Section 20 - Access Control Flashcards

1
Q

What is Access Control?

A

Methods used to secure data and information by verifying a user has permissions to read, write, delete or otherwise modify it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four access control models?

A

DAC
MAC
RBAC
ABAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is DAC?

A

Discretionary Access Control

The access control policy is determined by the owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is MAC?

A

Mandatory Access Control

An access control policy where the computer system determines the access control for an object

*** It does this through data labels. Data labels create this trust level for all subjects. Every person gets a label of their trust level and each data object gets a label as well. It then compares these labels to each other to give access. For example, someone with a secret clearance (subject) would not get access to top security information (object.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If you want to access something with a MAC system, you need to not just meet the minimum level but you also have to have what?

A

A need to know

*** This system is typically seen in military installations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MAC is implemented in one of two ways. These are what?

A

Rule Based
Lattice Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is RAC?

A

Rule Based Access Control

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Lattice Based Access Control?

A

Utilizes complex mathematics to create sets of objects and subjects to define how they interact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

MAC exists in a couple of OS but which of them does it not?

A

Windows

This is because Windows uses Discretionary Access Control instead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is RBAC?

A

Role Based Access Control

An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level

*** The whole idea here is that we set permissions based on the job function. For example, you’d have a role for IT, HR and sales. Each have their own roles based on their job and their permissions are tailored to what access they need between each other. So HR wouldn’t need access to IT files but IT would need access to HR’s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is ABAC?

A

Attribute Based Access Control

An access model that is dynamic and context-aware using IF-THEN statements

*** This uses tagging things so you can give the right permissions using different software automation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some of the best practices for access control?

A

Implicit Deny
Least Privilege
Separation of Duties
Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Implicit Deny?

A

All access to a resource should be denied by default and only be allowed when explicitly stated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Least Privilege?

A

Users are only given the lowest level of access needed to perform their job functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Separation of Duties?

A

Requires more than one person to conduct a sensitive task or operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Job Rotation?

A

Occurs when users are cycled through various jobs to learn the overall operations better, reduce their boredom, enhance their skill level, and most importantly, increase our security

17
Q

What is ADUC?

A

Active Directory Users and Computers

This is a program inside of Windows where you can explore all the users, the groups, and the computers. You can see all the lists of the users on this particular program.

18
Q

What is chmod?

A

Change Mod

Program in Linux that is used to change the permissions or rights of a file or folder using a shorthand number system

*** This comes down to three numbers, if you have read access = 4. If you have write access = 2. If you have execute permissions, you’re a 1. You can combine these permissions so some users numbers can be higher than 4.

19
Q

What is the number for chmod used for R (Read)?

A

4

20
Q

What is the number for chmod used for W (Write)?

A

2

21
Q

What is the number for chmod used for X (Execute)?

A

1

22
Q

What does “# chmod 760 filename” mean?

A

7 = Owner can RWX
6 = Group can RW
0 = All users (no access)

23
Q

What does “# chmod 777 filename” mean?

A

Everyone has access to Read, Write and Execute

24
Q

What is a Privilege Creep?

A

Occurs when a user gets additional permission over time as they rotate through different positions or roles

25
Q

What is User-Access Recertification?

A

Process where each user’s rights and permissions are re-validated to ensure they are correct

26
Q

Permission inheritance is going to happen by ____. Whenever a new folder is created, it’s going to inherit whatever the permissions are of the folder above it, which is called the ___.

A

default
parent

27
Q

What is propagation?

A

Occurs when permissions are passed to a subfolder (“child”) from the “parent” through inheritance

28
Q

If you don’t want propagation to occur, you have to do what?

A

Breaking the inheritance

This can be done by hitting the disable inheritance button in the security tab of your folder properties

29
Q

What is the minimum character length for a strong password?

A

at least 8 characters

30
Q

What is UAC?

A

User Account Control

A security component in Windows that keeps every user in standard user mode instead of acting like an administrative user

*** The only exception to this is the administrator account

31
Q
A