Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 9: Access Control Fundamentals

Full screen (f)
exit full mode
Question
The most restrictive access control model is ____.

A) Mandatory Access Control
B) Role Based Access Control
C) Discretionary Access Control
D) Rule Based Access Control
Use Space or
up arrow
down arrow
to flip the card.
Question
A user accessing a computer system must present credentials or ____ when logging on to the system.

A) access
B) authorize
C) token
D) identification
Question
The action that is taken by the subject over the object is called a(n) ____.

A) authorization
B) access
C) control
D) operation
Question
____ requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.

A) Separation of duties
B) Job rotation
C) Mandatory vacation
D) Role reversal
Question
____ is suitable for what are called "high-volume service control applications" such as dial-in access to a corporate network.

A) RADIUS
B) ICMP
C) FTP
D) Telnet
Question
TACACS+ and RADIUS are designed to support hundreds of remote connections.
Question
A(n) ____ is a set of permissions that are attached to an object.

A) ACE
B) DAC
C) entity
D) ACL
Question
A computer user may be authorized or granted permission to log on to a system by presenting valid credentials, yet that authorization does not mean that the user can then access any and all resources.
Question
The ____ model is the least restrictive.

A) RBAC
B) MAC
C) CAC
D) DAC
Question
A user or a process functioning on behalf of the user that attempts to access an object is known as the ____.

A) subject
B) reference monitor
C) entity
D) label
Question
Authorization and access are viewed as synonymous and in access control, they are the same step.
Question
____ is considered a more "real world" access control than the other models because the access is based on a user's job function within an organization.

A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Question
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
Question
In the UAC dialog boxes, the color ____ indicates the lowest risk.

A) red
B) gray
C) yellow
D) green
Question
____ indicates when an account is no longer active.

A) Password expiration
B) Account expiration
C) Last login
D) Account last used
Question
A user under Role Based Access Control can be assigned only one ____.

A) role
B) group
C) label
D) access list
Question
A(n) ____ model is a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.

A) accounting
B) user control
C) access control
D) authorization control
Question
____ accounts are user accounts that remain active after an employee has left an organization.

A) Active
B) Stale
C) Orphaned
D) Fragmented
Question
A shield icon warns users if they attempt to access any feature that requires UAC permission.
Question
____ is often used for managing user access to one or more systems.

A) Role Based Access Control
B) Mandatory Access Control
C) Rule Based Access Control
D) Discretionary Access Control
Question
____________________ is granting or denying approval to use specific resources.
Question
List two of the most common types of authentication and AA servers.
Question
List the steps for RADIUS authentication with a wireless device in an IEEE 802.1x network.
Question
____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

A) Aurora
B) Kerberos
C) CHAP
D) TACACS
Question
____ is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.

A) TACACS
B) RADIUS
C) Kerberos
D) FTP
Question
During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the ____.

A) accounting request
B) access request
C) verification request
D) authentication request
Question
A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
Question
Describe the two key elements of the MAC model.
Question
Describe the Bell-LaPadula model.
Question
Describe how Kerberos works.
Question
List two major access control models.
Question
The X.500 standard defines a protocol for a client application to access an X.500 directory called ____.

A) DIB
B) DAP
C) DIT
D) LDAP
Question
Entries in the DIB are arranged in a tree structure called the ____.

A) DAP
B) PEAP
C) EAP
D) DIT
Question
In the DAC model, ____________________ can create and access their objects freely.
Question
Often ____________________ results from a single user being trusted with a set of responsibilities that place the person in complete control of the process.
Question
____ attacks may allow an attacker to construct LDAP statements based on user input statements.

A) SQL injection
B) Kerberos injection
C) LDAP injection
D) RADIUS injection
Question
The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
Question
Describe the MAC lattice model.
Question
Discuss the two significant weaknesses of DAC.
Question
Describe LDAP injection attacks.
Question
Discuss the differences between DAP and LDAP.
Question
Match between columns
Premises:
Responses:
A database stored on the network itself that contains information about users and network devices
Authorization
A database stored on the network itself that contains information about users and network devices
Owner
A database stored on the network itself that contains information about users and network devices
Identification
A database stored on the network itself that contains information about users and network devices
Authentication
A database stored on the network itself that contains information about users and network devices
Access
A database stored on the network itself that contains information about users and network devices
Object
A database stored on the network itself that contains information about users and network devices
Custodian
A database stored on the network itself that contains information about users and network devices
End user
A database stored on the network itself that contains information about users and network devices
Directory service
The right given to access
Authorization
The right given to access
Owner
The right given to access
Identification
The right given to access
Authentication
The right given to access
Access
The right given to access
Object
The right given to access
Custodian
The right given to access
End user
The right given to access
Directory service
Validating credentials as genuine
Authorization
Validating credentials as genuine
Owner
Validating credentials as genuine
Identification
Validating credentials as genuine
Authentication
Validating credentials as genuine
Access
Validating credentials as genuine
Object
Validating credentials as genuine
Custodian
Validating credentials as genuine
End user
Validating credentials as genuine
Directory service
Granting permission to take an action
Authorization
Granting permission to take an action
Owner
Granting permission to take an action
Identification
Granting permission to take an action
Authentication
Granting permission to take an action
Access
Granting permission to take an action
Object
Granting permission to take an action
Custodian
Granting permission to take an action
End user
Granting permission to take an action
Directory service
A specific resource, such as a file or a hardware device
Authorization
A specific resource, such as a file or a hardware device
Owner
A specific resource, such as a file or a hardware device
Identification
A specific resource, such as a file or a hardware device
Authentication
A specific resource, such as a file or a hardware device
Access
A specific resource, such as a file or a hardware device
Object
A specific resource, such as a file or a hardware device
Custodian
A specific resource, such as a file or a hardware device
End user
A specific resource, such as a file or a hardware device
Directory service
A review of credentials
Authorization
A review of credentials
Owner
A review of credentials
Identification
A review of credentials
Authentication
A review of credentials
Access
A review of credentials
Object
A review of credentials
Custodian
A review of credentials
End user
A review of credentials
Directory service
Individual to whom day-to-day actions have been assigned
Authorization
Individual to whom day-to-day actions have been assigned
Owner
Individual to whom day-to-day actions have been assigned
Identification
Individual to whom day-to-day actions have been assigned
Authentication
Individual to whom day-to-day actions have been assigned
Access
Individual to whom day-to-day actions have been assigned
Object
Individual to whom day-to-day actions have been assigned
Custodian
Individual to whom day-to-day actions have been assigned
End user
Individual to whom day-to-day actions have been assigned
Directory service
User who accesses information in the course of routine job responsibilities
Authorization
User who accesses information in the course of routine job responsibilities
Owner
User who accesses information in the course of routine job responsibilities
Identification
User who accesses information in the course of routine job responsibilities
Authentication
User who accesses information in the course of routine job responsibilities
Access
User who accesses information in the course of routine job responsibilities
Object
User who accesses information in the course of routine job responsibilities
Custodian
User who accesses information in the course of routine job responsibilities
End user
User who accesses information in the course of routine job responsibilities
Directory service
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 9: Access Control Fundamentals
1
The most restrictive access control model is ____.

A) Mandatory Access Control
B) Role Based Access Control
C) Discretionary Access Control
D) Rule Based Access Control
A
2
A user accessing a computer system must present credentials or ____ when logging on to the system.

A) access
B) authorize
C) token
D) identification
D
3
The action that is taken by the subject over the object is called a(n) ____.

A) authorization
B) access
C) control
D) operation
D
4
____ requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.

A) Separation of duties
B) Job rotation
C) Mandatory vacation
D) Role reversal
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
____ is suitable for what are called "high-volume service control applications" such as dial-in access to a corporate network.

A) RADIUS
B) ICMP
C) FTP
D) Telnet
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
TACACS+ and RADIUS are designed to support hundreds of remote connections.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
A(n) ____ is a set of permissions that are attached to an object.

A) ACE
B) DAC
C) entity
D) ACL
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
A computer user may be authorized or granted permission to log on to a system by presenting valid credentials, yet that authorization does not mean that the user can then access any and all resources.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
The ____ model is the least restrictive.

A) RBAC
B) MAC
C) CAC
D) DAC
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
A user or a process functioning on behalf of the user that attempts to access an object is known as the ____.

A) subject
B) reference monitor
C) entity
D) label
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
Authorization and access are viewed as synonymous and in access control, they are the same step.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
____ is considered a more "real world" access control than the other models because the access is based on a user's job function within an organization.

A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
In the UAC dialog boxes, the color ____ indicates the lowest risk.

A) red
B) gray
C) yellow
D) green
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
____ indicates when an account is no longer active.

A) Password expiration
B) Account expiration
C) Last login
D) Account last used
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
A user under Role Based Access Control can be assigned only one ____.

A) role
B) group
C) label
D) access list
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
A(n) ____ model is a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.

A) accounting
B) user control
C) access control
D) authorization control
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
____ accounts are user accounts that remain active after an employee has left an organization.

A) Active
B) Stale
C) Orphaned
D) Fragmented
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
A shield icon warns users if they attempt to access any feature that requires UAC permission.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
____ is often used for managing user access to one or more systems.

A) Role Based Access Control
B) Mandatory Access Control
C) Rule Based Access Control
D) Discretionary Access Control
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
____________________ is granting or denying approval to use specific resources.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
List two of the most common types of authentication and AA servers.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
List the steps for RADIUS authentication with a wireless device in an IEEE 802.1x network.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

A) Aurora
B) Kerberos
C) CHAP
D) TACACS
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
____ is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.

A) TACACS
B) RADIUS
C) Kerberos
D) FTP
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the ____.

A) accounting request
B) access request
C) verification request
D) authentication request
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
Describe the two key elements of the MAC model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
Describe the Bell-LaPadula model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
Describe how Kerberos works.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
List two major access control models.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
The X.500 standard defines a protocol for a client application to access an X.500 directory called ____.

A) DIB
B) DAP
C) DIT
D) LDAP
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
Entries in the DIB are arranged in a tree structure called the ____.

A) DAP
B) PEAP
C) EAP
D) DIT
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
In the DAC model, ____________________ can create and access their objects freely.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
Often ____________________ results from a single user being trusted with a set of responsibilities that place the person in complete control of the process.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
____ attacks may allow an attacker to construct LDAP statements based on user input statements.

A) SQL injection
B) Kerberos injection
C) LDAP injection
D) RADIUS injection
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
Describe the MAC lattice model.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
Discuss the two significant weaknesses of DAC.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
Describe LDAP injection attacks.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Discuss the differences between DAP and LDAP.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
Match between columns
Premises:
Responses:
A database stored on the network itself that contains information about users and network devices
Authorization
A database stored on the network itself that contains information about users and network devices
Owner
A database stored on the network itself that contains information about users and network devices
Identification
A database stored on the network itself that contains information about users and network devices
Authentication
A database stored on the network itself that contains information about users and network devices
Access
A database stored on the network itself that contains information about users and network devices
Object
A database stored on the network itself that contains information about users and network devices
Custodian
A database stored on the network itself that contains information about users and network devices
End user
A database stored on the network itself that contains information about users and network devices
Directory service
The right given to access
Authorization
The right given to access
Owner
The right given to access
Identification
The right given to access
Authentication
The right given to access
Access
The right given to access
Object
The right given to access
Custodian
The right given to access
End user
The right given to access
Directory service
Validating credentials as genuine
Authorization
Validating credentials as genuine
Owner
Validating credentials as genuine
Identification
Validating credentials as genuine
Authentication
Validating credentials as genuine
Access
Validating credentials as genuine
Object
Validating credentials as genuine
Custodian
Validating credentials as genuine
End user
Validating credentials as genuine
Directory service
Granting permission to take an action
Authorization
Granting permission to take an action
Owner
Granting permission to take an action
Identification
Granting permission to take an action
Authentication
Granting permission to take an action
Access
Granting permission to take an action
Object
Granting permission to take an action
Custodian
Granting permission to take an action
End user
Granting permission to take an action
Directory service
A specific resource, such as a file or a hardware device
Authorization
A specific resource, such as a file or a hardware device
Owner
A specific resource, such as a file or a hardware device
Identification
A specific resource, such as a file or a hardware device
Authentication
A specific resource, such as a file or a hardware device
Access
A specific resource, such as a file or a hardware device
Object
A specific resource, such as a file or a hardware device
Custodian
A specific resource, such as a file or a hardware device
End user
A specific resource, such as a file or a hardware device
Directory service
A review of credentials
Authorization
A review of credentials
Owner
A review of credentials
Identification
A review of credentials
Authentication
A review of credentials
Access
A review of credentials
Object
A review of credentials
Custodian
A review of credentials
End user
A review of credentials
Directory service
Individual to whom day-to-day actions have been assigned
Authorization
Individual to whom day-to-day actions have been assigned
Owner
Individual to whom day-to-day actions have been assigned
Identification
Individual to whom day-to-day actions have been assigned
Authentication
Individual to whom day-to-day actions have been assigned
Access
Individual to whom day-to-day actions have been assigned
Object
Individual to whom day-to-day actions have been assigned
Custodian
Individual to whom day-to-day actions have been assigned
End user
Individual to whom day-to-day actions have been assigned
Directory service
User who accesses information in the course of routine job responsibilities
Authorization
User who accesses information in the course of routine job responsibilities
Owner
User who accesses information in the course of routine job responsibilities
Identification
User who accesses information in the course of routine job responsibilities
Authentication
User who accesses information in the course of routine job responsibilities
Access
User who accesses information in the course of routine job responsibilities
Object
User who accesses information in the course of routine job responsibilities
Custodian
User who accesses information in the course of routine job responsibilities
End user
User who accesses information in the course of routine job responsibilities
Directory service
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree