Module 12 - Understanding Authorization - Q&A Flashcards
Which of the following terms describes the process of allowing access to different resources? A. Authorization B. Authentication C. Accountability D. Identification
A. Authorization describes the process of allowing access to different resources.
Which of the following states that users should be given only the level of access needed to perform their duties? A. Separation of duties B. Accountability C. Principle of least privilege D. Authorization
C. The principle of least privilege states that users should be given only the level of access needed to perform their duties.
Not allowing system administrators to have access to security audit logs is an example of \_\_\_\_\_\_\_\_\_\_. A. principle of least privilege B. separation of duties C. job rotation D. authorization
B. This is an example of separation of duties, since allowing system administrators to have access to security logs might allow them to take unauthorized actions and then delete any trace of those actions.
The ability to write to a particular file is an example of a \_\_\_\_\_\_\_\_\_\_. A. right B. privilege C. discretionary access control model D. permission
D. The ability to write to a file is the example of a permission.
Which of the following would detail the particular access levels of an individual for a given object? A. Access control list B. Rule-based access control model C. Role-based access control model D. Privileges
A. An access control list would detail the particular access levels of an individual for a given object.
Which of the access control models is based upon labels assigned to data and matching security clearances? A. Discretionary access control B. Rule-based access control C. Role-based access control D. Mandatory access control
D. The mandatory access control model is based upon labels assigned to data and matching security clearances.
Which of the following access control models allows object creators and owners to assign permissions to users? A. Rule-based access control B. Discretionary access control C. Mandatory access control D. Role-based access control
B. The discretionary access control model allows object creators and owners to assign permissions to users.
Restricting access to a particular system, based upon a stringent set of requirements including time of day, workstation, type of access, and resource is an example of which access control model? A. Rule-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control
A. This is an example of rule-based access control, since access is based upon a series of restrictions or rules.
Which of the following are used as a basis for access in role-based access control models? A. Discretionary access control groups B. Individual users C. Predefined roles D. Set of predefined rules
C. Predefined roles are used as a basis for access in role-based access control.
An administrator wants to restrict access to a particular database based upon a stringent set of requirements. The organization is using a discretionary access control model. The database cannot be written to during a specified period when transactions are being reconciled. What type of restriction might the administrator impose on access to the database?
A. Access restricted by the database owner
B. Access based upon membership in a logical group
C. Access from a particular workstation
D. Time-of-day and object permission restrictions
D. The administrator would want to impose both a time-of-day and object permission restriction on users to prevent them from writing to the database during a specified time period.