Accessing Controls
A. Rule based access control
A firewall can be classified as a: Answers: A. Rule based access control B. Lattice based access control C. Directory based access control D. ID based access control E. All of the Above
Database views Firewalls
Examples of Technical preventative controls (choose all that apply) Answers: IDS Database views Firewalls Audit logs Forensics
D. Limiting users and processes to access only resources necessary to perform assigned functions
Least privilege is: A. Denying all access B. Failing closed C. DAC D. Limiting users and processes to access only resources necessary to perform assigned functions E. RBAC
A. Forcing collusion
Separation of duties assists in security by Answers: A. Forcing collusion B. Causing diffusion C. Forcing confusion D. leveraging MAC
D. Restoring conditions to normal
The Recovery category deals with: Answers: A. Discouraging the incident B. Identifying the incident C. Avoiding the incident D. Restoring conditions to normal E. Mitigation of damage
Corrective Deterrent Preventative Detective
The following are Categories of Access controls (choose all that apply) Answers: Corrective Deterrent Preventative Detective Protective
B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved.
Which best describes access controls? Answers: A. Access controls are a collection of technical controls that permit access to authorized users, systems, and applications. B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved. C. Access control is the employment of encryption solutions to protect authentication information during log-on. D. Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.
A. MAC (Mandatory Access Control)
Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user? Answers: A. MAC (Mandatory Access Control) B. RBAC (Role Based Access Control) C. LBAC (List Based Access Control) D. DAC (Discretionary Access Control)
B. Access control lists
Which of the following access control methods provides the most granular access to protected objects? Answers: A. Capabilities B. Access control lists C. Permission bits D. Profiles
C. MAC (Mandatory Access Control).
Which of the following access control methods relies on user security clearance and data classification? Answers: A. RBAC (Role Based Access Control). B. NDAC (Non-Discretionary Access Control). C. MAC (Mandatory Access Control). D. DAC (Discretionary Access Control).
D. Sensitivity labels
Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment? Answers: A. Access control lists B. Ownership C. Group membership D. Sensitivity labels
B. RBAC (Role Based Access Control)
Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization? Answers: A. MAC (Mandatory Access Control) B. RBAC (Role Based Access Control) C. DAC (Discretionary Access Control) D. None of the above.
D. DACs (Discretionary Access Control)
Which of the following best describes an access control mechanism that allows the data owner to create and administer access control? Answers: A. MACs (Mandatory Access Control) B. RBACs (Role Based Access Control) C. LBACs (List Based Access Control) D. DACs (Discretionary Access Control)
B. SAC (Subjective Access Control) list.
Which of the following is NOT a valid access control mechanism? Answers: A. DAC (Discretionary Access Control) list. B. SAC (Subjective Access Control) list. C. MAC (Mandatory Access Control) list. D. RBAC (Role Based Access Control) list.
A. Uses levels of security to classify users and data
Which of the following is a characteristic of MAC (Mandatory Access Control)? Answers: A. Uses levels of security to classify users and data. B.Allows owners of documents to determine who has access to specific documents. C. Uses access control lists which specify a list of authorized users. D. Uses access control lists which specify a list of unauthorized users.
B. Access Control list
While assigning access privilege using the DAC, which of the following will you be needing? Answers: A. User database B. Access Control list C. Resource list D. None of the above
B. Military
Who is best served using MAC? Answers: A. Big Business B. Military C. High turn over organizations D. Education E. SOHO
D. Each object has an owner, which has full control over the object.
With regard to DAC (Discretionary Access Control), which of the following statements are true? Answers: A. Files that don't have an owner CANNOT be modified. B. The administrator of the system is an owner of each object. C. The operating system is an owner of each object. D. Each object has an owner, which has full control over the object. E. none of the above
B. Sales, marketing, management, and production roles.
You work as the security administrator at ibm.com. IBM has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including 1) files 2) printers 3) mailboxes four distinct departments with distinct functions including 1) Sales 2) Marketing 3) Management 4) Production ....in the system. Each department needs access to different resources. Each user has a workstation. Which roles should you create to support the RBAC (Role Based Access Control) model? Answers: A. File, printer, and mailbox roles. B. Sales, marketing, management, and production roles. C. User and workstation roles. D. Allow access and deny access roles.
C. User B has no permissions on the file.
You work as the security administrator at ibm.com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows: Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write, - User A is the owner of the file. User B is a member of the Sales group. What effective permissions does User B have on the file? Answers: A. User B has read, write and execute permissions on the file B. User B has read and write permissions on the file. C. User B has no permissions on the file. D. User B has read permissions on the file. E. None of the Above
Risk Assessment Separation of duties Pre-employment background checks
examples of Administrative preventative controls (choose all that apply) Answers: Risk Assessment Separation of duties Job Rotation Pre-employment background checks Incident response
