Week 11

Question 1

What are the two management steps in access control?

Answer 1

Authentication and Authorization

Question 2

Define Authentication in the context of access control.

Answer 2

Verifying identity

Question 3

Define Authorization in the context of access control.

Answer 3

Granting permissions based on identity

Question 4

What is a Subject in access control?

Answer 4

The access requester (user or machine)

Question 5

What is an Object in access control?

Answer 5

The resource being accessed

Question 6

What role does the Reference Monitor play in access control?

Answer 6

Enforces access policies

Question 7

List the steps in the access control procedure.

Answer 7

• Access Request
• Authentication
• Authorization
• Access Decision

Question 8

What is Discretionary Access Control (DAC)?

Answer 8

Users define their own access control rules

Question 9

Provide an example of Discretionary Access Control.

Answer 9

File permissions in operating systems

Question 10

What is Mandatory Access Control (MAC)?

Answer 10

A central authority defines strict access rules

Question 11

Provide an example of Mandatory Access Control.

Answer 11

Military security classification systems

Question 12

What is Role-Based Access Control (RBAC)?

Answer 12

Access is assigned based on predefined roles

Question 13

Provide an example of Role-Based Access Control.

Answer 13

Enterprise user permissions

Question 14

What is Attribute-Based Access Control (ABAC)?

Answer 14

Access is granted based on attributes

Question 15

Provide an example of Attribute-Based Access Control.

Answer 15

Cloud-based security policies

Question 16

What is Risk-Based Access Control (RAC)?

Answer 16

Access is decided based on calculated risk levels

Question 17

What is Federated Identity Management (FIM)?

Answer 17

Authentication and authorization are separated

Question 18

Who handles Authentication in Federated Identity Management?

Answer 18

Identity Providers (IdPs)

Question 19

Who handles Authorization in Federated Identity Management?

Answer 19

Service Providers (SPs)

Question 20

What is a key aspect of the Trust Model in FIM?

Answer 20

Users trust IdPs, but SPs do not trust users directly

Question 21

What does the UK Online Safety Act 2023 relate to?

Answer 21

Cybersecurity laws and regulations

Question 22

What does the EU GDPR (2016) define?

Answer 22

Individual rights such as right to be informed, access data, and erasure

Question 23

What are the Seven Key Steps for Data Protection Impact Assessments (DPIAs)?

Answer 23

• Identify the need for a DPIA
• Describe the processing
• Consider consultation
• Assess necessity and proportionality
• Identify and assess risks
• Implement risk mitigation measures
• Document outcomes

Question 24

What does the CIA Triad stand for?

Answer 24

• Confidentiality
• Integrity
• Availability

Question 25

What is the PAIN model in security?

Answer 25

* Privacy * Availability * Integrity * Non-Repudiation

Question 26

What are the challenges of security vs. usability?

Answer 26

* Users want convenience, not security * Complex systems increase user frustration * Higher security often leads to higher costs and slower processes

Question 27

Fill in the blank: Strong passwords are hard to _______.

Answer 27

remember

Question 28

What are the performance metrics for biometric authentication?

Answer 28

* False Accept Rate (FAR) * False Reject Rate (FRR) * Failure to Enrol (FTE)

Question 29

What is a challenge of biometric systems?

Answer 29

No biometric system has 0% error rate

Question 30

What are alternative authentication methods?

Answer 30

* Graphical passwords * Hardware tokens * Risk-based authentication * Multi-Factor Authentication (MFA) * Single Sign-On (SSO)

Question 31

What does ISO 9241-11 (2018) define as usability concepts?

Answer 31

* Effectiveness * Efficiency * Satisfaction

Question 32

What are extended usability concepts mentioned in ISO 9241-11?

Answer 32

* Accessibility * User Experience (UX) * Avoidance of Harm

Question 33

What is the concept of Resilience in usability?

Answer 33

System withstands failures

Question 34

What is the concept of Scalability in usability?

Answer 34

Adapts to increased usage

Question 35

What is the concept of Sustainability in usability?

Answer 35

Long-term usability