Chat with AI
Deck 11: Access Control Fundamentals
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 11: Access Control Fundamentals
1
Which access control model can dynamically assign roles to subjects based on a set of defined rules?
A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
C
2
Although designed to support remote dial-in access to a corporate network, what service below is commonly used with 802.1x port security for both wired and wireless LANs?
A)RADIUS
B)ICMP
C)FTP
D)Telnet
A)RADIUS
B)ICMP
C)FTP
D)Telnet
A
3
What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?
A)TACACS
B)RADIUS
C)Kerberos
D)FTP
A)TACACS
B)RADIUS
C)Kerberos
D)FTP
A
4
What kind of attack allows for the construction of LDAP statements based on user input statements, which can then be used to access the LDAP database or modify the database's information?
A)LDAP poisoning
B)Kerberos injection
C)LDAP injection
D)DAP hijacking
A)LDAP poisoning
B)Kerberos injection
C)LDAP injection
D)DAP hijacking
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as:
A)Separation of duties
B)Job rotation
C)Mandatory vacation
D)Role reversal
A)Separation of duties
B)Job rotation
C)Mandatory vacation
D)Role reversal
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Entries within a Directory Information Base are arranged in a tree structure called the:
A)DAP
B)PEAP
C)EAP
D)DIT
A)DAP
B)PEAP
C)EAP
D)DIT
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
What is the name for a predefined framework that can be used for controlling access, and is embedded into software and hardware?
A)accounting and access model
B)user control model
C)access control model
D)authorization control model
A)accounting and access model
B)user control model
C)access control model
D)authorization control model
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Group policy is a Unix feature that allows for the centralized management and configuration of computers and remote users using Unix Active Directory.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
Which access control model is considered to be the least restrictive?
A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
A)Role Based Access Control
B)Mandatory Access Control
C)Rule Based Access Control
D)Discretionary Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
In a UAC prompt, what color is used to indicate the lowest level of risk?
A)red
B)gray
C)yellow
D)green
A)red
B)gray
C)yellow
D)green
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?
A)Active
B)Stale
C)Orphaned
D)Fragmented
A)Active
B)Stale
C)Orphaned
D)Fragmented
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Authorization and access are viewed as synonymous and in access control, they are the same step.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
A shield icon warns users if they attempt to access any feature that requires UAC permission.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
The Bell-LaPadula (BLP) model of MAC can be used to prevent subjects from creating a new object or performing specific functions on objects that are at a lower level than their own.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
What access control model below is considered to be the most restrictive access control model, and involves assigning access controls to users strictly according to the custodian?
A)Mandatory Access Control
B)Role Based Access Control
C)Discretionary Access Control
D)Rule Based Access Control
A)Mandatory Access Control
B)Role Based Access Control
C)Discretionary Access Control
D)Rule Based Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
When using Role Based Access Control (RBAC), permissions are assigned to:
A)Roles
B)Groups
C)Labels
D)Users
A)Roles
B)Groups
C)Labels
D)Users
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Select below the access control model that uses access based on a user's job function within an organization:
A)Role Based Access Control
B)Rule Based Access Control
C)Discretionary Access Control
D)Mandatory Access Control
A)Role Based Access Control
B)Rule Based Access Control
C)Discretionary Access Control
D)Mandatory Access Control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
A user or a process functioning on behalf of the user that attempts to access an object is known as the:
A)subject
B)reference monitor
C)entity
D)label
A)subject
B)reference monitor
C)entity
D)label
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?
A)DIB
B)DAP
C)DIT
D)LDAP
A)DIB
B)DAP
C)DIT
D)LDAP
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Select below the authentication system developed by the Massachusetts Institute of Technology (MIT) to verify the identity of network users:
A)Aurora
B)Kerberos
C)CHAP
D)TACACS
A)Aurora
B)Kerberos
C)CHAP
D)TACACS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
Limitation imposed as to when a user can log in to a system or access resources.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
Limitation imposed as to when a user can log in to a system or access resources.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The act of moving individuals from one job responsibility to another.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The act of moving individuals from one job responsibility to another.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
The action that is taken by a subject over an object is called a(n):
A)authorization
B)access
C)control
D)operation
A)authorization
B)access
C)control
D)operation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
During RADIUS authentication, what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?
A)accounting request
B)access request
C)verification request
D)authentication request
A)accounting request
B)access request
C)verification request
D)authentication request
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The practice of requiring that processes should be divided between two or more individuals.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The practice of requiring that processes should be divided between two or more individuals.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
In the DAC model, ____________________ can create and access their objects freely.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
To prevent one individual from having too much control, employees can ____________ job responsibilities within their home department or across positions in other departments.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
An attack that constructs LDAP statements based on user input statements, allowing the attacker to retrieve information from the LDAP database or modify its content.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The second version of the Terminal Access Control Access Control System (TACACS) authentication service.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The second version of the Terminal Access Control Access Control System (TACACS) authentication service.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):
A)ACE
B)DAC
C)entity
D)ACL
A)ACE
B)DAC
C)entity
D)ACL
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The most restrictive access control model, typically found in military settings in which security is of supreme importance.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
To assist with controlling orphaned and dormant accounts, what can be used to indicate when an account is no longer active?
A)Password expiration
B)Account expiration
C)Last login
D)Account last used
A)Password expiration
B)Account expiration
C)Last login
D)Account last used
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The current version of the Terminal Access Control Access Control System (TACACS) authentication service.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
Providing only the minimum amount of privileges necessary to perform a job or function.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
Providing only the minimum amount of privileges necessary to perform a job or function.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
____________________ is granting or denying approval to use specific resources.
a.Account expiration
b.Discretionary access control (DAC)
c.Extended TACACS (XTACACS)
d.Job rotation
e.LDAP injection attack
a.Account expiration
b.Discretionary access control (DAC)
c.Extended TACACS (XTACACS)
d.Job rotation
e.LDAP injection attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The process of setting a user's account to expire
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The process of setting a user's account to expire
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Matching
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The least restrictive access control model in which the owner of the object has total control over it.
a. Account expiration
b. Discretionary access control (DAC)
c. Extended TACACS (XTACACS)
d. Job rotation
e. LDAP injection attack
f. Least privilege
g. Mandatory access control (MAC)
h. Separation of duties
i. TACACS+
j. Time-of-day restriction
The least restrictive access control model in which the owner of the object has total control over it.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Discuss the two significant weaknesses of DAC.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Describe LDAP injection attacks.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Discuss the differences between DAP and LDAP.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Describe the Bell-LaPadula model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
List the steps for RADIUS authentication with a wireless device in an IEEE 802.1x network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Describe how Kerberos works.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
List two major access control models.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
List two of the most common types of authentication and AA servers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Describe the MAC lattice model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Describe the two key elements of the MAC model.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
