21 Questions
Match the following access control components with their descriptions:
Objects = System resources for which protection is desirable Subjects = Active entities requesting accesses to resources Access mode = Type of access (e.g., read, write, execute) Access Control Models = Categories of access control mechanisms like DAC and MAC
Match the following access control models with their descriptions:
Discretionary Access Control (DAC) = Resource owner specifies who can access specific resources Mandatory Access Control (MAC) = Access control based on security labels and clearances Role Based Access Control (RBAC) = Access control based on roles and permissions assigned to users Access Control Lists (ACLs) = Common implementation of DAC using lists of permissions for resources
Match the following terms with their definitions:
Owner based access control = Users can protect what they own and define access for others Successful authentication = Granting privileges after confirming user's identity Relationship among Access Control and Other Security Functions = Interconnections between access control and other security measures Access control mechanism = Granting privileges upon validating user's identity
Match the access control model with its description:
ACL = Example of specific permissions for users on files MAC = Classifies subjects and objects based on security classes like Top Secret, Secret, Confidential, and Unclassified RBAC = Access decisions based on roles that individual users have in an organization Operating Systems = Controls user access to files and processes in the system
Match the security classification level with its description:
Top Secret (TS) = The highest security classification level Secret (S) = One of the security classification levels below Top Secret Confidential (C) = Security classification level below Secret Unclassified (U) = The lowest security classification level
Match the examples with the type of access control they represent:
Social Networks = Access control where personal information can be restricted to self, friends, or everybody Web Browsers = Access control that controls the type of content users can view ACL = Example of access control specifying permissions for users on files MAC = Access control applied to large amounts of information with clear classifications like Top Secret, Secret, etc.
Match the level of access with its description:
Read = Permission to view or read the content of a file or resource Write = Permission to make changes or write to a file or resource Own = Highest permission level indicating ownership or full control over a file or resource Execute = Permission to run or execute a file or program
Match the user with their access rights on File 1:
Joe = Has Read and Write permissions on File 1 Sam = Has Read, Write, and Own permissions on File 1 Admins = Only group that can change object levels in MAC, not object owners themselves Normal User = Cannot arbitrarily access another user's files in operating systems
Match the specific examples with their corresponding access control implementation:
Facebook and MySpace = Social networks implementing access control for personal information sharing Operating System Access Control = Controls user access to files and processes on an operating system Web Browsers Content Control = Restricts what types of content users can view in browsers ACL for Files = Specific permissions set for users on files in a system
What is the primary purpose of an access control mechanism?
To specify what users can or cannot do on a system
In the DAC model, who specifies which subjects can access specific resources?
Owner of the resource
What is the common implementation of DAC that allows owners to control access to their resources?
Access Control Lists (ACLs)
Which access control model focuses on defining access based on roles rather than individual users?
Role Based Access Control (RBAC)
What is the highest security classification level in the MAC model?
Top secret (TS)
What does Owner-based access control in DAC allow users to do?
Protect what they own
Who can change the object level in the Mandatory Access Control (MAC) model?
System administrators
Which component of access control specifies the type of actions a user can perform on a resource?
Access mode
In Role-Based Access Control (RBAC), what are access decisions based on?
User's roles
What is an example of an access control implementation in operating systems mentioned in the text?
User accessing another user's files arbitrarily
Which component of the system controls the types of content users can view in web browsers?
Access control
Who can access some personal information on social networks like Facebook and MySpace?
Only yourself
This quiz covers the fundamental concepts of access control in Lecture 3 by Assistant Professor Dr. Noor Ghazi. It explores access control mechanisms, models, components such as objects and subjects, and the actions and resources users can interact with.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
