Chapter 14 Flashcards
______ refer to the access granted for an object and determine what you can do with it.
a) rights
b) permissions
Permissions
A _____primarily refers to the ability to take an action on an object.
a) rights
b) permissions
right
________ are the combination of rights and privileges.
a) rights
b) permissions
c) Privileges
Privileges
An _________ is a table that includes subjects, objects, and assigned privileges.
access control matrix
ACLs are focused on ______ and a capability table is focused on ______.
objects , subjects
____ ___ ______________ uses multiple
layers or levels of access controls to provide layered security.
defense-in-depth strategy.
_____ allows the owner, creator, or data custodian of an object to control and define access to that object
discretionary access controls (DACs)
Administrators centrally administer _______and can make changes that affect the entire environment. In contrast, __________ models allow owners to make their own changes, and their changes don’t affect other parts of the environment.
nondiscretionary access controls , discretionary access control
What is the difference between DAC and role- BAC ?
In the DAC model, objects have owners and the owner determines who has access. In the role-BAC model, administrators determine subject privileges and assign appropriate privileges to roles or groups.
Which access control model relies on the use of classifilcation labels ?
mandatory access control (MAC)
A ___________ relates various classification labels in an ordered structure from low security to medium security to high security, such as Confidential, Secret, and Top Secret, respectively.
hierarchical environment
A _____ is the possibility or likelihood that a threat will exploit a vulnerability resulting in a loss such as harm to an asset.
a) threat
b) risk
c) vulnerability
risk
A ______ is a potential occurrence that can result in an undesirable outcome.
a) threat
b) risk
c) vulnerability
threat
A _____________ is any type of weakness.
The weakness can be due to a flaw or limitation in hardware or software, or the absence
of a security control such as the absence of antivirus software on a computer.
a) threat
b) risk
c) vulnerability
vulnerability
___________ refers to the process of identifying,
understanding, and categorizing potential threats.
Threat modeling
Name 3 Threat Modeling Approaches
Focused on Assets, Focused on Attackers, Focused on Software
What is Access aggregation ?
Collecting multiple pieces of nonsensitive information and combining (i.e., aggregating) them to learn sensitive information.
A ____________ is an attempt to discover passwords by using every possible password
in a predefined database or list of common or expected passwords.
dictionary attack
A previously used password, but with one character
different is called __________
oneupped- constructed password
An attempt to discover passwords for user accounts by systematically attempting all possible combinations of letters, numbers, and symbols is called ______________ .
brute-force attack
What is it called when two separate passwords create the same hash ?
Collision
What is A birthday attack ?
Using a tool to create the same hash value as a password.
What type of attack reduces this time by using large
databases of precomputed hashes.
rainbow table
What is a salt ?
a group of random bits, added to a password before hashing it.
Capturing packets sent over a network with the intent of analyzing the packets is called what ?
Sniffing
A form of social engineering that attempts to trick users into giving up sensitive information, opening an attachment, or clicking a link.
Phishing
