NAME

Question types


Start with


Question limit

of 31 available terms

Advertisement Upgrade to remove ads
Print test

5 Written questions

5 Matching questions

  1. mandatory access control
  2. token
  3. role-based access control
  4. diversity of defense
  5. integrity levels
  1. a making different layers of security dissimilar so that even if attackers know how to get through a system made up of one layer, they may not know how to get through a different type of layer. also use different vendor products
  2. b a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. OS decides if access is granted
  3. c hardware device used in challenge/response authentication process
  4. d indicates the level of "trust" that can be placed in information at the different levels, and limit modification as opposed to the flow of information (p35)
  5. e user is assigned a set of roles they can perform and roles are assigned access permission necessary to perform tasks associated with the role

5 Multiple choice questions

  1. if the mechanism is overly complex, identifying the root of the problem may be overwhelming if not impossible. also eliminate nonessential services and protocols
  2. 1. do nothing- use out-of-the-box software tools 2. host security 3. network security
  3. network authentication protocol designed for client/server environment that issues tickets by an authentication server that is trusted by the client and the server the client wishes to access
  4. audit logs, intrusion detection systems, honeypots
  5. Users only have the minimum set of rights, permissions, and privileges that they need to accomplish their jobs

5 True/False questions

  1. security through obscuritythe approach of protecting something by hiding it

          

  2. authentication methodsproviding something you know, something you have , something about you to prove your identity

          

  3. low-water-mark-policyallows any subject to read any object without regard to the object's level of integrity and without lowering the subject's level of integrity (p35)

          

  4. simple security ruleBell-LaPadula security principle that states no subject can read information from an object with a security classification higher than the subject itself (p34)

          

  5. prevention technologiesaudit logs, intrusion detection systems, honeypots