Chapter 12 - Access Management

Question 1

Access control

Answer 1

The mechanism used in an information system for granting or denying approval to use specific resources.

Question 2

Authentication

Answer 2

Checking the delivery persons credentials to be sure that they are authentic and not fabricated.

Question 3

Authorization

Answer 3

Granting permission to take an action.

Question 4

Accounting

Answer 4

A record that is preserved of who accessed the network, what resources they accessed, and when they disconnected from the network.

Question 5

Object

Answer 5

An object is a specific resource, such as a file of a hardware device.

Question 6

Subject

Answer 6

A subject is a user of a process functioning on behalf of the user that attempts to access an object.

Question 7

Operation

Answer 7

The action that is taken by the subject over the object is called an operation.

Question 8

Access control model

Answer 8

A predefined framework found in hardware and software that a custodian can use for controlling access.

Question 9

Discretionary access control (DAC)

Answer 9

The least restrictive access control model in which the owner of the object has total control over it.

Question 10

Mandatory access control (MAC)

Answer 10

The most restrictive access control model, typically found in military settings in which security is of supreme importance.

Question 11

Role-based access control (RBAC)

Answer 11

A “real-world” access control model in which access is based on a users job function within the organization.

Question 12

Rule-Based Access Control

Answer 12

An access control model that can dynamically assign roles to subjects based on a set of rules defined by a custodian.

Question 13

Attribute-Based Access Control (ABAC)

Answer 13

An access control model that uses more flexible policies that can combine attributes.

Question 14

Employee onboarding

Answer 14

The tasks associated when hiring a new employee.

Question 15

Employee offboarding

Answer 15

The tasks associated when an employee is released from the enterprise.

Question 16

Location-based policies

Answer 16

Policies that establish geographical boundaries where a mobile device can and cannot be used.

Question 17

Time-of-day restriction

Answer 17

Limitation imposed as to when a user can log in to a system or access resources.

Question 18

Recertification

Answer 18

The process of periodically revalidating a users account, access control, and membership role or inclusion in a specific group.

Question 19

Permission auditing and review

Answer 19

A review that is intended to examine the permissions that a user has been given to determine if each is still necessary.

Question 20

Usage auditing and review

Answer 20

An audit process that looks at the applications that the user is provided, how frequently they are used, and how they are being used.

Question 21

Separation of duties

Answer 21

The practice of requiring that processes should be divided between two or more individuals.

Question 22

Job rotation

Answer 22

The act of moving individuals from one job responsibility to another.

Question 23

Clean desk policy

Answer 23

A policy designed to ensure that all confidential or sensitive materials are removed from a users workspace and secured when the items are not in use or an employee leaves her workspace.

Question 24

File system security

Answer 24

Security functions provided by access control lists (ACLs) for protecting files managed by the operating system.

Question 25

Database security

Answer 25

Security functions provided by access control lists (ACLs) for protecting SQL and relational database systems.

Question 26

Group-based access control

Answer 26

Configuring multiple computers by setting a single policy for enforcement.

Question 27

RADIUS (Remote Authentication Dial In User Service)

Answer 27

An industry standard authentication service with widespread support across nearly all vendors of networking equipment.

Question 28

Kerberos

Answer 28

An authentication system developed by MIT and used to verify the identity of networked users.

Question 29

TACACS+ (Terminal Access Control Access Control System)

Answer 29

The current version of TACACS authentication service.

Question 30

Directory service

Answer 30

A database stored on the network itself that contains information about users and network devices.

Question 31

Lightweight Directory Access Protocol (LDAP)

Answer 31

A protocol for a client application to access an X.500 directory.

Question 32

Security Assertion Markup Language (SAML)

Answer 32

An extensible markup language (XML) standard that allows secure web domains to exchange user authentication and authorization data.

Question 33

Extensible authentication protocol (EAP)

Answer 33

A framework for transporting the authentication protocols which was created as a more secure alternative to the weak CHAP/MS-CHAP.

Question 34

Challenge-Handshake Authentication Protocol (CHAP)

Answer 34

A weak version of Extensible Authentication Protocol (EAP).

Question 35

MS-CHAP

Answer 35

The Microsoft version of Challenge-Handshake Authentication Protocol (CHAP).

Question 36

Password Authentication Protocol (PAP)

Answer 36

A weak version of Extensible Authentication Protocol (EAP).