Exam 4: Access Control

__________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.

A __________ access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource.

A user may belong to multiple groups.

In digital identity systems, a __________ functions as a certification program.

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

The authentication function determines who is trusted for a given purpose.

Role hierarchies make use of the concept of __________ to enable one role to implicitly include access rights associated with a subordinate role.

__________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.

An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) __________ .

An ABAC model can define authorizations that express conditions onproperties of both the resource and the subject.

__________ is based on the roles the users assume in a system rather than the user's identity.

__________ controls access based on comparing security labels with security clearances.

__________ is verification that the credentials of a user or other system entity are valid.

A __________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.

A constraint is a defined relationship among roles or a condition related toroles.

Any program that is owned by, and SetUID to, the "superuser" potentiallygrants unrestricted access to the system to any user executing that program.

A concept that evolved out of requirements for military information security is ______ .

The principal objectives of computer security are to preventunauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.

A __________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.

There are three key elements to an ABAC model: attributes which are defined for entities in a configuration; a policy model, which defines the ABAC policies; and the __________ model, which applies to policies that enforce access control.