Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec > Quiz 3 > Flashcards

Quiz 3 Flashcards

1
Q

An object is said to have security clearance of a given level; whereas a subject is said to have a security classification of a given level

a) True
b) False

A

b) False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The Chinese Wall Model (CWM) incorporates both discretionary and mandatory access concepts

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Kernel Mode allows privileged instructions to be executed and privileged areas of memory to be accessed

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Well-Formed Transactions are when users can manipulate the data arbitrarily to be able to complete transactions.

a) True
b) False

A

b) False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

One strength of the attribute-based access control (ABAC) model is the improved performance when evaluating predicates on both resource and user properties for each access.

a) True
b) False

A

b) False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Row-level granularity for database security does not cause any problems with inference from the data returned by the query in question.

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ACL is per object, whereas a capability list is per user.

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A multilevel secure system for confidentiality must enforce No write up and No read down.

a) True
b) False

A

b) False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The BLP (Bell-LaPadula) model was developed as a formal model for access control.

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The term identity federation is used to describe the technology, standards, policies, and processes that allow an organization to trust digital identities, identity attributes, and credentials created and issued by another organization.

a) True
b) False

A

a) True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In Access Management, this element determines what is allowable and unallowable in an access transaction.

a) Resource Management
b) Privilege Management
c) Policy Management
d) All of the above
e) None of the above

A

c) Policy Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In the Attribute-Based Access Control (ABAC) model, entities such as files, tables, programs, and networks are considered:

a) Subjects
b) Objects
c) Environments
d) All of the above
e) None of the above

A

b) Objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In the Traditional UNIX approach (minimal access control list), the filesystem uses these classes for File Access Control.

a) Owner Class
b) Group Class
c) Other Class
d) All of the above
e) None of the above

A

d) All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Bell-Lapadula model considers which of the following access modes:

a) Modify
b) Observer
c) Execute
d) Invoke
e) All of the above
f) None of the above

A

f) None of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is not a functional component of a trusted platform module (TPM).

a) Execution engine
b) Nonvolatile memory
c) Key generation
d) Powerline modulator
e) Opt-in

A

d) Powerline modulator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following are NOT properties of the reference monitor?

a) Verifiability
b) Confidentiality
c) Complete Mediation
d) Isolation
e) All of the above
f) None of the Above

A

b) Confidentiality -> Pg. 457

17
Q

Which of the following is a benefit of Role-Based Access Control (RBAC)?

a) Rights are granted on the user level, allowing granular access control
b) A user is strictly allowed one role, making it easy to manage and prevent users from receiving unauthorized roles
c) Policies do not need to be updated when users leave an organization
d) Unauthorized users cannot gain access to the system because users are not allowed to authenticate themselves

A

c) Policies do not need to be updated when users leave an organization

18
Q

In Role-Based Access Control, what is the relationship of roles to resources?

a) One to one
b) One to many
c) Many to one
d) Many to many

A

d) Many to many -> Pg. 128

19
Q

In Role Based Access Control, setting a maximum number of users that can be assigned to a given role is an example of :

a) Sessions
b) Cardinality
c) Prequesite Roles
d) Mutually Exclusive Roles
e) All of the above
f) None of the above

A

b) Cardinality -> Pg. 133

20
Q

A ____ model controls access based on the identity of the requester and on access rules stating what requester’s are (or are not) allowed to do.

a) Mandatory access control
b) Role-based access control
c) Discretionary access control
d) Attribute-based access control
None of the above

A

c) Discretionary access control -> Pg. 116

Sec (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions