Chapter 3 Flashcards

1
Q

What is the next step after a user is identified and authenticated?

A

Authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_______ defines what the user can access, modify, and delete.

A

Authorizarion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Policies or procedures used to control access to certain items

A

Access Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The lowest level of authorization allowed to a user to perform duties

A

Principles of Least Privilage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user having more access than usual is an example of a violation of _________

A

Principles of Least Privilage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Giving access to resources

A

Allowing Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Preventing a given party from accessing the resource(s) in question

A

Denying Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Allowing partial access to resources

A

Limiting Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A set of resources devoted to a program, process, or similar entity, outside of which the entity cannot operate.

A

Sandbox

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Taking access that was once allowed away from the user.

A

Revoking Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is often referred to as “ackles”?

A

Access Control Lists (ACLs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Lists containing information about what kind of access certain parties are allowed to have to a given system

A

Access Control Lists (ACLs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Used to control access in the file systems on which our operating systems run and control the flow of traffic in the networks to which our systems are attached

A

Access Control Lists (ACLs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Commonly discussed in the context of firewalls and routers

A

Access Control Lists (ACLs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ACLs

A

Access Control Lists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Access Control Lists in most file systems have three types of permissions

A

Read
Write
Execute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Can a file or directory have multiple Access Control Lists attached to it?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In the case of Network ACLs, we typically see access controlled by the identifiers we use for network transactions, such as __________________, ______________, and ____________.

A

Internet Protocol addresses (IP Addresses)
Media Access Control addresses (MAC Addresses)
Ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

MAC Address

A

Media Access Control Address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

IP Address

A

Internet Protocol Address

21
Q

Permissions in network Access Control Lists tend to be __________________ in nature.

A

Binary

22
Q

When there are only two possible values

A

Binary

23
Q

The owner of the resource determines who gets access to it and exactly what level of access they can have

A

Discretionary Access Control (DAC)

24
Q

Access to resource determined by job duties

A

Role-Based Access Control

25
Q

Determined by a group or individuals who have authority to decide who has access

A

Mandatory Access Control (MAC)

26
Q

Determined by the traits of a person, resource, or environment

A

Attribute-Based Access Control

27
Q

The act of doing something that is prohibited by law or rule

A

Violation

28
Q

An attack that misuses the authority of the browser on the user’s computer

A

Cross-Site Request Forgery (CSRF)

29
Q

Allows access according to a set of rules defined by the system administrator

A

Rule-Based Access Control

30
Q

Primarily concerned with protecting the integrity of data

A

Biba Model

31
Q

An Access Control model designed to prevent conflicts of interest

A

Brewer and Nash Model

32
Q

aka Chinese Wall model

A

Brewer and Nash Model

33
Q

What are the three main resource classes of the Brewer and Nash Model?

A

Objects
Company Groups
Conflict Classes

34
Q

(Brewer and Nash Model)

Resources, such as files or information, pertaining to a single organization

A

Objects

35
Q

(Brewer and Nash Model)

All objects pertaining to an organization

A

Company Groups

36
Q

(Brewer and Nash Model)

All groups of objects concerning competing parties

A

Conflict Classes

37
Q

____________ are often concerned with controlling the movement of individuals and vehicles

A

Physical Access Controls

38
Q

DAC

A

Discretionary Access Control

39
Q

A separate group or individual has the authority to set access to resources.

A

Mandatory Access Control (MAC)

40
Q

MAC

A

Mandatory Access Control

41
Q

CSRF

A

Cross-Site Request Forgery

42
Q

An attack that forces an end user to execute unwanted actions on a web application in which they are currently unauthenticated

A

Cross-Site Request Forgery (CSRF)

43
Q

A combination of Discretionary Access Control (DAC) and Mandatory Access Control (MAC). Primarily concerned with the confidentiality of the resource in question.

A

Bell-LaPadula Model

44
Q

An access control model that includes many tiers of security and is used extensively by military and government organizations and those that handle data of a very sensitive nature.

A

Multilevel Access Control

45
Q

A client-side attck that involves an attacker placing an invisible player over something on a website that the user would normally click on in order to exclude a command differing from what the user thinks they are performing

A

Clickjacking

46
Q

A unique address assigned to each device on any network that uses the Internet Protocol for communication

A

IP Address

47
Q

This problem occurs when the software with access to a resource has a greater level of permission to access the resource than the user who is controlling the software. These attacks are common in systems that use ACLs.

A

Confused Deputy Problem

48
Q

Unique identifiers hard-coded into each network interface in a given system

A

Media Access Control addresses (MAC Addresses)

49
Q

Use these to determine who should be allowed access to what resources

A

Access Control Models