Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 12: Access Management

Full screen (f)
exit full mode
Question
With the Discretionary Access Control (DAC)model,no object has an owner;the system has total control over that object.
Use Space or
up arrow
down arrow
to flip the card.
Question
The action that is taken by a subject over an object is called a(n):

A)authorization
B)access
C)control
D)operation
Question
A user or a process functioning on behalf of the user that attempts to access an object is known as the:

A)subject
B)reference monitor
C)entity
D)label
Question
A Local Group Policy (LGP)has more options than a Group Policy.
Question
Which access control model can dynamically assign roles to subjects based on a set of defined rules?

A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
Question
Authorization is granting permission for admittance.
Question
Authentication,authorization,and accounting are sometimes called AAA.
Question
Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
Question
Which access control model is considered to be the least restrictive?

A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
Question
ACLs provide file system security for protecting files managed by the user.
Question
Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
Question
Employee onboarding refers to the tasks associated with hiring a new employee.
Question
Attribute-Based Access Control (ABAC)grants permissions by matching object labels with subject labels based on their respective levels.
Question
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

A)ACE
B)DAC
C)entity
D)ACL
Question
Rule-Based Access Control can be changed by users.
Question
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?

A)separation of duties
B)process sharing
C)mandatory splitting
D)role reversal
Question
What access control model below is considered to be the most restrictive access control model,and involves assigning access controls to users strictly according to the custodian?

A)Mandatory Access Control
B)Role Based Access Control
C)Discretionary Access Control
D)Rule Based Access Control
Question
What is the name for a predefined framework that can be used for controlling access,and is embedded into software and hardware?

A)accounting and access model
B)user control model
C)access control model
D)authorization control model
Question
Which access control model that uses access based on a user's job function within an organization?

A)Role Based Access Control
B)Rule Based Access Control
C)Discretionary Access Control
D)Mandatory Access Control
Question
When using Role Based Access Control (RBAC),permissions are assigned to which of the following?

A)Roles
B)Groups
C)Labels
D)Users
Question
Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?

A)group-based access control
B)computer-based access control
C)role-based access control
D)system access control
Question
Which of the following is a simpler subset of Directory Access Protocol?

A)SDAP
B)X.500 Lite
C)DIB
D)ADS
Question
Although designed to support remote dial-in access to a corporate network,what service below is commonly used with 802.1x port security for both wired and wireless LANs?

A)RADIUS
B)ICMP
C)FTP
D)Telnet
Question
What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

A)IEEE 802.1a
B)IEEE 802.1x
C)LDAPS
D)TACACS
Question
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

A)abandoned
B)stale
C)orphaned
D)inactive
Question
When LDAP traffic is made secure by using Secure Sockets Layer (SSL)or Transport Layer Security (TLS),what is this process called?

A)SAML
B)LDAPS
C)TACACS
D)SDML
Question
Select the authentication system developed by the Massachusetts Institute of Technology (MIT)to verify the identity of network users.

A)Aurora
B)Kerberos
C)CHAP
D)TACACS
Question
What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?

A)intermediate proxy
B)remote proxy
C)RADIUS proxy
D)translation proxy
Question
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

A)DIB
B)DAP
C)DIT
D)LDAP
Question
Which of the following is a database stored on the network itself that contains information about users and network devices?

A)user permissions
B)network service
C)system registry
D)directory service
Question
What is an entry in an ACL known as?

A)DACL
B)ACE
C)SQL
D)flag
Question
Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.

A)SAML
B)LDAPS
C)TACACS
D)SDML
Question
What framework is used for transporting authentication protocols instead of the authentication protocol itself?

A)CHAP
B)SAML
C)EAP
D)MS-CHAP
Question
What policy is designed to ensure that all confidential or sensitive materials,either in paper form or electronic,are removed from a user's workspace and secured when the items not in use or when employees leave their workspace?

A)clean workspace
B)secure workspace
C)clean desk
D)secure desk
Question
During RADIUS authentication,what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

A)accounting request
B)access request
C)verification request
D)authentication request
Question
Which major types of access involving system resources are controlled by ACLs? (Choose all that apply. )

A)system access
B)remote access
C)user access
D)application access
Question
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

A)TACACS
B)RADIUS
C)Kerberos
D)FTP
Question
What kind of attack allows for the construction of LDAP statements based on user input statements,which can then be used to access the LDAP database or modify the database's information?

A)LDAP poisoning
B)Kerberos injection
C)LDAP injection
D)DAP hijacking
Question
What process periodically validates a user's account,access control,and membership role or inclusion in a specific group?

A)recertification
B)revalidation
C)control audit
D)group auditing
Question
To assist with controlling orphaned and dormant accounts,what can be used to indicate when an account is no longer active?

A)password expiration
B)account expiration
C)last login
D)account last used
Question
Describe the MAC lattice model.
Question
What authentication service was developed by Cisco and is an authentication service commonly used on UNIX devices that communicate by forwarding user authentication information to a centralized server?
Question
Discuss the two significant weaknesses of DAC.
Question
List three major access control models.
Question
Describe LDAP injection attacks.
Question
Describe the Bell-LaPadula model.
Question
Describe the two key elements of the MAC model.
Question
What is the purpose of an ACL?
Question
Describe how Kerberos works.
Question
Discuss the differences between DAP and LDAP.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 12: Access Management
1
With the Discretionary Access Control (DAC)model,no object has an owner;the system has total control over that object.
False
2
The action that is taken by a subject over an object is called a(n):

A)authorization
B)access
C)control
D)operation
D
3
A user or a process functioning on behalf of the user that attempts to access an object is known as the:

A)subject
B)reference monitor
C)entity
D)label
A
4
A Local Group Policy (LGP)has more options than a Group Policy.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Which access control model can dynamically assign roles to subjects based on a set of defined rules?

A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Authorization is granting permission for admittance.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Authentication,authorization,and accounting are sometimes called AAA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which access control model is considered to be the least restrictive?

A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
ACLs provide file system security for protecting files managed by the user.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Employee onboarding refers to the tasks associated with hiring a new employee.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
Attribute-Based Access Control (ABAC)grants permissions by matching object labels with subject labels based on their respective levels.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):

A)ACE
B)DAC
C)entity
D)ACL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Rule-Based Access Control can be changed by users.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?

A)separation of duties
B)process sharing
C)mandatory splitting
D)role reversal
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
What access control model below is considered to be the most restrictive access control model,and involves assigning access controls to users strictly according to the custodian?

A)Mandatory Access Control
B)Role Based Access Control
C)Discretionary Access Control
D)Rule Based Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
What is the name for a predefined framework that can be used for controlling access,and is embedded into software and hardware?

A)accounting and access model
B)user control model
C)access control model
D)authorization control model
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Which access control model that uses access based on a user's job function within an organization?

A)Role Based Access Control
B)Rule Based Access Control
C)Discretionary Access Control
D)Mandatory Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
When using Role Based Access Control (RBAC),permissions are assigned to which of the following?

A)Roles
B)Groups
C)Labels
D)Users
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?

A)group-based access control
B)computer-based access control
C)role-based access control
D)system access control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following is a simpler subset of Directory Access Protocol?

A)SDAP
B)X.500 Lite
C)DIB
D)ADS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Although designed to support remote dial-in access to a corporate network,what service below is commonly used with 802.1x port security for both wired and wireless LANs?

A)RADIUS
B)ICMP
C)FTP
D)Telnet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

A)IEEE 802.1a
B)IEEE 802.1x
C)LDAPS
D)TACACS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?

A)abandoned
B)stale
C)orphaned
D)inactive
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
When LDAP traffic is made secure by using Secure Sockets Layer (SSL)or Transport Layer Security (TLS),what is this process called?

A)SAML
B)LDAPS
C)TACACS
D)SDML
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Select the authentication system developed by the Massachusetts Institute of Technology (MIT)to verify the identity of network users.

A)Aurora
B)Kerberos
C)CHAP
D)TACACS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?

A)intermediate proxy
B)remote proxy
C)RADIUS proxy
D)translation proxy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?

A)DIB
B)DAP
C)DIT
D)LDAP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following is a database stored on the network itself that contains information about users and network devices?

A)user permissions
B)network service
C)system registry
D)directory service
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
What is an entry in an ACL known as?

A)DACL
B)ACE
C)SQL
D)flag
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.

A)SAML
B)LDAPS
C)TACACS
D)SDML
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
What framework is used for transporting authentication protocols instead of the authentication protocol itself?

A)CHAP
B)SAML
C)EAP
D)MS-CHAP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
What policy is designed to ensure that all confidential or sensitive materials,either in paper form or electronic,are removed from a user's workspace and secured when the items not in use or when employees leave their workspace?

A)clean workspace
B)secure workspace
C)clean desk
D)secure desk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
During RADIUS authentication,what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?

A)accounting request
B)access request
C)verification request
D)authentication request
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Which major types of access involving system resources are controlled by ACLs? (Choose all that apply. )

A)system access
B)remote access
C)user access
D)application access
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?

A)TACACS
B)RADIUS
C)Kerberos
D)FTP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
What kind of attack allows for the construction of LDAP statements based on user input statements,which can then be used to access the LDAP database or modify the database's information?

A)LDAP poisoning
B)Kerberos injection
C)LDAP injection
D)DAP hijacking
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
What process periodically validates a user's account,access control,and membership role or inclusion in a specific group?

A)recertification
B)revalidation
C)control audit
D)group auditing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
To assist with controlling orphaned and dormant accounts,what can be used to indicate when an account is no longer active?

A)password expiration
B)account expiration
C)last login
D)account last used
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Describe the MAC lattice model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What authentication service was developed by Cisco and is an authentication service commonly used on UNIX devices that communicate by forwarding user authentication information to a centralized server?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Discuss the two significant weaknesses of DAC.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
List three major access control models.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Describe LDAP injection attacks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Describe the Bell-LaPadula model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Describe the two key elements of the MAC model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What is the purpose of an ACL?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Describe how Kerberos works.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Discuss the differences between DAP and LDAP.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree