Security 6.4

Question 1

Authentication

Answer 1

proving that a subject is who they claim to be

Question 2

Authorization

Answer 2

determine what rights or permissions subjects should have on each resource and enforcing those rights

Question 3

Accounting

Answer 3

tracking authorized and unauthorized usage of a resource or use of rights by a subject.

Question 4

Single Factor

Answer 4

1 item of authentication

EX. using 1 aspect for instance something you know like a pin and passowrd, or something you have hardware/software token, where you are, who you are

Question 5

A.C.L.

Answer 5

Access Control List

List of subjects and the rights or permissions they have been granted on the object.

Question 6

Something you know of Authentication factors

Answer 6

Pin and Password, Security Question

Question 7

Something you have of Authentication Types

Answer 7

One-Time Password, Software Token

Question 8

Who you are type of Authentication

Answer 8

Biometrics

Question 9

Role Based Access

Answer 9

set of roles are defined and users allocated to those roles

Question 10

Discretionary Access Control

Answer 10

The owner is the original creator of the resource.

Granted full control over the resource, can modify its access control list to grant rights to others

Question 11

Mandatory Access Control

Answer 11

Based on security clearance levels.

Question 12

Rule Based access control

Answer 12

refers to any sort of access control model where access control policies are determined by system enforced rules.

Question 13

User Account Types

Answer 13

ensures the identity of someone using a computer is validated.

Question 14

Which non-repudiation mechanism can prove that a person was genuinely operating an account and that it was not hijacked?

Answer 14

biometric authentication device

Question 15

Which non-repudiation mechanism can prove that the user was an author of a document?

Answer 15

A physical or digital signature

Question 16

How does RSA’s SecurID token provide multi-factor authentication?

Answer 16

It generates a number code synchronized to a code on a server and is combined with a PIN.

Question 17

Which non-repudiation mechanism records who goes in or out of a particular area without user interaction?

Answer 17

A video surveillance camera

Question 18

Which of the following describes Discretionary Access Control (DAC)?

Answer 18

An authorization access model that stresses the importance of the owner who has full control over the resource

Question 19

What is the authorization concept known as implicit deny?

Answer 19

A principle stating that access requires explicit authorization and everything else is rejected

Question 20

Logging events in an audit log is what part of the access control system?

Answer 20

Accounting

Question 21

Which non-repudiation mechanism can prove that a person was genuinely operating an account and that it was not hijacked?

Answer 21

A biometric authentication device

Question 22

What service must be enabled for you to log on to multiple resources, servers, or sites using a common account and password?

Answer 22

Single Sign On

Question 23

Which of the following is a common concern regarding the accuracy of biometrics?

Answer 23

The false-negative and false-positive rate

Question 24

What is the purpose of authorization?

Answer 24

To ensure that the person has the right to access a file or perform an action

Question 25

A passphrase is a longer version of which factor of authentication?

Answer 25

A password

Question 26

What is rule-based access control?

Answer 26

An authorization access model in which access is based on policies that are non-discretionary

Question 27

Which factor of authentication can be stolen and replayed from a remote location?

Answer 27

A software token

think something you have

Question 28

What information can be used as a response to a security question?

Answer 28

Personally Identifiable Information (PII)

Question 29

Which non-repudiation mechanism can prove that the user was an author of a document?

Answer 29

A physical or digital signature