A

Remote Authentication Dial In User Service

55
Q

Developed in 1992
Became an industry standard
Originally designed for remote dial-in access to a corporate network

A

• R A D I U S

56
Q

Typically a device such as a wireless A P

Responsible for sending user credentials and connection parameters to the RADIUS server

A

R A D I U S client

57
Q

Authentication system developed at M I T
Uses encryption and authentication for security
Works like using a driver’s license to cash a check

A

• Kerberos (Tickets) (SSO)

58
Q

Symmetric based encryption

A

Originally DES now AES, 3DES
Uses the Diffe-Hellman key agreement
Requires mutual authentication

59
Q

(T A C A C S +)

A

• Terminal Access Control Access Control System

60
Q

Authentication service similar to R A D I U S
Commonly used on UNIX devices
Communicates by forwarding user authentication information to a centralized server

A

(T A C A C S +)

61
Q

(L D A P)

A

• Lightweight Directory Access Protocol

62
Q

A directory service is a database stored on a network
Contains information about users and network devices
Keeps track of network resources and user’s privileges to those resources

A

• Lightweight Directory Access Protocol (L D A P)

63
Q

Designed to run over T C P/I P
A simpler subset of D A P
Encodes protocol elements in simpler way than X.500

A

L D A P

64
Q

Weakness of L D A P

A

Can be subject to L D A P injection attacks
Similar to S Q L injection attacks
Occurs when user input is not properly filtered

65
Q

S A M L

E-COMMERSE

A

• Security Assertion Markup Language

66
Q

An Extensible Markup Language (X M L) standard that allows secure web domains to exchange user authentication and authorization data

A

S A M L

• Security Assertion Markup Language

67
Q

(C H A P)

A

Challenge-Handshake Authentication Protocol

68
Q

(M S - C H A P)

A

The Microsoft version of C H A P

69
Q

(P A P)

A

Password Authentication Protocol

70
Q

(E A P)

A

Extensible Authentication Protocol

71
Q

Defines the format of the messages
Uses four types of packets:
Request, response, success, and failure

A

E A P:

SEC+ (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions