Question 1

The most restrictive access control model is ____.&#10;A) Mandatory Access Control&#10;B) Role Based Access Control&#10;C) Discretionary Access Control&#10;D) Rule Based Access Control

Accepted Answer

Mandatory Access Control (MAC) is the most restrictive access control model. In MAC, access control decisions are based on a set of predefined rules and policies that are centrally managed and enforced by a security administrator. The security administrator determines the level of clearance required to access a resource, and users are assigned a security clearance level based on their job function or role. Users cannot override these settings or grant access to others without approval from the security administrator. This model is commonly used in government and military environments where there is a need for a high level of security and confidentiality.

Question 2

A user accessing a computer system must present credentials or ____ when logging on to the system.&#10;A) access&#10;B) authorize&#10;C) token&#10;D) identification

Accepted Answer

When logging on to a computer system, a user needs to present identification credentials, such as a username or password, in order to establish their identity and gain access to the system. Option A (access) is incorrect because access is the outcome of successfully presenting the correct credentials; it is not a credential in itself. Option B (authorize) is incorrect because authorization typically occurs after successful authentication and involves granting permissions or privileges to the user based on their identity and role. Option C (token) is also incorrect because a token is a physical or digital device used to generate one-time passwords or provide additional security during the authentication process, but it is not the same as the initial identification credentials.

Question 3

The action that is taken by the subject over the object is called a(n) ____.&#10;A) authorization&#10;B) access&#10;C) control&#10;D) operation

Accepted Answer

The action taken by the subject over the object is called an operation. Authorization, access, and control are related concepts but do not specifically refer to the action taken.

Question 4

____ requires that if the fraudulent application of a process could potentially result in a breach of security, then the process should be divided between two or more individuals.&#10;A) Separation of duties&#10;B) Job rotation&#10;C) Mandatory vacation&#10;D) Role reversal

Accepted Answer

Separation of duties requires that different individuals are responsible for different aspects of a process to minimize the risk of fraud or error. This helps ensure that no one person has too much control over a process and reduces the likelihood of a security breach. Job rotation and mandatory vacation are also common strategies for reducing the risk of fraud or error, but they are not specifically focused on dividing duties to improve security. Role reversal is not a commonly used strategy in this context.

Question 5

____ is suitable for what are called &#34;high-volume service control applications&#34; such as dial-in access to a corporate network.&#10;A) RADIUS&#10;B) ICMP&#10;C) FTP&#10;D) Telnet

Accepted Answer

RADIUS (Remote Authentication Dial-In User Service) is specifically designed for high-volume service control applications such as dial-in access to a corporate network. It is commonly used for authentication, authorization, and accounting of remote users. ICMP is a protocol used for error reporting and network diagnostics, FTP is a file transfer protocol, and Telnet is a remote access protocol used to connect to a remote device's command line interface. None of these protocols are designed for high-volume service control applications.

Question 6

TACACS+ and RADIUS are designed to support hundreds of remote connections.

Accepted Answer

The answer of TACACS+ and RADIUS are designed to support...

Question 7

A(n) ____ is a set of permissions that are attached to an object.&#10;A) ACE&#10;B) DAC&#10;C) entity&#10;D) ACL

Accepted Answer

An ACL (Access Control List) is a set of permissions attached to an object, such as a file, folder, or network resource. It specifies the users or groups that have access to the object and the type of access they are allowed, such as read, write, or execute. ACLs are used in modern operating systems and network devices to control access to resources and ensure the security of the system. Options A and B (ACE and DAC) are also related to access control but refer to specific components of the overall access control mechanism. Option C (entity) is too general and does not specifically refer to permissions on objects.

Question 8

A computer user may be authorized or granted permission to log on to a system by presenting valid credentials, yet that authorization does not mean that the user can then access any and all resources.

Accepted Answer

Authorization to log on to a system does not necessarily grant access to all resources within the system. Additional permissions may be required for specific resources.

Question 9

The ____ model is the least restrictive.&#10;A) RBAC&#10;B) MAC&#10;C) CAC&#10;D) DAC

Accepted Answer

DAC (Discretionary Access Control) model is the least restrictive as it allows the owner of the resource to define who can access it and what actions they can perform on it. Therefore, the resource owner has complete discretion over who has access to the resource. RBAC (Role-Based Access Control) and MAC (Mandatory Access Control) models are more restrictive and limit access to resources based on predefined roles or security classifications. CAC (Content-Addressed Control) is not a commonly used access control model.

Question 10

A user or a process functioning on behalf of the user that attempts to access an object is known as the ____.&#10;A) subject&#10;B) reference monitor&#10;C) entity&#10;D) label

Accepted Answer

A subject is an active entity that is either a user or a process functioning on behalf of the user, which attempts to access an object. The other options are not appropriate for this definition.

Question 11

Authorization and access are viewed as synonymous and in access control, they are the same step.

Accepted Answer

The answer of Authorization and access are viewed as synonymous...

Question 12

____ is considered a more &#34;real world&#34; access control than the other models because the access is based on a user's job function within an organization.&#10;A) Role Based Access Control&#10;B) Rule Based Access Control&#10;C) Discretionary Access Control&#10;D) Mandatory Access Control

Accepted Answer

The answer of ____ is considered a more &#34;real world&#34;...

Question 13

The strength of RADIUS is that messages are always directly sent between the wireless device and the RADIUS server.

Accepted Answer

The answer of The strength of RADIUS is that messages...

Question 14

In the UAC dialog boxes, the color ____ indicates the lowest risk.&#10;A) red&#10;B) gray&#10;C) yellow&#10;D) green

Accepted Answer

The answer of In the UAC dialog boxes, the color...

Question 15

____ indicates when an account is no longer active.&#10;A) Password expiration&#10;B) Account expiration&#10;C) Last login&#10;D) Account last used

Accepted Answer

The answer of ____ indicates when an account is no...

Question 16

A user under Role Based Access Control can be assigned only one ____.&#10;A) role&#10;B) group&#10;C) label&#10;D) access list

Accepted Answer

The answer of A user under Role Based Access Control...

Question 17

A(n) ____ model is a standard that provides a predefined framework for hardware and software developers who need to implement access control in their devices or applications.&#10;A) accounting&#10;B) user control&#10;C) access control&#10;D) authorization control

Accepted Answer

The answer of A(n) ____ model is a standard that...

Question 18

____ accounts are user accounts that remain active after an employee has left an organization.&#10;A) Active&#10;B) Stale&#10;C) Orphaned&#10;D) Fragmented

Accepted Answer

The answer of ____ accounts are user accounts that remain...

Question 19

A shield icon warns users if they attempt to access any feature that requires UAC permission.

Accepted Answer

The answer of A shield icon warns users if they...

Question 20

____ is often used for managing user access to one or more systems.&#10;A) Role Based Access Control&#10;B) Mandatory Access Control&#10;C) Rule Based Access Control&#10;D) Discretionary Access Control

Accepted Answer

The answer of ____ is often used for managing user...

Question 21

____________________ is granting or denying approval to use specific resources.

Accepted Answer

The answer of ____________________ is granting or denying approval to...

Question 22

List two of the most common types of authentication and AA servers.

Accepted Answer

The answer of List two of the most common types...

Question 23

List the steps for RADIUS authentication with a wireless device in an IEEE 802.1x network.

Accepted Answer

The answer of List the steps for RADIUS authentication with...

Question 24

____ is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.&#10;A) Aurora&#10;B) Kerberos&#10;C) CHAP&#10;D) TACACS

Accepted Answer

The answer of ____ is an authentication system developed by...

Question 25

____ is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server.&#10;A) TACACS&#10;B) RADIUS&#10;C) Kerberos&#10;D) FTP

Accepted Answer

The answer of ____ is an authentication service commonly used...

Question 26

During RADIUS authentication the AP, serving as the authenticator that will accept or reject the wireless device, creates a data packet from this information called the ____.&#10;A) accounting request&#10;B) access request&#10;C) verification request&#10;D) authentication request

Accepted Answer

The answer of During RADIUS authentication the AP, serving as...

Question 27

A RADIUS ____________________ is a computer that forwards RADIUS messages among RADIUS clients and RADIUS servers.

Accepted Answer

The answer of A RADIUS ____________________ is a computer that...

Question 28

Describe the two key elements of the MAC model.

Accepted Answer

The answer of Describe the two key elements of the...

Question 29

Describe the Bell-LaPadula model.

Accepted Answer

The answer of Describe the Bell-LaPadula model....

Question 30

Describe how Kerberos works.

Accepted Answer

The answer of Describe how Kerberos works....

Question 31

List two major access control models.

Accepted Answer

The answer of List two major access control models....

Question 32

The X.500 standard defines a protocol for a client application to access an X.500 directory called ____.&#10;A) DIB&#10;B) DAP&#10;C) DIT&#10;D) LDAP

Accepted Answer

The answer of The X.500 standard defines a protocol for...

Question 33

Entries in the DIB are arranged in a tree structure called the ____.&#10;A) DAP&#10;B) PEAP&#10;C) EAP&#10;D) DIT

Accepted Answer

The answer of Entries in the DIB are arranged in...

Question 34

In the DAC model, ____________________ can create and access their objects freely.

Accepted Answer

The answer of In the DAC model, ____________________ can create...

Question 35

Often ____________________ results from a single user being trusted with a set of responsibilities that place the person in complete control of the process.

Accepted Answer

The answer of Often ____________________ results from a single user...

Question 36

____ attacks may allow an attacker to construct LDAP statements based on user input statements.&#10;A) SQL injection&#10;B) Kerberos injection&#10;C) LDAP injection&#10;D) RADIUS injection

Accepted Answer

The answer of ____ attacks may allow an attacker to...

Question 37

The capability to look up information by name under the X.500 standard is known as a(n) ____________________-pages service.

Accepted Answer

The answer of The capability to look up information by...

Question 38

Describe the MAC lattice model.

Accepted Answer

The answer of Describe the MAC lattice model....

Question 39

Discuss the two significant weaknesses of DAC.

Accepted Answer

The answer of Discuss the two significant weaknesses of DAC....

Question 40

Describe LDAP injection attacks.

Accepted Answer

The answer of Describe LDAP injection attacks....

Question 41

Discuss the differences between DAP and LDAP.

Accepted Answer

The answer of Discuss the differences between DAP and LDAP....

Question 42

Match between columns&#10;                        Premises: A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;A database stored on the network itself that contains information about users and network devices&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;The right given to access&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Validating credentials as genuine&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;Granting permission to take an action&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A specific resource, such as a file or a hardware device&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;A review of credentials&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;Individual to whom day-to-day actions have been assigned&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities&#10;User who accesses information in the course of routine job responsibilities

Accepted Answer

The Answer of Authorization and Owner and Identification and Authentication is...

Deck 9: Access Control Fundamentals