InfoSec Quiz 3
__________ is the granting of a right or permission to a system entity to access a system resource. A. Authorization B. Authentication C. Control D. Monitoring
A. Authorization
___________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A. Constraints B. Mutually Exclusive Roles C. Cardinality D. Prerequisites
A. Constraints
___________ controls access based on comparing security labels with security clearances. A. MAC B. DAC C. RBAC D. MBAC
A. MAC
_________ is a process that ensures a system is developed and operated as intended by the system's security policy. A. Trust B. Assurance C. Evaluation D. Functionality
B. Assurance
A ___________ is a named job function within the organization that controls this computer system. A. user B. role C. permission D. session
B. role
___________ data are data that may be derived from corporate data but that cannot be used to discover the corporation's identity. A. Reference B. Trust C. Sanitized D. MAC
C. Sanitized
___________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. A. Audit control B. Resource control C. System control D. Access control
D. Access control
The __________ Model was developed for commercial applications in which conflicts of interest can arise. A. Biba B. Clark-Wilson Integrity C. Bell-Lapadula D. Chinese Wall
D. Chinese Wall
The ________ is a hardware module that is at the heart of a hardware/software approach to trusted computing. A. BLP B. TC C. CC D. TPM
D. TPM
A multilevel secure system for confidentiality must enforce: _________. A. no read up B. ss-property C. no write down D. all of the above
D. all of the above
Security labels indicate which system entities are eligible to access certain resources.
F
"No write down" is also referred to as the *-property.
T
A subject can exercise only accesses for which it has the necessary authorization and which satisfy the MAC rules.
T
A user may belong to multiple groups.
T
An access right describes the way in which a subject may access an object.
T
Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program.
T
Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.
T
One way to secure against Trojan horse attacks is the use of a secure, trusted operating system.
T
The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.
T
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
T
