FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Access Control

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

True/False

Review LaterAdd Note

Review Later

The authentication function determines who is trusted for a given purpose.

Correct Answer

verified

Show Answer

Question 2

True/False

Review LaterAdd Note

Review Later

Any program that is owned by,and SetUID to,the "superuser" potentially grants unrestricted access to the system to any user executing that program.

Correct Answer

verified

Show Answer

Question 3

Multiple Choice

Review LaterAdd Note

_________ is the granting of a right or permission to a system entity to access a system resource.

The __________ user ID is exempt from the usual file access control constraints and has system wide access.

A constraint is a defined relationship among roles or a condition related to roles.

Access control is the central element of computer security.

__________ provide a means of adapting RBAC to the specifics of administrative and security policies in an organization.

A __________ is a named job function within the organization that controls this computer system.

Security labels indicate which system entities are eligible to access certain resources.

A user program executes in a kernel mode in which certain areas of memory are protected from the user's use and certain instructions may not be executed.

The final permission bit is the _________ bit.

A(n) __________ is a resource to which access is controlled.

A __________ is an object or data structure that authoritatively binds an identity to a token possessed and controlled by a subscriber.

__________ controls access based on comparing security labels with security clearances.

T F 4.External devices such as firewalls cannot provide access control services.

__________ implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.

X.800 defines __________ as the prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner.

An auditing function monitors and keeps a record of user accesses to system resources.

Subject attributes,object attributes and environment attributes are the three types of attributes in the __________ model.

An independent review and examination of system records and activities in order to test for adequacy of system controls,to ensure compliance with established policy and operational procedures,to detect breaches in security,and to recommend any indicated changes in control,policy and procedures is a(n)__________ .