Domain 1: Access Controls Flashcards

1
Q

Physical Controls

A

Doors, Locks, Fences, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Logical Controls

A

ACL’s, IDS, FW, routers, Virus protection, activity logging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Administrative controls

A

Baners, Signs, policies, Procedures, directives, rules & regs, documents or log-on screens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The types of controls

A

Physical, Logical , Administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Physical Assets

A

Tangible things such as the building, property, business, equipment, and people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Digital assets

A

Generally consist of the data contained or stored on the IT systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information assets

A

The content information represented by the digital data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Most important asset to protect

A

People

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Assurance procedures

A

Procedures that ensure that the access control mechanisms correctly implement the security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Subject

A

User or entity taking the action or accessing a resource such as a database. Always active. May change roles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Object

A

Item or resource being acted upon by a subject. Always passive. May change roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Finger scan technology

A

Only the features extracted from the fingerprint are stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fingerprint technology

A

Entire fingerprints are stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

False Rejection Rate (FRR)

A

Type 1 Error. Percentage of time a biometric system rejects a known good user, thus not allowing access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

False Acceptance Rate (FAR)

A

Type II Error. Percentage of time a biometric system falsely identifies as good an unknown user, thus allowing access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Crossover Error Rate (CER)

A

CER is where the false rejection rate and false acceptance rate cross over. Lower CER means better biometric authentication system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Signature Dynamics

A

Biometric factor of handwriting analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Voiceprint

A

Stored voice in the biometric system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Keystroke Dynamics (aka Keystroke pattern recognition)

A

Recognizes how an individual types on a keyboard. Measures flight time (time between keystrokes) and dwell (length of time a key is pressed).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Dual Control

A

Two individuals must work together to gain access. aka Split Knowledge, Separation of Duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Reverse authentication

A

User authenticates to the system, then they also have knowledge the system is in fact genuine. Use chosen images or personal security questions.

22
Q

Account Callback

A

System texts or emails person back with a passcode when they try to authenticate.

23
Q

Session-Level Access Control

A

Restrict or Allow actions during a specific communication session. Login Notification, User Inactivity, Multiple logons, Origination location, Session time limit, Continuous Auth (IPsec)

24
Q

View-based access control

A

Security control mechanism that restricts the users actions or displays only the data available to them based on their rights.

25
Q

Data-level access control

A

Deals with protecting data in any of its three states. In process. In transit. At rest.

26
Q

Content-based or Contextual Access Control

A

Based on the form or content of the actual data. Data content rules.

27
Q

Physical Data and Printed Media Access Control

A

Handling and storage access procedures of physical devices

28
Q

Assurance of accountability

A

Accountability is the result of a strong identification and authentication system. (Prove they are who they say they are)

29
Q

Trusted Domain

A

Contains the user requesting access to a resource in another domain

30
Q

Trusting Domain

A

aka Resource Domain. Containst the resource to which access is desired.

31
Q

One way trust

A

Users in one domain may access resources in the second domain, but not vice-versa.

32
Q

Two-way trust

A

Both domains trust each other. All AD domains are automatically two way trust.

33
Q

Transitive trusts

A

A trusts B. B trusts C. So A trusts C.

34
Q

Cloud Vendor Reliability

A

Financials and ability to provide safeguards and security controls

35
Q

Data Clearing and Cleansing

A

Refers to data that may remain on cloud storage after a cloud size is reduced. What happens to data that remains after size reduction?

36
Q

Cloud client encroachment

A

If one client has legal issues, it could impact other clients. If one client is attacked, the attacker might access other clients on the same system.

37
Q

Included by exception

A

Whitelist, explicitly allowed.

38
Q

Capability table

A

Access control list

39
Q

False positive (re: Authentication)

A

Unknown user has been identified and authenticated and allowed access to a system.

40
Q

False negative (re: Authentication)

A

Known good user is denied access to the system

41
Q

OPIE

A

One time password in everything

42
Q

System-Level Access Control

A

Value of the system. Method of accessing the information.

43
Q

Capabilities List (MAC)

A

Security clearances. Labels applied to subjects

44
Q

Security classifications

A

aka Information classifications. Labels assigned to objects

45
Q

Special Access Programs (SAPs)

A

Control access, distribution, and protection to particularly sensitive info (top secret military info).

46
Q

SCI

A

200-300 SCI compartments. Each compartment has a code word. Intelligence info.

47
Q

MAC TCB (Trusted Computer Base) components

A

Reference monitor, Security Kernel, Audit File

48
Q

Reference Monitor

A

Compares subject and object security labels prior to allowing access

49
Q

Bell-LaPadulla Model

A

No read up, no write down

50
Q

Biba Model

A

Information integrity (of objects). Seeks to not increase the integrity of info at a lower level. May not read at a lower level and write to a higher level (No read down, No write up)

51
Q

Clark-Wilson Model

A

Concerned with object integrity and separation of duties.

52
Q

Brewer-Nash Model (Chinese Wall)

A

Prohibits conflicts of interest. Objects are classified in a manner that indicates conflicts of interest.