Chapter 7

Review Questions

1. A user entering her username would correspond to the _____ action in access control.

A. identification

B. authentication

C. authorization

D. access

2. Access control can be accomplished by each of the following except ______.

A. resource management

B. hardware

C. software

D. policy

3. A process functioning on behalf of the user that attempts to access a file is known as a(n) _______.

A. object

B. subject

C. resource

D. operation check

4. The individual who periodically reviews security settings and maintains records of access by users is called the _____.

A. owner

B. custodian

C. manager

D. supervisor

5. In the _____ model, the end user cannot change any security settings.

A. Discretionary Access Control

B. Mandatory Access Control

C. Security Access Control

D. Restricted Access Control

6. Rule Based Access Control _____.

A. dynamically assigns roles to subjects based on rules

B. is considered a real-world approach by linking a user’s job function with security

C. requires that a custodian set all rules

D. is considered obsolete today

7. Separation of duties requires that _____.

A. end users cannot set security for themselves

B. managers must monitor owners for security purposes

C. processes should be divided between two or more individuals

D. jobs be rotated among different individuals

8. _____ in access control means that if a condition is not explicitly met then it is to be rejected.

A. Implicit deny

B. Explicit rejection

C. Denial of duties

D. Prevention control

9. A(n) _____ is a set of permissions that is attached to an object.

A. Subject Access Entity (SAE)

B. object modifier

C. access control list (ACL)

D. security entry designator

10. _____ is a Microsoft Windows feature that provides centralized management and configuration of computers and remote users who are using Active Directory.

A. Windows Register Settings

B. Resource Allocation Entities

C. AD Management Services (ADMS)

D. Group Policy

11. Which of the following is NOT a characteristic of a brute force attack?

A. They are faster than dictionary attacks.

B. They are generally not feasible.

C. They can take a long time to be successful.

D. Each attempt must be entered into the login program to determine if it is correct.

12. _____ create a large pre-generated data set of hashes from nearly every possible password combination.

A. LM hashes

B. NTLM databases

C. Dictionary tables

D. Rainbow tables

13. Which of the following is NOT a password policy defense against an attacker stealing a Windows password file?

A. Password-protect the ROM BIOS.

B. Physically lock the computer case so that it cannot be opened.

C. Disable all necessary accounts.

D. Ensure that all servers and computers are regularly patched.

14. The Domain password policy _____ determines the number of unique new passwords a user must use before an old password can be reused.

A. Maximum password time

B. Minimum password expiration

C. Set password reuse

D. Enforce password history

15. A(n) _____ extends a solid metal bar into the door frame for extra security.

A. preset lock

B. key-in-knob lock

C. tab lock

D. deadbolt lock

16. A(n) _____ uses buttons that must be pushed in the proper sequence to open the door.

A. keyboard lock

B. user bolt lock (UBL)

C. pad lock

D. cipher lock

17. An ID badge fitted with _____ makes it unnecessary to swipe or scan the badge for entry.

A. radio frequency (RFID) tags

B. electromagnetic sentry buttons

C. cipher scans

D. passive cores

18. Using video cameras to transmit a signal to a specific and limited set of receivers is called _____.

A. security monitoring transmission (SMT)

B. vector security (VS)

C. closed circuit television (CCTV)

D. restricted access television

19. The least restrictive access control model is _____.

A. Mandatory Access Control (MAC)

B. Discretionary Access Control (DAC)

C. Role Based Access Control (RBAC)

D. Rule Based Access Control (RBAC)

20. The principle known as _____ in access control means that each user should only be given the minimal amount of privileges necessary for that person to perform their job function.

A. least privilege

B. deny all

C. Enterprise Security

D. Mandatory Limitations