Chapter 14: Controlling and Monitoring Access Flashcards

1
Q

In general, ____refer to the access granted for an object and determine what you can do with it.

A

permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A ___ primarily refers to the ability to take an action on an object.

A

right

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The ____ principle ensures that access to an object is denied unless access has been explicitly granted to a subject.

A

Implicit deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Applications use _____ interfaces or restricted interfaces to restrict what users can do or see based on their privileges.

A

constrained

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

_____ access controls restrict access to data based on the content within an object.

A

Content-dependent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_____ access controls require specific activity before granting users access.

A

Context-dependent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A ____ policy is a document that defines the security requirements for an organization.

A

security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A key characteristic of the Discretionary Access Control (DAC) model is that every object has an owner and the owner can grant or deny access to any other subjects.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A key characteristic of the ____ model is the use of roles or groups. Instead of assigning permissions directly to users, user accounts are placed in roles and administrators assign privileges to the roles.

A

Role-Based Access Control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A key characteristic of the ____ control model is that it applies global rules to all subjects.

A

rule-based access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A key characteristic of the ____ model is its use of rules that can include multiple attributes.

A

Attribute-Based Access Control (ABAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A ____ control model grants access after evaluating risk.

A

risk-based access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A ______ model relies on the use of classification labels

A

Mandatory Access Control (MAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A _______ environment relates various classification labels in an ordered structure from low security to medium security to high security, such as Confidential, Secret, and Top Secret, respectively.

A

hierarchical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In a ______ environment, there is no relationship between one security domain and another.

A

compartmentalized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A ____ environment combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.

A

hybrid

17
Q

______ (implying open authorization) is an authorization framework described in RFC 6749 and maintained by the Internet Engineering Task Force (IETF). Many companies on the internet use it to share account information with third-party websites.

A

OAuth 2.0

18
Q

____ centralizes authentication for remote access connections, such as with VPNs or dial-up access.

A

Remote Authentication Dial-in User Service (RADIUS)

19
Q

Ticket authentication is a mechanism that employs a third-party entity to prove identification and provide authentication. The most common and well-known ticket system is ______.

A

Kerberos

20
Q

When using TLS, RADIUS uses TCP port _____.

A

2083