Ch.11 Flashcards
the mechanism used in an information system for granting or denying approval to use specific resources
access control
a set of permissions that is attached to an object
access control list (ACL)
a predefined framework found in hardware and software that a custodian can use for controlling access
access control model
the process of setting a user’s account to expire
account expiration
the least restrictive access control model in which the owner of the object has total control over it
Discretionary Access Control (DAC)
the second version of the Terminal Access Control Access Control System (TACACS) authentication service
Extended TACACS (XTACACS)
a Microsoft Windows feature that provides centralized management and configuration of computers and remote users
group policy
rejecting access unless a condition is explicitly met
implicit deny
the act of moving individuals from one job responsibility to another
job rotation
an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users
Kerberos
an attack constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content
LDAP injection attack
providing only the minimum amount of privileges necessary to perform a job or function
least privilege
a protocol for a client application to access in X.500 directory
lightweight directory access protocol (LDAP)
the most restrictive access control model, typically found in military settings in which security is of supreme importance
mandatory access control (MAC)
requiring that all employees take vacations
mandatory vacations
an industry standard authentication service with widespread support across nearly all vendors of networking equipment
remote authentication dial in user service (RADIUS)
a “real-world” access control model in which access is based on a user’s job function within the organization
role based access control (RBAC)
an access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian
rule based access control (RBAC)
transporting LDAP traffic over Secure Sockets Layer (SSL) or Transport Layer Security (TLS)
secure LDAP
an Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data
security assertion markup language (SAML)
the practice of requiring that processes should be divided between two or more individuals
separation of duties
the current version of the Terminal Access control Access Control System (TACACS) authentication service
TACACS+
an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+
Terminal Access Control Access Control System (TACACS)
limitation imposed as to when a user can log in to a system or access resources
time-of-day restriction
What is the current version of TACACS?
a. XTACACS
b. TACACS+
c. TACACS v5
d. TRACACS
B
How is the Security Assertion Markup Language (SAML) used?
a. It is a backup to a RADIUS server.
b. It allows secure web domains to exchange user authentication and authorization data
c. It is an authenticator in IEEE 802.1x
d. It is no longer used because it has been replaced by LDAP
B
A RADIUS authentication server requires that the _____ be authenticated first.
a. user
b. authentication server
c. supplicant
d. authenticator
c
Which of these is NOT part of the makeup of the AAA elements in network security?
a. auditing usage (accounting)
b. controlling access to network resources (authentication)
c. enforcing security policies (authorization)
d. determining user need (analyzing)
d
With the development of IEEE 802.1x port security, the ______ authentication server has seen even greater usage.
a. RADIUS
b. RDAP
c. DAP
d. AAA
A
Which authentication protocol is available as a free download that runs on Microsoft Windows, Apple mac OS X, and Linux?
a. LDAP
b. IEEE 802.1X
c. RADIUS
d. Kerberos
d
What is the version of the X.500 standard that runs on a personal computer over TCP/IP?
a. Lite RDAP
b. DAP
c. LDAP
d. IEEE X.501
c
A user entering her user name would correspond to the _____ action in access control.
a. authentication
b. identification
c. subject
d. resource
b
A process functioning on behalf of the user who attempts to access a file is known as a(n) _____.
a. object
b. operation check
c. subject
d. resource
c
What is the name given to the individual who periodically reviews security settings and maintains records of access by users?
a. supervisor
b. custodian
c. owner
d. manager
b
In the _____ model, the end-user cannot change any security settings.
a. Discretionary Access Control
b. Restricted Access Control
c. Security Access Control
d. Mandatory Access Control
d
Which statement about Rule Based Access control is true?
a. It requires that a custodian set all rules
b. It is considered obsolete today
c. It dynamically assigns roles to subjects based on rules
d. It is considered a real-world approach by linking a user’s job function with security
c
______ in access control means that if a condition is not explicitly met, then access is to be rejected.
a. Prevention control
b. Denial of duties
c. Implicit deny
d. Explicit rejection
c
Which of these is a set of permissions that is attached to an object?
a. access control list (ACL)
b. Subject Access Entity (SAE)
c. object modifier
d. security entry designator
a
Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory?
a. Windows Register Settings
b. AD Management Services (ADMS)
c. Group Policy
d. Resource Allocation Entities
c
A(n) _____ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.
a. RBASE plug-in attack
b. SQL/LDAP insert attack
c. modified Trojan attack
d. LDAP injection attack
d
What is the least restrictive access control model?
a. Discretionary Access Control (DAC)
b. Role Based Access Control (RBAC)
c. Mandatory Access Control (MAC)
d. Rule Based Access Control (RBAC)
a
The principle known as _____ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function.
a. mandatory limitations
b. enterprise security
c. least privileges
d. deny al
c
A(n) ______ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as a required.
a. owner
b. administrator
c. custodian
d. end-user
a
In the Mandatory Access Control (MAC) model, every subject and object _____.
a. must be given a number from 200-900
b. is restricted and cannot be accessed
c. is assigned a label
d. can be changed by the owner
c