Chapter 12: Logical Access Controls Flashcards
Understand Logical Access Controls
What principle states that an individual should only have the minimum set of permissions necessary to accomplish their job duties?
Least privilege
What are the two reasons least privilege is important?
- It minimizes the potential damage from an insider attack.
- It limits the ability of an external attacker to quickly gain privileged access when compromising an employee’s account.
The {blank} principle says that no single person should possess two permissions that, in combination, allow them to perform a sensitive operation.
segregation of duties
{Blank} systems are the most stringent type of access control. In these systems, the operating systen itself restricts the permissions that can be granted to the users and processes on system resources.
Mandatory Access Control (MAC)
{Blank} systems offer a flexible approach to athorization, allowing users to assign access permissions to other users; the owners of files, computers, and other resources have the discretion to configure permissions as they see fit.
Discretionary access control (DAC)
In {blank} systems, administrators assign users to roles based upon their job responsibilities and assign the permissions necessary to carry out different jobs to those roles.
Role-based access control (RBAC)
{Blank} uses technical measures to ensure that a user is not able to later deny that thet took some action.
Non-repudiation
You are designing an access control system where each file is owned by an individual user and that user decides who can access the file. Which term best describes this access control system?
A. MAC
B. RBAC
C. DAC
D. ABAC
DAC
You are working with a home loan provider who needs a system that will ensure that they can prove in court that a user signed a contract. What type of requirement are they most directly trying to achieve?
A. Authenication
B. Authorization
C. Accounting
D. Non-repudiation
Non-repudiation
