Fundamentals of Information Systems

Authority-level policy

An authorization method in which access to resources is decided by the user's authority level.

Authorization

During which phase of the access control process does the system answer the question, "What can the requestor access?"

Accountability

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

Discretionary Access Control (DAC)

Gary would like to choose an access control model in which the owner of a resource decides who may modify permissions on that resource. Which model fits that scenario?

Security Kernel

The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.

Physical characteristics may change.

Which one of the following is NOT an advantage of biometric systems?

password

Which one of the following is an example of a logical access control?

Ownership

Which type of authentication includes smart cards?

Brute-force attack

Which type of password attack attempts all possible combinations of a password in an attempt to guess the correct value?