Chapter 5: Access Controls
True
Access controls are policies or procedures used to control access to certain items. True or False?
False
Access controls cannot be implemented in various forms, restriction levels, and at different levels within the computing environment. True or False?
All of the above
Challenges to access control include which of the following? ~Laptop loss ~Exploiting hardware ~Eavesdropping ~Exploiting applications ~All of the above
The Clark and Wilson Integrity Model
It is an example of a formal model of access control?
True
Physical access controls deter physical access to resources, such as buildings or gated parking lots. True or False?
Compromised
Physical access, security bypass, and eavesdropping are examples of how access controls can be __________.
Vulnerability assessment
The process of identifying, quantifying, and prioritizing the vulnerabilities in a system is known as a __________.
True
The security kernel enforces access control of computer systems. True or False?
All of the above
When it comes to privacy, organizations are concerned about which of the following? ~Liability in harassment suits ~Skyrocketing losses from employee theft ~Productivity losses from employees shopping or performing other nonwork-related tasks online ~All of the above
Discretionary access control
When the owner of the resource determines the access and changes permissions as needed, it's known as ________.
Logical access controls
When you log on to a network, you are presented with some combination of username, password, token, smart card, or biometrics. You are then authorized or denied access by the system. This is an example of __________.
Accountability is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited.
Which answer best describes the accountability component of access control? ~Accountability is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access. ~Accountability is the method a subject uses to request access to a system. ~Accountability is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited. ~Accountability is the process of determining who is approved for access and what resources they are approved for.
Authentication is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access.
Which answer best describes the authentication component of access control? ~Authentication is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access. ~Authentication is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited. ~Authentication is the process of determining who is approved for access and what resources they are approved for. ~Authentication is the method a subject uses to request access to a system.
Authorization is the process of determining who is approved for access and what resources they are approved for.
Which answer best describes the authorization component of access control? ~Authorization is the method a subject uses to request access to a system. ~Authorization is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited. ~Authorization is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access. ~Authorization is the process of determining who is approved for access and what resources they are approved for.
Identification is the method a subject uses to request access to a system.
Which answer best describes the identification component of access control? ~Identification is the validation or proof that the subject requesting access is indeed the same subject who has been granted that access. ~Identification is the method a subject uses to request access to a system. ~Identification is the process of determining who is approved for access and what resources they are approved for. ~Identification is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited