Security 6.4 Flashcards
Authentication
proving that a subject is who they claim to be
Authorization
determine what rights or permissions subjects should have on each resource and enforcing those rights
Accounting
tracking authorized and unauthorized usage of a resource or use of rights by a subject.
Single Factor
1 item of authentication
EX. using 1 aspect for instance something you know like a pin and passowrd, or something you have hardware/software token, where you are, who you are
A.C.L.
Access Control List
List of subjects and the rights or permissions they have been granted on the object.
Something you know of Authentication factors
Pin and Password, Security Question
Something you have of Authentication Types
One-Time Password, Software Token
Who you are type of Authentication
Biometrics
Role Based Access
set of roles are defined and users allocated to those roles
Discretionary Access Control
The owner is the original creator of the resource.
Granted full control over the resource, can modify its access control list to grant rights to others
Mandatory Access Control
Based on security clearance levels.
Rule Based access control
refers to any sort of access control model where access control policies are determined by system enforced rules.
User Account Types
ensures the identity of someone using a computer is validated.
Which non-repudiation mechanism can prove that a person was genuinely operating an account and that it was not hijacked?
biometric authentication device
Which non-repudiation mechanism can prove that the user was an author of a document?
A physical or digital signature
How does RSA’s SecurID token provide multi-factor authentication?
It generates a number code synchronized to a code on a server and is combined with a PIN.
Which non-repudiation mechanism records who goes in or out of a particular area without user interaction?
A video surveillance camera
Which of the following describes Discretionary Access Control (DAC)?
An authorization access model that stresses the importance of the owner who has full control over the resource
What is the authorization concept known as implicit deny?
A principle stating that access requires explicit authorization and everything else is rejected
Logging events in an audit log is what part of the access control system?
Accounting
Which non-repudiation mechanism can prove that a person was genuinely operating an account and that it was not hijacked?
A biometric authentication device
What service must be enabled for you to log on to multiple resources, servers, or sites using a common account and password?
Single Sign On
Which of the following is a common concern regarding the accuracy of biometrics?
The false-negative and false-positive rate
What is the purpose of authorization?
To ensure that the person has the right to access a file or perform an action
A passphrase is a longer version of which factor of authentication?
A password
What is rule-based access control?
An authorization access model in which access is based on policies that are non-discretionary
Which factor of authentication can be stolen and replayed from a remote location?
A software token
think something you have
What information can be used as a response to a security question?
Personally Identifiable Information (PII)
Which non-repudiation mechanism can prove that the user was an author of a document?
A physical or digital signature
