Chapter 4: Access Control-Exam1
B. role
A __________ is a named job function within the organization that controls this computer system. A. user B. role C. permission D. session
C. subject
A __________ is an entity capable of accessing objects. A. group B. object C. subject D. owner
B. mandatory access control
A concept that evolved out of requirements for military information security is ______ . A. reliable input B. mandatory access control C. open and closed policies D. discretionary input
True
A constraint is a defined relationship among roles or a condition related to roles.
_________ is an object or data structure that authoritatively binds an identity to a token possessed and controlled by a subscriber.
A credential
True
A user may belong to multiple groups.
False
A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.
A. object
A(n) __________ is a resource to which access is controlled. A. object B. owner C. world D. subject
True
Access control is the central element of computer security.
True
An ABAC model can define authorizations that express conditions on properties of both the resource and the subject.
True
An access right describes the way in which a subject may access an object.
True
An auditing function monitors and keeps a record of user accesses to system resources
True
Any program that is owned by, and SetUID to, the "superuser" potentially grants unrestricted access to the system to any user executing that program.
________ access control controls access based on the identity of the requestor and on access rules stating what requestors are or are not allowed to do.
Discretionary
False
External devices such as firewalls cannot provide access control services.
True
Reliable input is an access control requirement.
________ access control controls access based on the roles that users have within the system and on rules stating what accesses are allowed to users in given roles.
Role-based
False
Security labels indicate which system entities are eligible to access certain resources.
C. ABAC
Subject attributes, object attributes and environment attributes are the three types of attributes in the __________ model. A. DSD B. RBAC C. ABAC D. SSD
B. access management
The __________ component deals with the management and control of the ways entities are granted access to resources. A. resource management B. access management C. privilege management D. policy management
False
The authentication function determines who is trusted for a given purpose.
True
The default set of rights should always follow the rule of least privilege or read-only access
D. sticky
The final permission bit is the _________ bit. A. superuser B. kernel C. set user D. sticky
True
The principal objectives of computer security are to prevent unauthorized users from gaining access to resources, to prevent legitimate users from accessing resources in an unauthorized manner, and to enable legitimate users to access resources in an authorized manner.
False
Traditional RBAC systems define the access rights of individual users and groups of users.
A. Authorization
_________ is the granting of a right or permission to a system entity to access a system resource. A. Authorization B. Authentication C. Control D. Monitoring
A. MAC
__________ controls access based on comparing security labels with security clearances. A. MAC B. DAC C. RBAC D. MBAC
D. Access control
__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance. A. Audit control B. Resource control C. System control D. Access control
B. RBAC
__________ is based on the roles the users assume in a system rather than the user's identity. A. DAC B. RBAC C. MAC D. URAC
C. DAC
__________ is the traditional method of implementing access control. A. MAC B. RBAC C. DAC D. MBAC
B. Authentication
__________ is verification that the credentials of a user or other system entity are valid. A. Adequacy B. Authentication C. Authorization D. Audit
A. Constraints
__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization. A. Constraints B. Mutually Exclusive Roles C. Cardinality D. Prerequisites
A. Cardinality
__________ refers to setting a maximum number with respect to roles. A. Cardinality B. Prerequisite C. Exclusive D. Hierarchy
X.800 defines _________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.
access control
There are three key elements to an ABAC model: attributes which are defined for entities in a configuration; a policy model, which defines the ABAC policies; and the _________ model, which applies to policies that enforce access control.
architecture
An independent review and examination of system records and activities in order to test for adequacy of system controls, to ensure compliance with established policy and operational procedures, to detect breaches in security, and to recommend any indicated changes in control, policy and procedures is a(n) _______
audit
A _________ access control scheme is one in which an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource.
discretionary
The three types of attributes in the ABAC model are subject attributes, object attributes, and _________ attributes.
environment
Basic access control systems typically define three classes of subject: owner, ________, and world.
group
Role hierarchies make use of the concept of ________ to enable one role to implicitly include access rights associated with a subordinate role.
inheritance
The basic elements of access control are: subject, ________, and access right.
object
A _________ dictates that a user can only be assigned to a particular role if it is already assigned to some other specified role and can be used to structure the implementation of the least privilege concept.
prerequisite
A ________ is a mapping between a user and an activated subset of the set of roles to which the user is assigned.
session
The _______ user ID is exempt from the usual file access control constraints and has system wide access.
superuser
In digital identity systems, a ________ functions as a certification program.
trust framework
