Access Control Concepts in Cyber Security Quiz

Questions and Answers

Access control is concerned with determining the allowed activities of legitimate users.

Determining the activities of legitimate users only. (correct)

Determining the unauthorized activities of illegitimate users.

Determining the activities of illegitimate users only.

Determining the activities of all users, whether legitimate or not.

Access controls permit the security practitioner to specify what users can do.

Access controls allow the security practitioner to specify what activities illegitimate users can do.

Access controls allow the security practitioner to specify what resources they can access.

Access controls allow the security practitioner to specify what operations they can perform on a system. (correct)

Access controls allow users to specify what they can do.

Access controls provide the security practitioner with the ability to limit and monitor who has access to a system.

Access controls provide the security practitioner with the ability to limit access to a system. (correct)

Access controls provide the security practitioner with the ability to grant access to illegitimate users.

Access controls provide the security practitioner with the ability to grant unlimited access to a system.

Access controls provide the security practitioner with the ability to monitor all activities on a system.

An access control subject is an active entity and can be any user, program, or process that requests permission to cause data to flow.

An access control subject is a passive entity that doesn't request permission to cause data to flow.

Access control subjects include:

Legitimate users only.