Chapter 6 Key Terms

Question 1

Access control

Answer 1

Access control is the ability to permit or deny access to resources on a network or computer.

Question 2

Access control policy

Answer 2

An access control policy defines the steps and measures that are taken to control access to objects.

Question 3

Access control system

Answer 3

An access control system includes policies, procedures, and technologies that are implemented to control access to objects.

Question 4

Authentication

Answer 4

Authentication is the process of validating identity. It includes the identification process, a user providing input to prove identity, and the system accepting that input as valid.

Question 5

Authorization

Answer 5

Authorization is granting or denying access to an object based on the level of permissions or the actions allowed with the object.

Question 6

Auditing

Answer 6

Auditing, also referred to as accounting, is maintaining a record of the activity within the information system.

Question 7

Objects

Answer 7

Objects are data, applications, systems, networks, and physical space.

Question 8

Subjects

Answer 8

Subjects are users, applications, or processes that need access to objects.

Question 9

Identification

Answer 9

The initial process of confirming the identity of a user requesting credentials. This occurs when a user enters a user ID at logon.

Question 10

Authentication

Answer 10

The verification of the issued identification credentials. It is usually the second step in the identification process and establishes that you are who you say you are.

Question 11

Multifactor authentication

Answer 11

A method of confirming identity by using two or more pieces of evidence (or factors) to an authentication mechanism.

Question 12

False negative

Answer 12

An error that occurs when a person who should be allowed access is denied access.

Question 13

False positive

Answer 13

An error that occurs when a person who should be denied access is allowed access.

Question 14

Crossover error rate

Answer 14

The point at which the number of false positives matches the number of false negatives in a biometric system.

Question 15

Processing rate

Answer 15

The number of subjects or authentication attempts that can be validated.

Question 16

Authorization

Answer 16

The process of controlling access to resources, such as computers, files, or printers.

Question 17

Access control list (ACL)

Answer 17

A list that identifies users or groups who have specific security assignments to an object.

Question 18

Permission

Answer 18

A permission controls the type of access that is allowed or denied for an object.

Question 19

Discretionary ACL (DACL)

Answer 19

An implementation of discretionary access control (DAC) in which owners add users or groups to the DACL for an object and identify the permissions allowed for that object.

Question 20

System ACL (SACL)

Answer 20

An ACL Microsoft uses for auditing to identify past actions users have performed on an object.

Question 21

Security Principal

Answer 21

An object such as a user account, computer account, and security group account that can be given permissions to an object.

Question 22

Active Directory

Answer 22

Developed by Microsoft, Active Directory is a centralized database that contains user accounts and security information. It is included in most Windows Server operating systems as a set of processes and services.

Question 23

Organizational unit (OU)

Answer 23

In Active Directory, an organizational unit is a way to organize such things as users, groups, computers, etc. It is also referred to as a container object.

Question 24

Domain objects

Answer 24

All network resources, such as users, groups, computers, and printers are stored as objects in Active Directory.

Question 25

Azure Active Directory

Answer 25

Azure AD is Microsoft’s cloud-based identity and access management service. It helps employees sign in and access resources.

Question 26

Domain

Answer 26

A domain is an admiratively-defined collection of network resources that share a common directory database and security policies. The domain is the basic administrative unit of an Active Directory structure.

Question 27

Tree

Answer 27

A tree is a group of related domains that share the same contiguous DNS namespace.

Question 28

Forest

Answer 28

A forest is a collection of related domain trees. The forest establishes the relationship between trees that have different DNS namespaces.

Question 29

Organizational unit

Answer 29

An organizational unit is similar to a folder. It subdivides and organizes network resources within a domain.

Question 30

Object

Answer 30

Each resource within Active Directory is identified as an object.

Question 31

Domain controller

Answer 31

A domain controller is a server that holds a copy of the Active Directory database. The copy of the Active Directory database on a domain controller can be written to.

Question 32

Replication

Answer 32

The process of copying changes to Active Directory on the domain controllers.

Question 33

Member servers

Answer 33

Member servers are servers in the domain that do not have the Active Directory database.

Question 34

Policy

Answer 34

A set of configuration settings applied to users or computers.

Question 35

Multifactor Authentication

Answer 35

Using more than one method to authenticate users.

Question 36

Smart Cards

Answer 36

Similar in appearance to credit cards, smart cards have an embedded memory chip that contains encrypted authentication information. These cards are used for authentication.

Question 37

Microprobing

Answer 37

The process of accessing a smart cards chip surface directly to observe, manipulate, and interfere with the circuit.

Question 38

Radio frequency identification (RFID)

Answer 38

The wireless, non-contact use of radio frequency waves to transfer data.

Question 39

Dameon

Answer 39

A Linux or UNIX program that runs as a background process, rather than being under the direct control of an interactive user.

Question 40

Remote access policies

Answer 40

Remote access policies are used to restrict access. The policies identify authorized users, conditions, permissions, and connection parameters such as time of day, authentication protocol, caller id, etc.

Question 41

Authentication

Answer 41

Authentication is the process of validating user credentials that prove user identity.