Access Control Concepts in Cyber Security Quiz

Questions and Answers

Access control is concerned with determining the allowed activities of legitimate users.

• Determining the activities of legitimate users only. (correct)
• Determining the unauthorized activities of illegitimate users.
• Determining the activities of illegitimate users only.
• Determining the activities of all users, whether legitimate or not.

Access controls permit the security practitioner to specify what users can do.

• Access controls allow the security practitioner to specify what activities illegitimate users can do.
• Access controls allow the security practitioner to specify what resources they can access.
• Access controls allow the security practitioner to specify what operations they can perform on a system. (correct)
• Access controls allow users to specify what they can do.

Access controls provide the security practitioner with the ability to limit and monitor who has access to a system.

• Access controls provide the security practitioner with the ability to limit access to a system. (correct)
• Access controls provide the security practitioner with the ability to grant access to illegitimate users.
• Access controls provide the security practitioner with the ability to grant unlimited access to a system.
• Access controls provide the security practitioner with the ability to monitor all activities on a system.

An access control subject is an active entity and can be any user, program, or process that requests permission to cause data to flow.

An access control subject is a passive entity that doesn't request permission to cause data to flow. (A)

Access control subjects include:

Legitimate users only. (C)