Cyber Security
An __________ identifies users or groups who have specific security assignments to an object. The term "permission" identifies the type of access that is allowed or denied for the object.
Access Control List
_________ is the ability to permit or deny the privileges that users have when accessing resources on a network or computer.
Access Controls
The ________ is used for controlling access to resources and contains the following information: The SID for the user or computer,The SID for all groups the user or computer is a member of, User rights granted to the security principal.
Access token
An _________ is a centralized database that contains user account and security information. In a workgroup, security and management take place on each individual computer, with each computer holding separate information about users and resources.
Active Directory
A _________ (or Type I error) occurs when a person who should be allowed access is denied access.
False negative
A _______ (or Type II error) occurs when a person who should be denied access is allowed access.
False positive
__________ is the initial process of confirming the identity of a user requesting credentials and occurs when a user types in a user ID to log on.
Identification
With ________, users or groups which are not specifically given access to a resource are denied access.
Implicit deny
_____________ uses labels (or attributes) for both subjects (i.e., users who need access) and objects (i.e., resources with controlled access, such as data, applications, systems, networks, and physical space).
Mandatory access control
__________ authentication requires that both parties authenticate with each other before beginning communications.
Mutual
Within Active Directory, each resource is identified as an ________.
Object
When it comes to Access Controls, _______ are the data, applications, systems, networks, and physical space.
Objects
An__________ is like a folder that subdivides and organizes network resources within a domain. It can hold other organizational units and can hold objects such as users and computers. It can also be used to logically organize network resources.
Organizational Unit
The __________ states that users or groups are given only the access they need to do their job (and nothing more).
Principle of least privilege
____________ allows access based on a role in an an organization, not individual users. May also be known as non discretionary access control. Roles are defined by job description or security access level. Users are made members of a role and receive the permissions assigned to the role.
Role-based access control
____________ uses characteristics of objects or subjects, along with rules, to restrict access. Access control entries identify a set of characteristics that will be examined for a match.
Rule set-based access control
A _________ is an object that can be given permissions to an object. They include user accounts, computer accounts, and security group accounts. Each one is given a unique identification number called a SID.
Security principal
_____________ is the concept of having more than one person required to complete a task. This helps prevent insider attacks because no one person has end-to-end control and no one person is irreplaceable.
Separation of duties
_________ is a distributed access method that allows a subject to log in (sign on) once to a network and access all authorized resources on the network.
Single Sign On
__________ authentication uses a biometric system. A biometric system attempts to identify a person based on metrics or a mathematical representation of the subject's biological attribute. This is the most expensive and least accepted, but is generally considered to be the most secure form of authentication.
Something you are
__________ (also called token-based authentication) is authentication based on something a user has in their possession.
Something you have
____________ authentication requires you to provide a password or some other data that you have knowledge of. This is the weakest type of authentication.
Something you know
With Access Controls,________ are the users, applications, or processes that need access to objects.
Subjects
A _______ is a group of related domains that share the same connecting DNS namespace.
Tree
____________ is maintaining a record of a subject's activity within the information system.
Auditing/Accounting
_____________ is the process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid.
Authentication
________________ is the granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object.
Authorization
_________ specifically identifies users or groups who have access. It is a moderate form of access control in which privilege has been granted to a subject.
Explicit allow
____________ identifies users or groups who are not allowed access. It is the strongest form of access control and overrules all other privileges granted.
Explicit deny
___________is an access control method which implements multiple access control methods instead of relying on a single method. Multiple fortifications make it harder to bypass the security measures.
Defense in Depth
___________assigns access directly to subjects based on the decision of the owner. Objects have a DACL with entries for each subject. Owners add subjects to the DACL and assign rights or permissions.
Discretionary access control
A ________is an administratively-defined collection of network resources that share a common directory database and security policies.
Domain
A __________ is a server that holds a copy of the Active Directory database that can be written to.
Domain Controller