Ch.11

Question 1

the mechanism used in an information system for granting or denying approval to use specific resources

Answer 1

access control

Question 2

a set of permissions that is attached to an object

Answer 2

access control list (ACL)

Question 3

a predefined framework found in hardware and software that a custodian can use for controlling access

Answer 3

access control model

Question 4

the process of setting a user’s account to expire

Answer 4

account expiration

Question 5

the least restrictive access control model in which the owner of the object has total control over it

Answer 5

Discretionary Access Control (DAC)

Question 6

the second version of the Terminal Access Control Access Control System (TACACS) authentication service

Answer 6

Extended TACACS (XTACACS)

Question 7

a Microsoft Windows feature that provides centralized management and configuration of computers and remote users

Answer 7

group policy

Question 8

rejecting access unless a condition is explicitly met

Answer 8

implicit deny

Question 9

the act of moving individuals from one job responsibility to another

Answer 9

job rotation

Question 10

an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users

Answer 10

Kerberos

Question 11

an attack constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content

Answer 11

LDAP injection attack

Question 12

providing only the minimum amount of privileges necessary to perform a job or function

Answer 12

least privilege

Question 13

a protocol for a client application to access in X.500 directory

Answer 13

lightweight directory access protocol (LDAP)

Question 14

the most restrictive access control model, typically found in military settings in which security is of supreme importance

Answer 14

mandatory access control (MAC)

Question 15

requiring that all employees take vacations

Answer 15

mandatory vacations

Question 16

an industry standard authentication service with widespread support across nearly all vendors of networking equipment

Answer 16

remote authentication dial in user service (RADIUS)

Question 17

a “real-world” access control model in which access is based on a user’s job function within the organization

Answer 17

role based access control (RBAC)

Question 18

an access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian

Answer 18

rule based access control (RBAC)

Question 19

transporting LDAP traffic over Secure Sockets Layer (SSL) or Transport Layer Security (TLS)

Answer 19

secure LDAP

Question 20

an Extensible Markup Language (XML) standard that allows secure web domains to exchange user authentication and authorization data

Answer 20

security assertion markup language (SAML)

Question 21

the practice of requiring that processes should be divided between two or more individuals

Answer 21

separation of duties

Question 22

the current version of the Terminal Access control Access Control System (TACACS) authentication service

Answer 22

TACACS+

Question 23

an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. The current version is TACACS+

Answer 23

Terminal Access Control Access Control System (TACACS)

Question 24

limitation imposed as to when a user can log in to a system or access resources

Answer 24

time-of-day restriction

Question 25

What is the current version of TACACS?

a. XTACACS
b. TACACS+
c. TACACS v5
d. TRACACS

Answer 25

B

Question 26

How is the Security Assertion Markup Language (SAML) used?

a. It is a backup to a RADIUS server.
b. It allows secure web domains to exchange user authentication and authorization data
c. It is an authenticator in IEEE 802.1x
d. It is no longer used because it has been replaced by LDAP

Answer 26

B

Question 27

A RADIUS authentication server requires that the _____ be authenticated first.

a. user
b. authentication server
c. supplicant
d. authenticator

Answer 27

c

Question 28

Which of these is NOT part of the makeup of the AAA elements in network security?

a. auditing usage (accounting)
b. controlling access to network resources (authentication)
c. enforcing security policies (authorization)
d. determining user need (analyzing)

Answer 28

d

Question 29

With the development of IEEE 802.1x port security, the ______ authentication server has seen even greater usage.

a. RADIUS
b. RDAP
c. DAP
d. AAA

Answer 29

A

Question 30

Which authentication protocol is available as a free download that runs on Microsoft Windows, Apple mac OS X, and Linux?

a. LDAP
b. IEEE 802.1X
c. RADIUS
d. Kerberos

Answer 30

d

Question 31

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

a. Lite RDAP
b. DAP
c. LDAP
d. IEEE X.501

Answer 31

c

Question 32

A user entering her user name would correspond to the _____ action in access control.

a. authentication
b. identification
c. subject
d. resource

Answer 32

b

Question 33

A process functioning on behalf of the user who attempts to access a file is known as a(n) _____.

a. object
b. operation check
c. subject
d. resource

Answer 33

c

Question 34

What is the name given to the individual who periodically reviews security settings and maintains records of access by users?

a. supervisor
b. custodian
c. owner
d. manager

Answer 34

b

Question 35

In the _____ model, the end-user cannot change any security settings.

a. Discretionary Access Control
b. Restricted Access Control
c. Security Access Control
d. Mandatory Access Control

Answer 35

d

Question 36

Which statement about Rule Based Access control is true?

a. It requires that a custodian set all rules
b. It is considered obsolete today
c. It dynamically assigns roles to subjects based on rules
d. It is considered a real-world approach by linking a user’s job function with security

Answer 36

c

Question 37

______ in access control means that if a condition is not explicitly met, then access is to be rejected.

a. Prevention control
b. Denial of duties
c. Implicit deny
d. Explicit rejection

Answer 37

c

Question 38

Which of these is a set of permissions that is attached to an object?

a. access control list (ACL)
b. Subject Access Entity (SAE)
c. object modifier
d. security entry designator

Answer 38

a

Question 39

Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory?

a. Windows Register Settings
b. AD Management Services (ADMS)
c. Group Policy
d. Resource Allocation Entities

Answer 39

c

Question 40

A(n) _____ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.

a. RBASE plug-in attack
b. SQL/LDAP insert attack
c. modified Trojan attack
d. LDAP injection attack

Answer 40

d

Question 41

What is the least restrictive access control model?

a. Discretionary Access Control (DAC)
b. Role Based Access Control (RBAC)
c. Mandatory Access Control (MAC)
d. Rule Based Access Control (RBAC)

Answer 41

a

Question 42

The principle known as _____ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function.

a. mandatory limitations
b. enterprise security
c. least privileges
d. deny al

Answer 42

c

Question 43

A(n) ______ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as a required.

a. owner
b. administrator
c. custodian
d. end-user

Answer 43

a

Question 44

In the Mandatory Access Control (MAC) model, every subject and object _____.

a. must be given a number from 200-900
b. is restricted and cannot be accessed
c. is assigned a label
d. can be changed by the owner

Answer 44

c