Active Directory Discretionary Access Control (DAC)

Questions and Answers

What is a Discretionary Access Control List (DACL) in Active Directory?

An internal list specifying which users and groups can access an object and what operations they can perform

What does the System Access Control List (SACL) in Windows operating systems control?

Logging or auditing resource access

What does data security refer to?

Protecting data from unauthorized access and data corruption

What are the key practices included in data security?

Data encryption, hashing, tokenization, and key management

What type of security access control does DAC mechanism control?

Grants or restricts object access via an access policy determined by an object's owner group and/or subjects

What does the solution for payments security provide?

Complete point-to-point encryption and tokenization for retail payment transactions

What is the purpose of file attributes in a computer system?

To grant or deny certain rights to how a user or the operating system can access that file.

What does data erasure achieve in terms of data security?

Verifies that the data is unrecoverable

What does file masking allow organizations to do with real data?

Develop applications or train people using real data while masking personally identifiable information where necessary

What is the purpose of a volume label in a computer system?

To help identify the use of a drive by assigning it a unique name

What does data resiliency determine in an organization's context?

Determines how well an organization endures or recovers from hardware problems

What is the function of encryption in terms of data security?

To transform normal text characters into an unreadable format so that only authorized users can read it

What does 'read-only' attribute mean for a file in a computer system?

Allows a file to be read, but nothing can be written to it or changed

What role does 'archive' attribute play in file handling?

Tells Windows Backup to back up the file

What is the primary function of 'hidden' attribute for a file in DOS?

File is not shown when doing a regular dir from DOS

Study Notes

Access Control Lists

• A Discretionary Access Control List (DACL) in Active Directory determines access rights to a specific resource or object.
• A System Access Control List (SACL) in Windows operating systems controls auditing and logging of access to a resource or object.

Data Security

• Data security refers to the protection of digital data from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Key practices included in data security are:
• Confidentiality: protecting data from unauthorized access
• Integrity: ensuring data accuracy and completeness
• Availability: ensuring data is accessible when needed

Discretionary Access Control (DAC)

• DAC mechanism controls discretionary access control, which allows the owner of a resource to specify which users or groups have access to it.

Payment Security

• The solution for payments security provides a secure way to process online transactions, protecting sensitive customer information.

File Attributes

• File attributes in a computer system are properties or characteristics of a file, such as read-only, archive, or hidden, which affect how the file is handled or accessed.
• The purpose of file attributes is to provide additional functionality or control over file access and management.

Data Erasure

• Data erasure achieves complete removal of data from a storage device, ensuring it cannot be recovered or accessed.

File Masking

• File masking allows organizations to replace sensitive data with fictional, but realistic, data, ensuring data privacy while maintaining data utility.

Volume Label

• The purpose of a volume label in a computer system is to provide a human-readable name for a storage volume or device.

Data Resiliency

• Data resiliency determines an organization's ability to maintain business operations and data accessibility despite disruptions or outages.

Encryption

• The function of encryption in data security is to protect data by converting it into an unreadable format, ensuring it remains confidential and secure.

File Attributes (Read-Only, Archive, Hidden)

• The 'read-only' attribute for a file in a computer system prevents modifications or deletions.
• The 'archive' attribute plays a role in file backup and restoration, as it marks files that have changed since the last backup.
• The primary function of the 'hidden' attribute for a file in DOS is to hide files from the default directory listing, protecting sensitive files from casual access.