Quick Tips 3 Flashcards
Examples of BLANK controls are system access, network architecture, network access, encryption and protocols, and auditing.
technical
For a subject to be able to access a resource, it must be BLANK, BLANK, and BLANK, and should be held BLANK for its actions.
identified, authenticated, authorized, accountable
BLANK can be accomplished by biometrics, a password, a passphrase, a cognitive password, a one-time password, or a token.
Authentication
A Type I error in biometrics means BLANK , and a Type II error means BLANK .
the system rejected an authorized individual, an imposter was authenticated
A BLANK cannot process information, but a BLANK can through the use of integrated circuits and processors.
memory card, smart card
BLANK and BLANK principles limit users’ rights to only what is needed to perform tasks of their job.
Least-privilege, need-to-know
BLANK capabilities can be accomplished through Kerberos, SESAME, domains, and thin clients.
Single sign-on
The Kerberos user receives a BLANK, which allows him to request access to resources through the BLANK. The BLANK generates a new ticket with the session keys.
ticket granting ticket (TGT), ticket granting service (TGS), TGS
Types of access control attacks include BLANK.
denial of service, spoofing, dictionary, brute force, and war dialing
BLANK is a type of auditing that tracks each keystroke made by a user.
Keystroke monitoring
BLANK can unintentionally disclose information by assigning media to a subject before it is properly erased.
Object reuse
Just removing BLANK to files (deleting file, formatting hard drive) is not always enough protection for proper object reuse.
pointers
Information can be obtained via electrical signals in airwaves. The ways to combat this type of intrusion are BLANK.
TEMPEST, white noise, and control zones
User authentication is accomplished by what someone BLANK.
knows, is, or has
BLANK can use synchronous (time, event) or asynchronous (challenge-based) methods.
One-time password-generating token devices
