Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security - 2 > Ch.11 > Flashcards

Ch.11 Flashcards

1
Q

A user or a process functioning on behalf of the user that attempts to access an object is known as the:

Question 1 options:

subject

reference monitor

entity

label

A

subject

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The action that is taken by a subject over an object is called a(n):

Question 2 options:

authorization

access

control

operation

A

operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?

Question 3 options:

accounting and access model

user control model

access control model

authorization control model

A

access control model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

Question 4 options:

Mandatory Access Control

Role Based Access Control

Discretionary Access Control

Rule Based Access Control

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a UAC prompt, what color is used to indicate the lowest level of risk?

Question 5 options:

red

gray

yellow

green

A

gray

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which access control model is considered to be the least restrictive?

Question 6 options:

Role Based Access Control

Mandatory Access Control

Rule Based Access Control

Discretionary Access Control

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Select below the access control model that uses access based on a user’s job function within an organization:

Question 7 options:

Role Based Access Control

Rule Based Access Control

Discretionary Access Control

Mandatory Access Control

A

Role Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which access control model can dynamically assign roles to subjects based on a set of defined rules?

Question 8 options:

Role Based Access Control

Mandatory Access Control

Rule Based Access Control

Discretionary Access Control

A

Rule Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When using Role Based Access Control (RBAC), permissions are assigned to:

Question 9 options:

Roles

Groups

Labels

Users

A

Roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:

Question 10 options:

Separation of duties

Job rotation

Mandatory vacation

Role reversal

A

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

Question 11 options:

ACE

DAC

entity

ACL

A

ACL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

Question 12 options:

Active

Stale

Orphaned

Fragmented

A

Orphaned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?

Question 13 options:

Password expiration

Account expiration

Last login

Account last used

A

Account expiration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?

Question 14 options:

RADIUS

ICMP

FTP

Telnet

A

RADIUS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

Question 15 options:

accounting request

access request

verification request

authentication request

A

authentication request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:

Question 16 options:

Aurora

Kerberos

CHAP

TACACS

A

Kerberos

17
Q

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

Question 17 options:

TACACS

RADIUS

Kerberos

FTP

A

TACACS

18
Q

Entries within a Directory Information Base are arranged in a tree structure called the:

Question 18 options:

DAP

PEAP

EAP

DIT

A

DIT

19
Q

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

Question 19 options:

DIB

DAP

DIT

LDAP

A

DAP

20
Q

What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database’s information?

Question 20 options:

LDAP poisoning

Kerberos injection

LDAP injection

DAP hijacking

A

LDAP injection

Security - 2 (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions