Domain 3 Flashcards

1
Q

What are the access control categories?

A

administrative controls, technical controls, physical controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the access control types?

A

Preventative, Detective, corrective, recovery, deterrent, compensating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What access control type(s) would a fence be?

A

Deterrent, preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What access control type(s) would a gate be?

A

Deterrent, preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What access control type(s) would bollards be?

A

preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What access control type(s) would lights be?

A

detective, deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What access control type(s) would CCTV be?

A

detective , deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What access control type(s) would a lock be?

A

preventative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What access control type(s) would a turnstile be?

A

preventative, deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What access control type(s) would a contraband check be?

A

preventative, detective, deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What access control type(s) would motion detectors be?

A

detective, deterrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What access control type(s) would a guard be?

A

deterrent, detective, preventative, compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What access control type(s) would a dog be?

A

deterrent, detective, compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are two examples of administrative controls?

A

Organisational policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are three examples of logical / technical controls?

A

Hardware/ software/ firmware, firewalls, routers, encryptions, biometric authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what are three examples of physical controls?

A

Locks, fences, guards, dogs, gates, bollards

17
Q

What is FIDM

A

Federated identity management is having a common set of policies, practices and protocols in plance ot manage the identuty and trust into IT users and devices across organisations.

18
Q

What is SSO

A

single sign on is a subset of federated identity management where users use a single sign on for multiple systems.

19
Q

What does MAC stand for?

A

Mandatory Access Control

20
Q

When is MAC used?

A

MAC is used when confidentiality is most important

access to an object is determined by labels and clearance.

21
Q

What does RBAC stand for?

A

Role based access control

22
Q

When is RBAC used?

A

role based access control is used when integrity is most important

23
Q

What does ABAC stand for?

A

Attribute based access control

access to objects is granted based on subjects, objects and environmental conditions.
attributes could be:
- subject (user)
- object (resource)
- environment (special jobs assigned to normally restricted areas, local time)

24
Q

What does DAC stand for?

A

Discretionary access control

25
Q

When is DAC used?

A

Discretionary access control is used when availability is most important

access to an object is assigned at the discretion of the object owner.

26
Q

Which type of access control model would we use if confidentiality was the MOST important factor to us?

DAC, RBAC, MAC, RUBAC

A

MAC

MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important.

27
Q

Implementing our access control model, you are asked, “In which type of access management would you use access lists?” What do you answer?

DAC, RBAC, MAC, RAC

A

DAC

DAC (Discretionary Access Control): Often used when Availability is most important. Uses DACLs (Discretionary access lists), based on user identity. Access to an object is assigned at the discretion of the object owner. The owner can add, remove rights, commonly used by most OS’.