sec160 ch 8 netacad q11
accounting
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
authorization
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?
availability
info is always available to those who are authorized to access it.
confidentiality
info is only accessible to authorized individuals
integrity
info is protected from unauthorized alternation.
Department of Homeland Security
Which of the following offers a free service called Automated Indicator that enables the real-time exchange of cyberthreat indicators?
discretionary access control
it allows users to control access to their data as owners of that data. It may use ACLs or other methods to specify which users or groups of users have access to the info.
Identify the characteristics of AAA
-Authentication -Authorization -Accounting
Identify the Threat Intelligence Info Source
-FireEye -CVE -Talos -AIS
accounting and auditing
AAA component that records and logs user activity.
authentication
AAA component that requires proof of identity
authorization
AAA component that specifies the resources a user can access.
immediately after successful authentication against an AAA data source.
During the AAA process, when will authorization be implemented?
T/F. Local AAA authentication requires a central AAA server
False
T/F. RADIUS encrypts both passwords and the contents of packets.
False
authentication
Passwords, passphrases, and PINs are examples of which security term?
remote access
Refer to the exhibit. The security policy of an org allows employees to connect to the office intranet from their homes. Which type of security policy is this?
T/F. The mandatory access control (MAC) model limits access based on the security level clearance of an individual.
True
-the use of UDP ports for authentication and accounting -encryption of the authentication and authorization processes
What are two characteristics of the RADIUS protocol? (Choose two)
One safeguard failure does not affect the effectiveness of other safeguards.
What is a characteristic of a layered defense-in-depth security approach?
Vulnerabilities in systems are exploited to grant higher levels of privilege than someone or some process should have.
What is privilege escalation?
company policy
Which type of business policy establishes the rules of conduct and the responsibilities of employees and employers?
defense-in-depth
a security approach that uses multiple layers of security.
security policies
a set of security objectives for an org.
vulnerability
a weakness in a system that can be exploited
non-discretionary access control
access decisions are based on the roles and responsibilities of the individual within the org.
attribute-based access control
allows access based on attributes of the object (resource) to be accessed, the subject (user) accessing the resource, and the environment factors regarding how the object is to be accessed, such as time of day.
thread
any potential danger to an asset.
Mandatory Access Control (MAC)
apply the strictest access control and is typically used in military or mission-critical applications. It assigns security level labels to info and enables users with access based on their security level clearance.
A company has a file server that shares a folder named Public. The network security policy specifies that the Public folder is assigned Read-Only rights to anyone who can log into the server while the Edit rights are assigned only to the network admin group. Which component is addressed in the AAA network service framework?
authorization
BYOD
enables employees to use their own mobile devices to access company systems.
business policies
guidelines that govern the actions of an org.
Acceptable Use Policy (AUP)
identifies network applications and uses that are acceptable to the org.
company policies
rules of conduct and responsibilities for employers and employees
principle of least privilege
specifies an as-needed approach to user access rights.
edge router
the first line of defense that passes all inbound connections to the firewall.
artichoke
with the evolution of borderless networks, which vegetable is now used to describe a defense-in-depth approach?