NT2580 Chapter 5
Access controls cannot be implemented in various forms, restriction levels, and at different levels within the computing environment.
False
Which answer best describes the accountability component of access control?
Accountability is the process of creating and maintaining the policies and procedures necessary to ensure proper information is available when an organization is audited.
Challenges to access control include which of the following?
All of the above
When it comes to privacy, organizations are concerned about which of the following?
All of the above.
Which answer best describes the authentication component of access control?
Authentication is the validation or proof that the subject requesting access is indeed the the same subject who as been granted that access.
Which answer best describes the authorization component of access control?
Authorization is the process of determining who is approved for access and what resources they are approved for.
Physical access, security bypass, and eavesdropping are examples of how access controls can be ________.
Comprimized
When the owner of the resource determines the access and changes permissions as needed, it's known as ________.
Discretionary access control (DAC)
Which answer best describes the identification component of access control?
Identification is the method a subject uses to request access to a system
When you log on to a network, you are presented with some combination of username, password, token, smart card, or biometrics. You are then authorized or denied access by the system. This is an example of ________.
Logical access controls
Which of the following is an example of a formal model of access control?
The Clark and Wilson Integrity Model
Access controls are policies or procedures used to control access to certain items.
True
Physical access controls deter physical access to resources, such as buildings or gated parking lots.
True
The security kernel enforces access control of computer systems.
True
The process of identifying, quantifying, and prioritizing the vulnerabilities in a system is known as a ________.
Vulnerability assessment