IS3230 CHAPTER 1

Question 1

The ability of a subject and an object to interact is called ___.

Answer 1

ACCESS

Question 2

The process or mechanism of granting or denying use of a resource: typically applied to users or generic network traffic is called ___.

Answer 2

ACCESS CONTROL

Question 3

The process of confirming the identity of a user. Also, ensuring that a sender and recipient are who they say they are is called ___.

Answer 3

AUTHENTICATION

Question 4

A way of confirming the identity of a subject. The three ___ are “something you know”; “something you have”; and “something you are”.

Answer 4

AUTHENTICATION FACTOR

Question 5

The decision to allow or deny a subject access to an object. After a user has been authenticated, for example, authorization determines if the user has the rights to perform specific actions on the network or system. This is known as ___.

Answer 5

AUTHORIZATION

Question 6

An authentication system based on physical characteristics or behavioral tendencies of an individual is called ___.

Answer 6

BIOMETRICS

Question 7

The process by which a subject or object identifies itself to the access control system. In the case of users, ____ uniquely distinguishes an individual. In most cases it needs to be proved prior to authentication the user.

Answer 7

IDENTIFICATION

Question 8

1. Anything that is passively acted upon by a subject or

2. The resource to which a subject desires access. Common ___ are data, networks, and printers.

Answer 8

OBJECT

Question 9

A phrase or sentence used in place of a password is a ___ and is often used as mnemonic devices to help remember complex passwords.

Answer 9

PASSPHRASE

Question 10

A secret combination of characters known only to the subject is a ___.

Answer 10

PASSWORD

Question 11

The process of ensuring that no one without the proper credentials can physically access resources is called ___.

Answer 11

PHYSICAL SECURITY

Question 12

1. A document that describes specific requirements or rules that must be met in a given area.
2. A formal statement of management intent regarding the business practices of an organization. A ___ is binding upon all affected individuals.

Answer 12

POLICIES

Question 13

A defined series of steps or actions for achieving an objective or result. Example, a defined workflow used to enforce policies is considered a ___ or a set of ___. This is often written to ensure that tasks are completed in the same way each time, preventing unexpected problems.

Answer 13

PROCEDURES

Question 14

Something only the subject and the authentication system know. It can be a piece of data that is known only to the parties that communicating with one another. A ___ is used for encryption.

Answer 14

SHARED SECRET

Question 15

The user, network, system, process or application requesting access to a resource is called ___.

Answer 15

SUBJECT

Question 16

Something the subject has that no one else does. Smart cards and challenge-response devices are comely used ___.

Answer 16

TOKEN

Question 17

A technical method or control used to complete a task or achieve a goal, such as enforcing policies is called ___.

Answer 17

TOOLS

Question 18

1. The three principal components of access control are ___, subjects, and objects.

Answer 18

Policies

Question 19

2. The subject is always a human user.

TRUE OR FALSE

Answer 19

FALSE

Question 20

3. Which of the following describes technical methods used to enforce policies?
4. Access control
5. Procedures
6. Tools
7. Physical security
8. Authentication

Answer 20

Tools

Question 21

4. An organization typically uses procedures and tools together to enforce policies.
   TRUE OR FALSE

Answer 21

TRUE

Question 22

5. The three states of a subject in an access control scenario are authorized, unauthorized, and ___.

Answer 22

Unknown

Question 23

6. Physical security is typically the responsibility of the IT department.
   TRUE OR FALSE

Answer 23

FALSE

Question 24

7. What is the first step in the access control process?
8. Logging in
9. Authorization
10. Authentication
11. Identification
12. Access

Answer 24

Identification

Question 25

8. Which of the following is an example of the “something you know” authentication factor?
9. Username
10. Token
11. Password
12. Retinal Scan
13. Access control list

Answer 25

Password

Question 26

9. Which of the following is an example of “something you have”?
10. Username
11. Token
12. Password
13. Retinal Scan
14. Access control list

Answer 26

Token

Question 27

10. Which of the following is an example of “something you are?”
11. Username
12. Token
13. Password
14. Retinal Scan
15. Access control list

Answer 27

Retinal scan

Question 28

11. Authorization rules can be as simple or complex as business needs require.
    TRUE OR FALSE

Answer 28

TRUE

Question 29

12. The four basic access levels are Author, Read only, No access, and___.

Answer 29

Administrative

Question 30

13. Assigning group access controls eliminates individual accountability.
    TRUE OR FALSE

Answer 30

FALSE

Question 31

14. The two types of biometric authentication methods are ___ and physical.

Answer 31

Behavioral