Cyber Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

An __________ identifies users or groups who have specific security assignments to an object. The term "permission" identifies the type of access that is allowed or denied for the object.

Access Control List

_________ is the ability to permit or deny the privileges that users have when accessing resources on a network or computer.

Access Controls

The ________ is used for controlling access to resources and contains the following information: The SID for the user or computer,The SID for all groups the user or computer is a member of, User rights granted to the security principal.

Access token

An _________ is a centralized database that contains user account and security information. In a workgroup, security and management take place on each individual computer, with each computer holding separate information about users and resources.

Active Directory

A _________ (or Type I error) occurs when a person who should be allowed access is denied access.

False negative

A _______ (or Type II error) occurs when a person who should be denied access is allowed access.

False positive

__________ is the initial process of confirming the identity of a user requesting credentials and occurs when a user types in a user ID to log on.

Identification

With ________, users or groups which are not specifically given access to a resource are denied access.

Implicit deny

_____________ uses labels (or attributes) for both subjects (i.e., users who need access) and objects (i.e., resources with controlled access, such as data, applications, systems, networks, and physical space).

Mandatory access control

__________ authentication requires that both parties authenticate with each other before beginning communications.

Mutual

Within Active Directory, each resource is identified as an ________.

Object

When it comes to Access Controls, _______ are the data, applications, systems, networks, and physical space.

Objects

An__________ is like a folder that subdivides and organizes network resources within a domain. It can hold other organizational units and can hold objects such as users and computers. It can also be used to logically organize network resources.

Organizational Unit

The __________ states that users or groups are given only the access they need to do their job (and nothing more).

Principle of least privilege

____________ allows access based on a role in an an organization, not individual users. May also be known as non discretionary access control. Roles are defined by job description or security access level. Users are made members of a role and receive the permissions assigned to the role.

Role-based access control

____________ uses characteristics of objects or subjects, along with rules, to restrict access. Access control entries identify a set of characteristics that will be examined for a match.

Rule set-based access control

A _________ is an object that can be given permissions to an object. They include user accounts, computer accounts, and security group accounts. Each one is given a unique identification number called a SID.

Security principal

_____________ is the concept of having more than one person required to complete a task. This helps prevent insider attacks because no one person has end-to-end control and no one person is irreplaceable.

Separation of duties

_________ is a distributed access method that allows a subject to log in (sign on) once to a network and access all authorized resources on the network.

Single Sign On

__________ authentication uses a biometric system. A biometric system attempts to identify a person based on metrics or a mathematical representation of the subject's biological attribute. This is the most expensive and least accepted, but is generally considered to be the most secure form of authentication.

Something you are

__________ (also called token-based authentication) is authentication based on something a user has in their possession.

Something you have

____________ authentication requires you to provide a password or some other data that you have knowledge of. This is the weakest type of authentication.

Something you know

With Access Controls,________ are the users, applications, or processes that need access to objects.

Subjects

A _______ is a group of related domains that share the same connecting DNS namespace.

Tree

____________ is maintaining a record of a subject's activity within the information system.

Auditing/Accounting

_____________ is the process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid.

Authentication

________________ is the granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object.

Authorization

_________ specifically identifies users or groups who have access. It is a moderate form of access control in which privilege has been granted to a subject.

Explicit allow

____________ identifies users or groups who are not allowed access. It is the strongest form of access control and overrules all other privileges granted.

Explicit deny

___________is an access control method which implements multiple access control methods instead of relying on a single method. Multiple fortifications make it harder to bypass the security measures.

Defense in Depth

___________assigns access directly to subjects based on the decision of the owner. Objects have a DACL with entries for each subject. Owners add subjects to the DACL and assign rights or permissions.

Discretionary access control

A ________is an administratively-defined collection of network resources that share a common directory database and security policies.

Domain

A __________ is a server that holds a copy of the Active Directory database that can be written to.

Domain Controller


Ensembles d'études connexes

Intro to Animal Physiology Study Questions

View Set

PSYC2360 Quizzes for final (ch 8)

View Set