Exam 4: Access Control

A __________ is a named job function within the organization that controls this computer system.

_________ is the granting of a right or permission to a system entity to access a system resource.

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

A constraint is a defined relationship among roles or a condition related to roles.

T F 4.External devices such as firewalls cannot provide access control services.

Access control is the central element of computer security.

The __________ user ID is exempt from the usual file access control constraints and has system wide access.

__________ controls access based on comparing security labels with security clearances.

Any program that is owned by,and SetUID to,the "superuser" potentially grants unrestricted access to the system to any user executing that program.

The authentication function determines who is trusted for a given purpose.

Subject attributes,object attributes and environment attributes are the three types of attributes in the __________ model.

A __________ is an object or data structure that authoritatively binds an identity to a token possessed and controlled by a subscriber.

An auditing function monitors and keeps a record of user accesses to system resources.

X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.

The final permission bit is the _________ bit.

__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.

A(n)__________ is a resource to which access is controlled.

A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.

Security labels indicate which system entities are eligible to access certain resources.

An independent review and examination of system records and activities in order to test for adequacy of system controls,to ensure compliance with established policy and operational procedures,to detect breaches in security,and to recommend any indicated changes in control,policy and procedures is a(n)__________ .