CIT 270 Chapter 11 Questions

STUDY
PLAY

Terms in this set (...)

A(n) _____ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as required.

a.) owner
b.) administrator
c.) custodian
d.) end-user
owner
The principle known as _____ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function.

a.) mandatory limitations
b.) enterprise security
c.) least privilege
d.) deny all
least privilege
Which authentication protocol is available as a free download that runs on Microsoft Windows, Apple Mac OS X, and Linux?

a.) LDAP
b.) IEEE 802.1x
c.) RADIUS
d.) Kerberos
Kerberos
How is the Security Assertion Markup Language (SAML) used?

a.) It is a backup to a RADIUS server.
b.) It allows secure web domains to exchange user authentication and authorization data.
c.) It is an authenticator in IEEE 802.1x.
d.) It is no longer used because it has been replaced by LDAP.
It allows secure web domains to exchange user authentication and authorization data.
A process functioning on behalf of the user who attempts to access a file is known as a(n) _____.

a.) object
b.) operation check
c.) subject
d.) resource
subject
A user entering her user name would correspond to the _____ action in access control.

a.) authentication
b.) identification
c.) authorization
d.) access
identification
_____ in access control means that if a condition is not explicitly met, then access is to be rejected.

a.) Prevention control
b.) Denial of duties
c.) Implicit deny
d.) Explicit rejection
Implicit deny
With the development of IEEE 802.1x port security, the _____ authentication server has seen even greater usage.

a.) RADIUS
b.) RDAP
c.) DAP
d.) AAA
RADIUS
What is the current version of TACACS?

a.) XTACACS
b.) TACACS+
c.) TACACS v5
d.) TRACACS
TACACS+
A RADIUS authentication server requires that the _____ be authenticated first.

a.) user
b.) authentication server
c.) supplicant
d.) authenticator
supplicant
Which access control model is considered to be the least restrictive?

a.) Role Based Access Control
b.) Mandatory Access Control
c.) Rule Based Access Control
d.) Discretionary Access Control
Discretionary Access Control
How are roles dissimilar to groups?

a.) Groups do not give users access to resources
b.) Roles are considered global groups
c.) Roles are specific to Linux and UNIX systems
d.) A user can only be assigned one role
A user can only be assigned one role
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?

a.) Mandatory Access Control
b.) Role Based Access Control
c.) Discretionary Access Control
d.) Rule Based Access Control
Mandatory Access Control
Which access control model can dynamically assign roles to subjects based on a set of defined rules?

a.) Role Based Access Control
b.) Mandatory Access Control
c.) Rule Based Access Control
d.) Discretionary Access Control
Rule Based Access Control
Orphaned accounts and dormant accounts are security risks that differ at what capacity?

a.) Dormant accounts have not been accessed for a lengthy duration
b.) Orphaned accounts are no longer active
c.) Orphaned accounts are limited in access
d.) Dormant account credentials have been lost
Dormant accounts have not been accessed for a lengthy duration
Which statement about Rule Based Access Control is true?


a.) It requires that a custodian set all rules.
b.) It is considered obsolete today.
c.) It dynamically assigns roles to subjects based on rules.
d.) It is considered a real-world approach by linking a user's job function with security.
It dynamically assigns roles to subjects based on rules.
What is the name given to the individual who periodically reviews security settings and maintains records of access by users?

a.) supervisor
b.) custodian
c.) owner
d.) manager
custodian
In the _____ model, the end-user cannot change any security settings.

a.) Discretionary Access Control
b.) Restricted Access Control
c.) Security Access Control
d.) Mandatory Access Control
Mandatory Access Control
What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

a.) Lite RDAP
b.) DAP
c.) LDAP
d.) IEEE X.501
LDAP
In the Mandatory Access Control (MAC) model, every subject and object _____.

a.) must be given a number from 200-900
b.) is restricted and cannot be accessed
c.) is assigned a label
d.) can be changed by the owner
is assigned a label
Which of these is NOT part of the makeup of the AAA elements in network security?

a.) auditing usage (accounting)
b.) controlling access to network resources (authentication)
c.) enforcing security policies (authorization)
d.) determining user need (analyzing)
determining user need (analyzing)
A(n) _____ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.

a.) RBASE plug-in attack
b.) SQL/LDAP insert attack
c.) modified Trojan attack
d.) LDAP injection attack
LDAP injection attack
What is the least restrictive access control model?

a.) Discretionary Access Control (DAC)
b.) Role Based Access Control (RBAC)
c.) Mandatory Access Control (MAC)
d.) Rule Based Access Control (RBAC)
Discretionary Access Control (DAC)
Which of these is a set of permissions that is attached to an object?

a.) access control list (ACL)
b.) Subject Access Entity (SAE)
c.) object modifier
d.) security entry designator
access control list (ACL)
Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory?

a.) Windows Register Settings
b.) AD Management Services (ADMS
c.) Group Policy
d.) Resource Allocation Entities
Group Policy
What does an organization accomplish using least privilege?

a.) Creating redundancy in access
b.) Exposing avenues for fraud
c.) Simplifying access to resources
d.) Limiting attack surface
Limiting attack surface
Select below the access control model that uses access based on a user's job function within an organization:

a.) Role Based Access Control
b.) Rule Based Access Control
c.) Discretionary Access Control
d.) Mandatory Access Control
Role Based Access Control
How are ACLs limited in functionality?

a.) ACLs do not allow for permission inheritance
b.) ACLs are not efficient
c.) ACLs are not usable in Windows environments
d.) ACLs must be configured via Group Policy
ACLs are not efficient
How does the Bell-LaPadula model differ from the lattice model?

a.) Lattice model is more complex by nature
b.) Lattice model provides integrity with controlled access
c.) Bell-LaPadula is the same model as the lattice model
d.) Bell-LaPadula does not allow creation of objects at lower levels
Bell-LaPadula does not allow creation of objects at lower levels
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

a.) accounting request
b.) access request
c.) verification request
d.) authentication request
authentication request
YOU MIGHT ALSO LIKE...
STUDY GUIDE