Chapter 14 – Controlling and Monitoring Access Flashcards
1
Q
- Which of the following best describes an implicit deny principle?
All actions that are expressly allowed are denied.
A
All actions that are expressly allowed are denied.
2
Q
- What is the intent of least privilege?
Enforce the most restrictive rights required by users to complete assigned tasks.
A
Enforce the most restrictive rights required by users to complete assigned tasks.
3
Q
- A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table?
Access control matrix
A
Access control matrix
4
Q
- What type of access controls are hardware or software mechanisms used to manage access to resources and systems, and provide protection for those resources and systems?
The data custodian
A
The data custodian
5
Q
- Which of the following models is also known as an identity-based access control model?
DAC
A
DAC
6
Q
- A central authority determines which files a user can access. Which of the following best describes this?
Nondiscretionary access control model
A
Nondiscretionary access control model
7
Q
- A central authority determines which files a user can access based on the organization’s hierarchy. Which of the following best describes this?
RBAC model
A
RBAC model
8
Q
- Which of the following statements is true related to the RBAC model?
A RBAC model allows users membership in multiple groups.
A
A RBAC model allows users membership in multiple groups.
9
Q
- Which of the following is the best choice for a role within an organization using a RBAC model?
Programmer.
A
Programmer.
10
Q
- Which of the following best describes a rule-based access control model?
It uses global rules applied to all users equally.
A
It uses global rules applied to all users equally.
