Domain 1 Part 2

Question 1

Three important access control concepts.

Answer 1

Subjects, objects, access permissions

Question 2

Entities that may be assigned permissions.

Answer 2

Subjects

Question 3

Types of resources that subjects may access.

Answer 3

Objects

Question 4

Relationships between subjects and the objects they may access.

Answer 4

Access permissions

Question 5

Four phases of access control.

Answer 5

Identification, authentication, authorization, accounting

Question 6

User makes a claim as to his or her identity.

Answer 6

Identification

Question 7

User proves his or her identity using one or more mechanisms.

Answer 7

Authentication

Question 8

System makes decisions about what resources the user is allowed to access and the manner in which they may be manipulated.

Answer 8

Authorization

Question 9

System keeps an accurate audit trail of the users activity.

Answer 9

Accounting

Question 10

Contains access control entities (ACEs) that correspond to access permissions.

Answer 10

Access control list (ACL)

Question 11

Four types of access control systems.

Answer 11

MAC, DAC, NDAC (RBAC), LBAC

Question 12

Authorization of the subjects access to an object depends on labels which indicate a subjects clearance and the classification or sensitivity of the related object

Answer 12

Mandatory access control (MAC)

Question 13

Access control type where the subject has authority to specify what objects can be accessible.

Answer 13

Discretionary access control (DAC)

Question 14

Access control type where the Administrator determines which subjects can have access to certain objects based on an organizations security policy.

Answer 14

Non-discretionary access control (NDAC) also known as role based access control (RBAC)

Question 15

Access control type where the administrator specifies upper and lower bounds of the authority for each subject and uses those boundaries to determine access permissions.

Answer 15

Lattice based access control (LBAC)

Question 16

Five types of access controls.

Answer 16

Preventative, detective, corrective, deterrent, compensatory

Question 17

Controls designed to prevent unwanted activity from occurring.

Answer 17

Preventative controls

Question 18

Type of controls that provide a means of discovering unwanted activities that have occurred.

Answer 18

Detective controls

Question 19

Controls that are mechanisms for bringing a system back to its original state prior to the unwanted activity.

Answer 19

Corrective controls

Question 20

Control type used to discourage individuals from attempting to perform undesired activities.

Answer 20

Deterrent controls

Question 21

Control type implemented to make up for deficiencies in other controls.

Answer 21

Compensatory controls

Question 22

Three categories of access control.

Answer 22

Administrative, logical/technical, physical.

Question 23

Controls constituting policies, procedures, disaster recovery plans, awareness training, security reviews and audits, background checks, reviews of vacation history, separation of duties, and job rotation.

Answer 23

Administrative controls

Question 24

Control type that restricts access to systems and the protection of information.

Answer 24

Logical/technical controls

Question 25

Type of controls used to protect access to the physical facilities housing information systems.

Answer 25

Physical controls

Question 26

States that the subjects of an access control system should have the minimum set of access permissions necessary to complete their assigned job functions.

Answer 26

Principle of least privilege

Question 27

The ability to perform critical system functions should be divided among different individuals to minimize the risk of collusion.

Answer 27

Separation of duties

Question 28

Users should only have access to information that they have a need to know to perform their assigned responsibilities.

Answer 28

Need to know

Question 29

Users gain different access permissions as they move from position to position in an organization but old permissions are not revoked.

Answer 29

Privilege creep

Question 30

A central authentication and/or authorization point for an enterprise.

Answer 30

Centralized access control system

Question 31

A series of diverse access control systems at different points throughout the enterprise.

Answer 31

Decentralized access control systems

Question 32

Technology that enables centralized authentication.

Answer 32

Single sign on (SSO)

Question 33

Software used on a network to establish a users identity.

Answer 33

Kerberos

Question 34

Three components of kerberos

Answer 34

Key distribution center (KDC), Authentication service (AS), Ticket granting service (TGS)

Question 35

A public key based alternative to kerberos

Answer 35

SESAME

Question 36

Three authentication factors.

Answer 36

Something you know, something you have, something you are

Question 37

Using at least two authentication factors.

Answer 37

Two-factor authentication

Question 38

The most commonly implemented authentication technique.

Answer 38

Passwords

Question 39

Four different kinds of tokens

Answer 39

Static password, synchronous dynamic password, asynchronous dynamic password, challenge-response token

Question 40

Token type where the owner authenticates himself to the token and the token authenticates the owner to the system.

Answer 40

Static password token

Question 41

Token type where the token generates a new unique password at fixed time intervals, user enters a unique password and user name into the system, and the system confirms that the password and user name are correct and were entered during the allowed time interval.

Answer 41

Synchronous dynamic password token

Question 42

Same as the synchronous dynamic password token except no time dependency.

Answer 42

Asynchronous dynamic password token

Question 43

Token type where there is a system or workstation generated random number challenge, owner enters string into token with the proper PIN, and the token generates a response that is entered into the system.

Answer 43

Challenge-response token

Question 44

The percentage of cases in which a valid user is incorrectly rejected by the system.

Answer 44

False rejection rate (FRR), also known as a Type I error

Question 45

The percentage of cases in which an invalid user is incorrectly accepted by the system.

Answer 45

False acceptance rate (FAR), also known as a Type II error

Question 46

The rate at which FRR=FAR for any given system.

Answer 46

Crossover error rate (CER)

Question 47

Three evaluation factors for biometric techniques.

Answer 47

Enrollment time, throughput rate, acceptability

Question 48

The amount of time that it takes to add a new user to a biometric system.

Answer 48

Enrollment time

Question 49

The number of users that may be authenticated to a biometric system per minute.

Answer 49

Throughput rate

Question 50

The likelihood that users will accept the use of a biometric technique.

Answer 50

Acceptability

Question 51

Six types of attack.

Answer 51

Brute force, dictionary, spoofing, denial of service, man in the middle, sniffer.

Question 52

The type of attack where the attacker simply guesses passwords until eventually succeeding.

Answer 52

Brute force attack

Question 53

Type of attack where the attacker uses the password encryption algorithm to encrypt a dictionary of common words and then compares the encrypted words to the password file.

Answer 53

Dictionary attack

Question 54

Type of attack where an individual or system poses as a third party.

Answer 54

Spoofing

Question 55

Type of attack where the system is flooded with traffic so that it cannot provide service to legitimate users.

Answer 55

Denial of service (DoS)

Question 56

Type of attack where the attacker can monitor all traffic occurring on the same network segment,

Answer 56

Sniffer

Question 57

An effective way to assess the security of a system.

Answer 57

Penetration test

Question 58

Two types of monitored environment for IDS.

Answer 58

Host based, network based

Question 59

Two types of detection methodology for IDS.

Answer 59

Signature based, Anomaly based

Question 60

IDS that resides on a single system and monitors the systems even log and audit trail for signs of unusual activity.

Answer 60

Host based IDS

Question 61

IDS that performs real time monitoring in a passive manner by monitoring all of the traffic on a specific network segment,

Answer 61

Network based IDS

Question 62

IDS that stores characteristics of an attack and then compares activity in a monitored environment to those characteristics.

Answer 62

Signature based IDS

Question 63

IDS that measures user, system, and network behavior over an extended period of time to develop baselines.

Answer 63

Anomaly based IDS