Chapter 11 Review Questions
Which of these is a set of permissions that is attached to an object? A. Access control list (ACL) b. Subject Access Entity (SAE) C. Object modifier d. Security entry designator
A. Access control list (ACL)
What is the least restrictive access control model? A. Discretionary Access Control (DAC) b Role Based Access Control (RBAC) c. Mandatory Access Control (MAC) d. Rule based Access Control (RBAC)
A. Discretionary Access Control (DAC)
A user entering her user name would correspond to the _______ action in access control. a. authentication b. identification c. Authorization d. access
B. Identification
_______ in access control means that if a condition is not explicitly met, then access is to be rejected a. Prevention control b. denial of duties c. implicit deny d. explicit rejection
C. implicit deny
Which statement about Rule Based Access Control is true? a. It requires that a custodian set all rules. B. it is considered obsolete today C. it dynamically assigns roles to subjects based on rules D. It is considered a real-world approach by linking a user's job function with security.
C. it dynamically assigns roles to subjects based on rules
A(n) _______ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as required. a. owner b. administrator c. custodian d. end-user
a. owner
With the development of IEEE 802.1x port security, the ________ authentication server has seen even greater usage. a. radius b. RDAP C. DAP D. AAA
a. radius
What is the current version of TACACS? a. XTACACS b. TACACS+ c.TACACS v5 d. TRACACS
b. TACACS+
What is the name given to the individual who periodically reviews settings and maintains records of access by users? a. supervisor b. custodian c. owner d. manager
b. custodian
How is the Security Assertion Markup Language (SAML) used? a. It is a backup to a RADIUS server b. it allows secure web domains to exchange user authentication and authorization data c. it is an authenticator in IEEE 802.1x d. IT is no longer used because it has been replaced by LDAP
b. it allows secure web domains to exchange user authentication and authorization data
Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory? a. Windows Register Settings b. AD Management Services (ADMS) c. Group Policy d. Resource Allocation Entities
c. Group Policy
What is the version of the X.500 standard that runs on a personal computer over TCP/IP? a. Lite RDAP b. DAP c. LDAP d. IEEE X.501
c. LDAP - lightweight directory access protocol
In the Mandatory Access Control (MAC) model, every subject and object ________ a. must be given a number from 200-900 b. is restricted and cannot be accessed c. is assigned a label d. can be changed by the owner
c. is assigned a label
The principle known as __________ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function. a. mandatory limitations b. enterprise security c. least privilege d. deny all
c. least privilege
A process function on behalf of the user who attempts to access a file is known as a(n) ______. a. object b. operation check c. subject d. resource
c. subject
A RADIUS authentication server requires that the _____________ be authenticated first. a. user b. authentication server c. supplicant d. authenticator
c. supplicant
Which authentication protocol is available as a free download that runs on Microsoft Windows, Apple Mac OS X, and Linux? a. LDAP b. IEEE 802.1x c. RADIUS d. Kerberos
d. Kerberos
A(n) _________ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents a. RBASE plug-in attack b. SQL/LDAP insert attack c. modified trojan attack d. LDAP injection attack
d. LDAP injection attack
Which of these is NOT part of the makeup of the AAA elements in security? a. auditing usage (accounting) b. controlling access to network resources (authentication) c. enforcing security policies (authorization) d. determining user need (analyzing)
d. determining user need (analyzing)
In the __________ model, the end user cannot change any security settings a. discretionary access control b. Restricted access control c. security access control d. mandatory access control
d. mandatory access control
