Chapter 5: Identity and Access Management Part 2 - Section A

Question 1

Introduction: access control is often based on

Answer 1

Least privilege

Question 2

Introduction: Computer access can be set for various levels (T or F)

Answer 2

True

Question 3

Introduction: Access restrictions at the file level generally include what?

Answer 3

1. Read, Inquiry, Copy
2. Write, create, update, or delete only
3. Execute only
4. Combination

Question 4

Introduction: What is the least dangerous type of access?

Answer 4

Read only

Question 5

logical access controls mechanisms use what?

Answer 5

access control lists or access authorization tables

Question 6

Access Control Lists: it refers to a register of?

Answer 6

1. Users
2. Access permitted

Question 7

Access Control Lists: users also include groups and machine process (T or F)

Answer 7

True

Question 8

Access Control Lists: Advanced ACLS access can be at the discretion of which 2 individuals and implemented by who?

Answer 8

1. Policy Makers or User
2. Security administrator

Question 9

Access Control Lists: When users change jobs, their old access is often removed (T or F)

Answer 9

False. It is often NOT removed

Question 10

Logical Access Security Administration: In a client-server environment I&A and authorization process can be administered in what ways?

Answer 10

Centralized and Decentralized

Question 11

Logical Access Security Administration: Advantages of conducing security in a decentralized environment include

1. Security Administration is ___ at the ___ location
2. Security issues are resolved in a ___ manner
3. Security controls are ____ on a ___ ___ basis

Answer 11

1. onsite; distributed
2. timely
3. monitored; more frequent

Question 12

Logical Access Security Administration: The risk associated with distributed responsibility for security administration includes:

1. ____ ___ might be implemented rather than those required by the organization
2. levels of security management might be ___ what can be maintained by a ___ ____
3. ___ ___ and __ that are often provided by central admin to ensure standards are maintained might be ____

Answer 12

1. Local Standards
2. below; central admin
3. Management checks and audits; unavailable

Question 13

Logical Access Security Administration: There are many ways to control remote and distributed sites such as

1. ______ over access to the computer, data files and remote access to the network should
   be implemented.
2. The physical control environment should be as secure as possible, with additions, such as ____ ____ and a ___ ___ __
3. Access from _____ locations via modems and laptops to other
   microcomputers should be controlled appropriately
4. Opportunities for ___ ____ to gain ____ of the system should be limited by
   implementing controls over access to ___ ___ ___ ___.
5. Controls should exist for data transmitted from __ ___
6. When replicated files exist at multiple locations, controls should ensure that all files used are
   ___ and ____ and, when data are used to produce financial information, that no ____
   arises.

Answer 13

2. lockable terminals; locked computer room.
3. remote
4. unauthorized people; knowledge;system documentation and manuals
5. remote locations
6. correct and current;duplication

Question 14

Remote Access Security: Remote access users can connect to their organization’s networks with the same level of functionality
that exists within their office (T or F)

Answer 14

True

Question 15

Remote Access Security: What are the protocols used by remote access design?

Answer 15

1. Transmission Control Protocol (TCP/IP)
2. Systems network architecture (SNA) systems

Question 16

Remote Access Security: Users uses what to connect to a mainframe based legacy application

Answer 16

terminal emulation software

Question 17

Remote Access Security: Support for remote connections include?

Answer 17

1. Point-to-point modem connectivity
2. Integrated Services Digital Network (ISDN)
3. Dial-on-demand connectivity
4. Dedicated lines

Question 18

Common Connectivity Methods for Remote Access: what is the most cost effective approach for remote access and why?

Answer 18

TCP/IP uses the internet (public infrastructure) provided by the ISPs which reduce costs.

Question 19

Common Connectivity Methods for Remote Access: To achieve over the internet remote access, what should the organization establish?

Answer 19

VPN

Question 20

Common Connectivity Methods for Remote Access: Advantages of VPN include:

Answer 20

1. Ubiquity (Common)
2. ease of use
3. cheap
4. read,inquiry, or copy only access.

Question 21

Common Connectivity Methods for Remote Access: Disadvantages of VPN include:

Answer 21

1. less reliable than dedicated circuits
2. lack of central authority
3. difficult to troubleshoot

Question 22

Common Connectivity Methods for Remote Access: VPNs can create holes in your security infrastructure (T or F)

Answer 22

True

Question 23

Common Connectivity Methods for Remote Access: What can we employ to alleviate risks from using VPN

Answer 23

1. Intrusion Detection System
2. Virus Scanners

Question 24

Common Connectivity Methods for Remote Access: What is a good practice for VPNs

Answer 24

1. To terminate all VPNs to the same endpoint in a VPN Concentrator
2. Do not accept VPNs directed at other parts of the network

Question 25

Common Connectivity Methods for Remote Access: Dial Up lines (modem asynch point to point or ISDN) accesses what of an organization?

Answer 25

Network access server (NAS)

Question 26

Common Connectivity Methods for Remote Access: What are the most common protocols for NAS

Answer 26

RADIUS - Remote Access Dial In User Service
TACACS - Terminal Access Controller Access Control Systems

Question 27

Common Connectivity Methods for Remote Access: What is the common practice for NAS?

Answer 27

Terminate the call after recording the number and calling again after authentication

Question 28

Common Connectivity Methods for Remote Access: NAS procedures can be circumvented through?

Answer 28

Call forwarding

Question 29

Common Connectivity Methods for Remote Access: what type of dial up connectivity is least preferred from a security control pov is

Answer 29

Remote Access Server

Question 30

Common Connectivity Methods for Remote Access: Advantages of dial-up connectivity:

Answer 30

1. low cost
2. familiarity

Question 31

Common Connectivity Methods for Remote Access: Disadvantages of Dial-up

Answer 31

performance

Question 32

Common Connectivity Methods for Remote Access: The saest remote access method is?

Answer 32

Dedicated lines

Question 33

Common Connectivity Methods for Remote Access: Network Access server works in concert with?

Answer 33

Firewall and router configuration

Question 34

Common Connectivity Methods for Remote Access: Dedicated lines are mostly used by?

Answer 34

branch/regional offices or with business partners

Question 35

Common Connectivity Methods for Remote Access: How would an intruder access the data link?

Answer 35

compromise the telecommunication provider

Question 36

Common Connectivity Methods for Remote Access: dedicated lines cost how much when compared to other typical connections

Answer 36

2 - 5x

Question 37

Common Connectivity Methods for Remote Access: List all 6 risks of remote access

Answer 37

1. Denial of Service
2. Malicious third parties
3. Misconfigured software
4. misconfigured devices
5. unsecured host systems
6. unsecured computers of remote users

Question 38

Common Connectivity Methods for Remote Access: List all 5 controls for remote access

Answer 38

1. Policy and Standards
2. Proper Authorization
3. Identification and Authentication
4. Encryption
5. System and Network Management