Active Directory Discretionary Access Control (DAC)

Questions and Answers

What is a Discretionary Access Control List (DACL) in Active Directory?

• A mechanism that controls user identification during authentication
• An internal list specifying which users and groups can access an object and what operations they can perform (correct)
• A form of access control for protecting data from unauthorized access
• An external list attached to an object that specifies security policies for system-wide actions

What does the System Access Control List (SACL) in Windows operating systems control?

• Data encryption and hashing
• User identification during authentication
• Logging or auditing resource access (correct)
• Tokenization for retail payment transactions

What does data security refer to?

• Managing folder and file security in Windows operating systems
• Defining access policies for object access in Active Directory
• Protecting data from unauthorized access and data corruption (correct)
• Enabling PCI scope reduction for retail payment transactions

What are the key practices included in data security?

Data encryption, hashing, tokenization, and key management (C)

What type of security access control does DAC mechanism control?

Grants or restricts object access via an access policy determined by an object's owner group and/or subjects (A)

What does the solution for payments security provide?

Complete point-to-point encryption and tokenization for retail payment transactions (C)

What is the purpose of file attributes in a computer system?

To grant or deny certain rights to how a user or the operating system can access that file. (D)

What does data erasure achieve in terms of data security?

Verifies that the data is unrecoverable (A)

What does file masking allow organizations to do with real data?

Develop applications or train people using real data while masking personally identifiable information where necessary (A)

What is the purpose of a volume label in a computer system?

To help identify the use of a drive by assigning it a unique name (B)

What does data resiliency determine in an organization's context?

Determines how well an organization endures or recovers from hardware problems (D)

What is the function of encryption in terms of data security?

To transform normal text characters into an unreadable format so that only authorized users can read it (C)

What does 'read-only' attribute mean for a file in a computer system?

Allows a file to be read, but nothing can be written to it or changed (A)

What role does 'archive' attribute play in file handling?

Tells Windows Backup to back up the file (C)

What is the primary function of 'hidden' attribute for a file in DOS?

File is not shown when doing a regular dir from DOS (A)

Study Notes

Access Control Lists

• A Discretionary Access Control List (DACL) in Active Directory determines access rights to a specific resource or object.
• A System Access Control List (SACL) in Windows operating systems controls auditing and logging of access to a resource or object.

Data Security

• Data security refers to the protection of digital data from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Key practices included in data security are:
• Confidentiality: protecting data from unauthorized access
• Integrity: ensuring data accuracy and completeness
• Availability: ensuring data is accessible when needed

Discretionary Access Control (DAC)

• DAC mechanism controls discretionary access control, which allows the owner of a resource to specify which users or groups have access to it.

Payment Security

• The solution for payments security provides a secure way to process online transactions, protecting sensitive customer information.

File Attributes

• File attributes in a computer system are properties or characteristics of a file, such as read-only, archive, or hidden, which affect how the file is handled or accessed.
• The purpose of file attributes is to provide additional functionality or control over file access and management.

Data Erasure

• Data erasure achieves complete removal of data from a storage device, ensuring it cannot be recovered or accessed.

File Masking

• File masking allows organizations to replace sensitive data with fictional, but realistic, data, ensuring data privacy while maintaining data utility.

Volume Label

• The purpose of a volume label in a computer system is to provide a human-readable name for a storage volume or device.

Data Resiliency

• Data resiliency determines an organization's ability to maintain business operations and data accessibility despite disruptions or outages.

Encryption

• The function of encryption in data security is to protect data by converting it into an unreadable format, ensuring it remains confidential and secure.

File Attributes (Read-Only, Archive, Hidden)

• The 'read-only' attribute for a file in a computer system prevents modifications or deletions.
• The 'archive' attribute plays a role in file backup and restoration, as it marks files that have changed since the last backup.
• The primary function of the 'hidden' attribute for a file in DOS is to hide files from the default directory listing, protecting sensitive files from casual access.

Description

Learn about managing folder and file security in Active Directory through Discretionary Access Control Lists (DACL). Understand how DAC grants or restricts object access based on access policies determined by an object's owner group and/or subjects.