6.1.8 Network security

You assign access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principle are you complying with?

principle of least privilege

Audit trails produced by auditing activities are which type of security control?

Detective

You have implemented an access control method that only allows users who are managers to access specific data. Which type of access control model is being used?

RBAC

Which of the following is an example of rule-based access control?

Router access control lists that allow or deny traffic based on the characteristics of an IP packet.

Which of the following is used for identification?

username

Which access control model is based on assigning attributes to objects and using Boolean logic to grant access based on the attributes of the subject?

Attribute-Based Access Control (ABAC)

A remote access user needs to gain access to resources on the server. Which of the following processes are performed by the remote access server to control access to resources?

Authentication and authorization

You want to implement an access control list in which only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following methods of access control should the access list use?

Explicit allow, implicit deny

Which of the following principles is implemented in a mandatory access control model to determine object access by classification level?

Need to Know

What is the primary purpose of separation of duties?

Prevent conflicts of interest

Which of the following is an example of privilege escalation?

Privilege creep