Question 1

With the Discretionary Access Control (DAC)model,no object has an owner;the system has total control over that object.

Accepted Answer

With the DAC model, objects do have owners who have control over them, as opposed to the system having complete control. The term "discretionary" in DAC refers to the fact that the owner of the object can exercise discretion in determining who is granted access.

Question 2

The action that is taken by a subject over an object is called a(n):&#10;A)authorization&#10;B)access&#10;C)control&#10;D)operation

Accepted Answer

The action that is taken by a subject over an object is called an operation. This is the only option that accurately describes the action being taken, while the other options are more related to the permission or ability to perform the action.

Question 3

A user or a process functioning on behalf of the user that attempts to access an object is known as the:&#10;A)subject&#10;B)reference monitor&#10;C)entity&#10;D)label

Accepted Answer

In the context of access control, a subject is an entity (such as a user, process, or device) that attempts to access an object. The access control system determines whether or not the subject is authorized to perform the requested action on the object based on a set of predefined rules and policies. The reference monitor is a component of the access control system that enforces these rules and policies by mediating all access requests between subjects and objects. An entity refers to any object that has a distinct and independent existence, whereas a label is a security attribute that is associated with a subject or an object to control access to that entity.

Question 4

A Local Group Policy (LGP)has more options than a Group Policy.

Accepted Answer

A Group Policy (GP) is a feature of Active Directory (AD) that enables administrators to manage a wide range of settings and configurations for groups of users and computers in a network domain. However, a Local Group Policy (LGP) is a subset of GP that applies only to a single computer or user and is stored locally on that machine. Because LGP applies only to a specific computer or user, it has fewer options than GP, which can apply to multiple users and computers across a network domain.

Question 5

Which access control model can dynamically assign roles to subjects based on a set of defined rules?&#10;A)Role Based Access Control&#10;B)Mandatory Access Control&#10;C)Rule Based Access Control&#10;D)Discretionary Access Control

Accepted Answer

Rule Based Access Control allows for dynamic assignment of roles based on a set of predefined rules. This model is useful in situations where access control decisions need to be made quickly and consistently based on specific circumstances. Role Based Access Control assigns roles to subjects based on their job function, while Mandatory Access Control assigns labels to subjects and objects and enforces a set of rules based on those labels. Discretionary Access Control allows the owner of an object to control access to that object, but does not provide dynamic role assignment based on rules.

Question 6

Authorization is granting permission for admittance.

Accepted Answer

Authorization is the act of granting permission or access to someone or something.

Question 7

Authentication,authorization,and accounting are sometimes called AAA.

Accepted Answer

AAA is an acronym used to refer to the three primary functions of network security: authentication, authorization, and accounting.

Question 8

Least privilege in access control means that only the minimum amount of privileges necessary to perform a job or function should be allocated.

Accepted Answer

In access control, least privilege means giving a user or entity only the most limited access rights necessary to perform their job or function. This helps to minimize the risk of accidental or intentional misuse of privileges and reduces the attack surface for potential attackers.

Question 9

Which access control model is considered to be the least restrictive?&#10;A)Role Based Access Control&#10;B)Mandatory Access Control&#10;C)Rule Based Access Control&#10;D)Discretionary Access Control

Accepted Answer

Discretionary Access Control (DAC) is considered to be the least restrictive access control model. It allows the owner of a resource to determine who has access and what level of access they have. This means that users have a lot of control over the access they are granted, but it also means that there is a higher risk for mistakes or intentional security breaches. In contrast, Mandatory Access Control (MAC) is the most restrictive access control model because access decisions are made by a central authority rather than individual users or owners.

Question 10

ACLs provide file system security for protecting files managed by the user.

Accepted Answer

The answer of ACLs provide file system security for protecting...

Question 11

Permission auditing and review is intended to examine the permissions that a user has been given to determine if each is still necessary.

Accepted Answer

The answer of Permission auditing and review is intended to...

Question 12

Employee onboarding refers to the tasks associated with hiring a new employee.

Accepted Answer

The answer of Employee onboarding refers to the tasks associated...

Question 13

Attribute-Based Access Control (ABAC)grants permissions by matching object labels with subject labels based on their respective levels.

Accepted Answer

The answer of Attribute-Based Access Control (ABAC)grants permissions by matching...

Question 14

A list that specifies which subjects are allowed to access an object and what operations they can perform on it is referred to as a(n):&#10;A)ACE&#10;B)DAC&#10;C)entity&#10;D)ACL

Accepted Answer

The answer of A list that specifies which subjects are...

Question 15

Rule-Based Access Control can be changed by users.

Accepted Answer

The answer of Rule-Based Access Control can be changed by...

Question 16

A vulnerable process that is divided between two or more individuals to prevent fraudulent application of the process is known as which of the following?&#10;A)separation of duties&#10;B)process sharing&#10;C)mandatory splitting&#10;D)role reversal

Accepted Answer

The answer of A vulnerable process that is divided between...

Question 17

What access control model below is considered to be the most restrictive access control model,and involves assigning access controls to users strictly according to the custodian?&#10;A)Mandatory Access Control&#10;B)Role Based Access Control&#10;C)Discretionary Access Control&#10;D)Rule Based Access Control

Accepted Answer

The answer of What access control model below is considered...

Question 18

What is the name for a predefined framework that can be used for controlling access,and is embedded into software and hardware?&#10;A)accounting and access model&#10;B)user control model&#10;C)access control model&#10;D)authorization control model

Accepted Answer

The answer of What is the name for a predefined...

Question 19

Which access control model that uses access based on a user's job function within an organization?&#10;A)Role Based Access Control&#10;B)Rule Based Access Control&#10;C)Discretionary Access Control&#10;D)Mandatory Access Control

Accepted Answer

The answer of Which access control model that uses access...

Question 20

When using Role Based Access Control (RBAC),permissions are assigned to which of the following?&#10;A)Roles&#10;B)Groups&#10;C)Labels&#10;D)Users

Accepted Answer

The answer of When using Role Based Access Control (RBAC),permissions...

Question 21

Which of the following controls can be implemented so an organization can configure multiple computers by setting a single policy for enforcement?&#10;A)group-based access control&#10;B)computer-based access control&#10;C)role-based access control&#10;D)system access control

Accepted Answer

The answer of Which of the following controls can be...

Question 22

Which of the following is a simpler subset of Directory Access Protocol?&#10;A)SDAP&#10;B)X.500 Lite&#10;C)DIB&#10;D)ADS

Accepted Answer

The answer of Which of the following is a simpler...

Question 23

Although designed to support remote dial-in access to a corporate network,what service below is commonly used with 802.1x port security for both wired and wireless LANs?&#10;A)RADIUS&#10;B)ICMP&#10;C)FTP&#10;D)Telnet

Accepted Answer

The answer of Although designed to support remote dial-in access...

Question 24

What standard provides a greater degree of security by implementing port-based authentication and blocks all traffic on a port-by-port basis until the client is authenticated using credentials stored on an authentication server?

A)IEEE 802.1a
B)IEEE 802.1x
C)LDAPS
D)TACACS

Accepted Answer

The answer of What standard provides a greater degree of...

Question 25

User accounts that remain active after an employee has left an organization are referred to as being what type of accounts?&#10;A)abandoned&#10;B)stale&#10;C)orphaned&#10;D)inactive

Accepted Answer

The answer of User accounts that remain active after an...

Question 26

When LDAP traffic is made secure by using Secure Sockets Layer (SSL)or Transport Layer Security (TLS),what is this process called?&#10;A)SAML&#10;B)LDAPS&#10;C)TACACS&#10;D)SDML

Accepted Answer

The answer of When LDAP traffic is made secure by...

Question 27

Select the authentication system developed by the Massachusetts Institute of Technology (MIT)to verify the identity of network users.&#10;A)Aurora&#10;B)Kerberos&#10;C)CHAP&#10;D)TACACS

Accepted Answer

The answer of Select the authentication system developed by the...

Question 28

What type of computer can forward RADIUS messages between RADIUS clients and RADIUS servers?&#10;A)intermediate proxy&#10;B)remote proxy&#10;C)RADIUS proxy&#10;D)translation proxy

Accepted Answer

The answer of What type of computer can forward RADIUS...

Question 29

The X.500 standard defines a protocol for a client application to access an X.500 directory known as which of the following options?&#10;A)DIB&#10;B)DAP&#10;C)DIT&#10;D)LDAP

Accepted Answer

The answer of The X.500 standard defines a protocol for...

Question 30

Which of the following is a database stored on the network itself that contains information about users and network devices?&#10;A)user permissions&#10;B)network service&#10;C)system registry&#10;D)directory service

Accepted Answer

The answer of Which of the following is a database...

Question 31

What is an entry in an ACL known as?&#10;A)DACL&#10;B)ACE&#10;C)SQL&#10;D)flag

Accepted Answer

The answer of What is an entry in an ACL...

Question 32

Select the XML standard that allows secure web domains to exchange user authentication and authorization data and is used extensively for online e-commerce transactions.&#10;A)SAML&#10;B)LDAPS&#10;C)TACACS&#10;D)SDML

Accepted Answer

The answer of Select the XML standard that allows secure...

Question 33

What framework is used for transporting authentication protocols instead of the authentication protocol itself?&#10;A)CHAP&#10;B)SAML&#10;C)EAP&#10;D)MS-CHAP

Accepted Answer

The answer of What framework is used for transporting authentication...

Question 34

What policy is designed to ensure that all confidential or sensitive materials,either in paper form or electronic,are removed from a user's workspace and secured when the items not in use or when employees leave their workspace?

A)clean workspace
B)secure workspace
C)clean desk
D)secure desk

Accepted Answer

The answer of What policy is designed to ensure that...

Question 35

During RADIUS authentication,what type of packet includes information such as identification of a specific AP that is sending the packet and the username and password?&#10;A)accounting request&#10;B)access request&#10;C)verification request&#10;D)authentication request

Accepted Answer

The answer of During RADIUS authentication,what type of packet includes...

Question 36

Which major types of access involving system resources are controlled by ACLs? (Choose all that apply. )&#10;A)system access&#10;B)remote access&#10;C)user access&#10;D)application access

Accepted Answer

The answer of Which major types of access involving system...

Question 37

What authentication service commonly used on UNIX devices involves communicating user authentication information to a centralized server?&#10;A)TACACS&#10;B)RADIUS&#10;C)Kerberos&#10;D)FTP

Accepted Answer

The answer of What authentication service commonly used on UNIX...

Question 38

What kind of attack allows for the construction of LDAP statements based on user input statements,which can then be used to access the LDAP database or modify the database's information?&#10;A)LDAP poisoning&#10;B)Kerberos injection&#10;C)LDAP injection&#10;D)DAP hijacking

Accepted Answer

The answer of What kind of attack allows for the...

Question 39

What process periodically validates a user's account,access control,and membership role or inclusion in a specific group?&#10;A)recertification&#10;B)revalidation&#10;C)control audit&#10;D)group auditing

Accepted Answer

The answer of What process periodically validates a user's account,access...

Question 40

To assist with controlling orphaned and dormant accounts,what can be used to indicate when an account is no longer active?&#10;A)password expiration&#10;B)account expiration&#10;C)last login&#10;D)account last used

Accepted Answer

The answer of To assist with controlling orphaned and dormant...

Question 41

Describe the MAC lattice model.

Accepted Answer

The answer of Describe the MAC lattice model....

Question 42

What authentication service was developed by Cisco and is an authentication service commonly used on UNIX devices that communicate by forwarding user authentication information to a centralized server?

Accepted Answer

The answer of What authentication service was developed by Cisco...

Question 43

Discuss the two significant weaknesses of DAC.

Accepted Answer

The answer of Discuss the two significant weaknesses of DAC....

Question 44

List three major access control models.

Accepted Answer

The answer of List three major access control models....

Question 45

Describe LDAP injection attacks.

Accepted Answer

The answer of Describe LDAP injection attacks....

Question 46

Describe the Bell-LaPadula model.

Accepted Answer

The answer of Describe the Bell-LaPadula model....

Question 47

Describe the two key elements of the MAC model.

Accepted Answer

The answer of Describe the two key elements of the...

Question 48

What is the purpose of an ACL?

Accepted Answer

The answer of What is the purpose of an ACL?...

Question 49

Describe how Kerberos works.

Accepted Answer

The answer of Describe how Kerberos works....

Question 50

Discuss the differences between DAP and LDAP.

Accepted Answer

The answer of Discuss the differences between DAP and LDAP....

Deck 12: Access Management