IS3230 CHAPTER 8 Flashcards
In window-based systems, a value that specifies the rights that are allowed or denied in an access control entry (ACE) of an access control list (ACL) is called ___.
ACCESS MASK
This stores information about objects on the network and makes this information available for authorized systems administrators and users. It gives network users access to permitted resources anywhere on the network using a single sign-on process. Also provides system admin with an intuitive hierarchical view of the network and a single point of administration for all network objects is called ___.
ACTIVE DIRECTORY
A collection of binary data stored in a relational database is called ___.
BINARY LARGE OBJECTS (BLOBs)
Objects that inherit certain characteristics, such as access controls, from a parent object is called ___.
CHILD OBJECTS
The stored data may be in archival form on tape or optical disc, on a hard disk, or sitting in a system’s buffers is called ___.
DATA AT REST (DAR)
Data as it travels from one place to another, such as over a network is called ___.
DATA IN MOTION (DIM)
Rights that are given to a user by the owner of an object is called ___.
DELEGATED ACCESS RIGHTS
A DAC system where rights are assigned by the owner of the resource in question is called ___.
DISCRETIONARY ACCESS CONTROL LIST (DACL)
Access rights that are actively given to a user by an object owner is called ___.
EXPLICITLY DELEGATED RIGHTS
The outermost boundary of an Active Directory service. This may contain several domains is called ___.
FOREST
Rights that are inherited or otherwise passively assigned is called ___.
IMPLICITLY DELEGATED RIGHTS
A combination of hardware and software used to analyze network traffic passing through a single point on the network. It is designed to analyze traffic patterns to find suspicious activity is called ___.
INTRUSION DETECTION
An application layer protocol for querying and modifying directory services running under Transmission Control Protocol/Internet Protocol (TCP/IP)
LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP)
A patch to the Linux kernel and a set of administrative tools that attempt to enhance security is called ___.
LINUX INTRUSION DETECTION SYSTEM (LIDS)
A service that provides information to all systems on a network is called ___.
NETWORK INFORMATION SERVICE (NIS)
A logical structure that allows you to organize users, computers, and other objects into separate units for administrative purposes is called ___.
ORGANIZATIONAL UNIT (OU)
An object from which other objects inherit various properties including access controls is called ___.
PARENT OBJECT
Software that monitors network ports to detect a port scan attack. These attacks are usually the precursor to a more serious attack is called ___.
PORT SCAN DETECTOR
A mechanism used to control the output of a specific process is called ___.
PROCESS CONTROL SYSTEM (PCS)
A database that stores data in tables and provides for relationships between various data is called ___.
RELATIONAL DATABASE (RDB)
The superuser in Linux and UNIX systems is called ___.
ROOT
A security mechanism for isolating programs running in a shared environment is called ___.
SANDBOX
A user with full rights on a system is called ___.
SUPER ADMINISTRATOR
A command that allows an administrator to run processes as root without actually logging in under the root account in a Linux or UNIX system is called ___.
SUPER USER DO (SUDO)
A system-created access control list that handles the information assurance aspect of access controls is called ___.
SYSTEM ACCESS CONTROL LIST (SACL)
A multi-processing, multi-user family of operating systems originally developed by Bell Laboratories and most often used for servers is called ___.
UNIX
- Data residing in a system’s buffers is considered data at rest.
TRUE OR FALSE
TRUE
- Data in motion is at higher risk than data at rest.
TRUE OR FALSE
FALSE
- A(n) ___ is a list or collection of access control entities.
ACL
- The three primary ACEs are access-denied, access-allowed, and ___.
System-audit
- ___ in a database are an example of an application with internal access controls.
Binary large objects, or BLOBs
- Which operating system(s) implements the most granular access controls?
- Linux
- UNIX
- Windows
- 1 and 2
Windows
- In a Windows environment, what is an organizational unit?
- A logical structure for organizing users, groups, and computers
- A business unit
- A group of related data
- A logical structure for organizing firewall rules
A logical structure for organizing users, groups, and computers
- A Window domain administrator has full control over all the computers in the domain.
TRUE OR FALSE
TRUE
- A Windows domain administrator is the top-level authority in a Windows environment.
TRUE OR FALSE
FALSE
- In which operating systems is rwxr-xr-x an example of rights notation?
UNIX and Linux
- What does the sudo command in UNIX allow systems administrators to do?
- Log in as root
- Run any process as if they were logged in as another user
- Disable the root user
- Disable a user account
Run any process as if they were logged in as another user
- The four rights on an NIS+ object are Read, Modify, Create, and ___.
Destroy
- Why should an organization automate user creation? (Select two)
- To save time and effort for the IT staff
- To allow individuals to manage their own user accounts
- To accurately add, modify, or remove access rights
- To minimize the need for a full IT staff
To save time and effort for the IT staff
To accurately add, modify, or remove access rights
