Chapter 14: Controlling and Monitoring Access

Question 1

In general, ____refer to the access granted for an object and determine what you can do with it.

Answer 1

permissions

Question 2

A ___ primarily refers to the ability to take an action on an object.

Answer 2

right

Question 3

The ____ principle ensures that access to an object is denied unless access has been explicitly granted to a subject.

Answer 3

Implicit deny

Question 4

Applications use _____ interfaces or restricted interfaces to restrict what users can do or see based on their privileges.

Answer 4

constrained

Question 5

_____ access controls restrict access to data based on the content within an object.

Answer 5

Content-dependent

Question 6

_____ access controls require specific activity before granting users access.

Answer 6

Context-dependent

Question 7

A ____ policy is a document that defines the security requirements for an organization.

Answer 7

security

Question 8

A key characteristic of the Discretionary Access Control (DAC) model is that every object has an owner and the owner can grant or deny access to any other subjects.

Question 9

A key characteristic of the ____ model is the use of roles or groups. Instead of assigning permissions directly to users, user accounts are placed in roles and administrators assign privileges to the roles.

Answer 9

Role-Based Access Control (RBAC)

Question 10

A key characteristic of the ____ control model is that it applies global rules to all subjects.

Answer 10

rule-based access

Question 11

A key characteristic of the ____ model is its use of rules that can include multiple attributes.

Answer 11

Attribute-Based Access Control (ABAC)

Question 12

A ____ control model grants access after evaluating risk.

Answer 12

risk-based access

Question 13

A ______ model relies on the use of classification labels

Answer 13

Mandatory Access Control (MAC)

Question 14

A _______ environment relates various classification labels in an ordered structure from low security to medium security to high security, such as Confidential, Secret, and Top Secret, respectively.

Answer 14

hierarchical

Question 15

In a ______ environment, there is no relationship between one security domain and another.

Answer 15

compartmentalized

Question 16

A ____ environment combines both hierarchical and compartmentalized concepts so that each hierarchical level may contain numerous subdivisions that are isolated from the rest of the security domain.

Answer 16

hybrid

Question 17

______ (implying open authorization) is an authorization framework described in RFC 6749 and maintained by the Internet Engineering Task Force (IETF). Many companies on the internet use it to share account information with third-party websites.

Answer 17

OAuth 2.0

Question 18

____ centralizes authentication for remote access connections, such as with VPNs or dial-up access.

Answer 18

Remote Authentication Dial-in User Service (RADIUS)

Question 19

Ticket authentication is a mechanism that employs a third-party entity to prove identification and provide authentication. The most common and well-known ticket system is ______.

Answer 19

Kerberos

Question 20

When using TLS, RADIUS uses TCP port _____.

Answer 20

2083