Module 02: Identification, Authentication, and Authorization

Question 1

Defined as a user or a process that that attempt to access the objects. The ______ are those entities that perform certain actions on the system.

Answer 1

Subject

Question 1

An explicit resource on which an access restriction is imposed. The access controls implemented on this further control the actions performed by the user.

Answer 1

Object

Question 2

Monitors the restrictions imposed on the basis of certain access control rules. it implements a set of rules on the ability of the subject to perform certain actions on the object.

Answer 2

Reference Monitor

Question 3

An action performed by a subject on a object. A user trying to delete a file is an example.

Answer 3

Operation

Question 4

Determines the usage and access policies for the users. A user can access a resource only if they have access rights to that resource. This is applied in the case of data that has been marked as highly confidential.

Answer 4

Mandatory Access Control (MAC)

Question 5

Also can be termed as need-to-know access model where the decision can be taken by an owner to provide or any access to specific user or a group of users. Determines the access control taken by any possessor of an object in order to decide the access control of a subject on that object.

Answer 5

Discretionary Access Control (DAC)

Question 6

The access permissions are available based on the access policies determined by the system. The access permissions are beyond the user control which implies that users cannot amend the access policies created by the system.

Answer 6

Role-Based Access Control (RBAC)

Question 7

Permissions are assigned to a user role dynamically based on a set of rules defined by the administrator

Answer 7

Rule-Based access Control (RB-RBAC)