IS3230 CHAPTER 1 Flashcards

1
Q

The ability of a subject and an object to interact is called ___.

A

ACCESS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The process or mechanism of granting or denying use of a resource: typically applied to users or generic network traffic is called ___.

A

ACCESS CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The process of confirming the identity of a user. Also, ensuring that a sender and recipient are who they say they are is called ___.

A

AUTHENTICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A way of confirming the identity of a subject. The three ___ are “something you know”; “something you have”; and “something you are”.

A

AUTHENTICATION FACTOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The decision to allow or deny a subject access to an object. After a user has been authenticated, for example, authorization determines if the user has the rights to perform specific actions on the network or system. This is known as ___.

A

AUTHORIZATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An authentication system based on physical characteristics or behavioral tendencies of an individual is called ___.

A

BIOMETRICS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The process by which a subject or object identifies itself to the access control system. In the case of users, ____ uniquely distinguishes an individual. In most cases it needs to be proved prior to authentication the user.

A

IDENTIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Anything that is passively acted upon by a subject or

2. The resource to which a subject desires access. Common ___ are data, networks, and printers.

A

OBJECT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A phrase or sentence used in place of a password is a ___ and is often used as mnemonic devices to help remember complex passwords.

A

PASSPHRASE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A secret combination of characters known only to the subject is a ___.

A

PASSWORD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The process of ensuring that no one without the proper credentials can physically access resources is called ___.

A

PHYSICAL SECURITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. A document that describes specific requirements or rules that must be met in a given area.
  2. A formal statement of management intent regarding the business practices of an organization. A ___ is binding upon all affected individuals.
A

POLICIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A defined series of steps or actions for achieving an objective or result. Example, a defined workflow used to enforce policies is considered a ___ or a set of ___. This is often written to ensure that tasks are completed in the same way each time, preventing unexpected problems.

A

PROCEDURES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Something only the subject and the authentication system know. It can be a piece of data that is known only to the parties that communicating with one another. A ___ is used for encryption.

A

SHARED SECRET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The user, network, system, process or application requesting access to a resource is called ___.

A

SUBJECT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Something the subject has that no one else does. Smart cards and challenge-response devices are comely used ___.

17
Q

A technical method or control used to complete a task or achieve a goal, such as enforcing policies is called ___.

18
Q
  1. The three principal components of access control are ___, subjects, and objects.
19
Q
  1. The subject is always a human user.

TRUE OR FALSE

20
Q
  1. Which of the following describes technical methods used to enforce policies?
  2. Access control
  3. Procedures
  4. Tools
  5. Physical security
  6. Authentication
21
Q
  1. An organization typically uses procedures and tools together to enforce policies.
    TRUE OR FALSE
22
Q
  1. The three states of a subject in an access control scenario are authorized, unauthorized, and ___.
23
Q
  1. Physical security is typically the responsibility of the IT department.
    TRUE OR FALSE
24
Q
  1. What is the first step in the access control process?
  2. Logging in
  3. Authorization
  4. Authentication
  5. Identification
  6. Access
A

Identification

25
8. Which of the following is an example of the "something you know" authentication factor? 1. Username 2. Token 3. Password 4. Retinal Scan 5. Access control list
Password
26
9. Which of the following is an example of "something you have"? 1. Username 2. Token 3. Password 4. Retinal Scan 5. Access control list
Token
27
10. Which of the following is an example of "something you are?" 1. Username 2. Token 3. Password 4. Retinal Scan 5. Access control list
Retinal scan
28
11. Authorization rules can be as simple or complex as business needs require. TRUE OR FALSE
TRUE
29
12. The four basic access levels are Author, Read only, No access, and___.
Administrative
30
13. Assigning group access controls eliminates individual accountability. TRUE OR FALSE
FALSE
31
14. The two types of biometric authentication methods are ___ and physical.
Behavioral