Exam 4: Access Control

Basic access control systems typically define three classes of subject: owner,__________ and world.

__________ is verification that the credentials of a user or other system entity are valid.

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.

An approval to perform an operation on one or more RBAC protected objects is _________ .

__________ is the traditional method of implementing access control.

The principal objectives of computer security are to prevent unauthorized users from gaining access to resources,to prevent legitimate users from accessing resources in an unauthorized manner,and to enable legitimate users to access resources in an authorized manner.

The default set of rights should always follow the rule of least privilege or read-only access

__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.

The authentication function determines who is trusted for a given purpose.

The basic elements of access control are: subject,__________,and access right.

A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.

A __________ is an entity capable of accessing objects.

A user may belong to multiple groups.

__________ is based on the roles the users assume in a system rather than the user's identity.

__________ functions provide the capability to create,delete,and maintain RBAC elements and relations.

The main innovation of the NIST standard is the introduction of the RBAC System and Administrative Functional Specification,which defines the features required for an RBAC system.

_________ specifications limit the availability of the permissions by placing constraints on the roles that can be activated within or across a user's sessions.