Authorization and Access Control Quiz

Questions and Answers

What is the consequence of the over-privileged user opening an e-mail attachment containing malware?

• The user's administrative capabilities are revoked
• The malware is automatically deleted
• The system becomes immune to the malware
• The attacks have free reign on the system (correct)

What principle should be followed when configuring systems and allocating permissions for accounts?

• Principle of most privilege
• Principle of least privilege (correct)
• Principle of equal privilege
• Principle of random privilege

Which of the following is not a basic task related to access control?

• Enhancing access (correct)
• Limiting access
• Allowing access
• Revoking access

What happens when access controls are carefully planned out?

Attacks become more difficult (B)

In what scenario does an attacker have free reign on the system?

When encountering a Web site that pushes attack code to the client computer (C)

What is the principle of least privilege and how does it relate to system configuration and security planning?

The principle of least privilege involves granting only the minimum level of access or permissions necessary for a user or system to perform its tasks. This principle should be followed when configuring systems, allocating permissions for accounts, and planning out security. By doing so, some easily accessed tools that attackers can use against the system can be taken away.

What are the four basic tasks related to access control and how do they differ from each other?

The four basic tasks related to access control are allowing access, denying access, limiting access, and revoking access. Allowing access grants a particular party or parties access to a resource, denying access prohibits access to a resource, limiting access restricts the level of access to a resource, and revoking access takes away previously granted access to a resource.

How do over-privileged users make the system vulnerable to attacks, and what happens when they encounter malware or attack code?

Over-privileged users, endowed with administrative capabilities, make the system vulnerable to attacks because when they open an e-mail attachment containing malware or encounter a website that pushes attack code to the client computer, these attacks have free reign on the system as they are acting as the user. This gives the attacks unrestricted access and control over the system.

What are some examples of attacks that can occur when over-privileged users encounter malware or attack code?

When over-privileged users encounter malware or attack code, the system can be susceptible to various types of attacks such as data breaches, unauthorized access, system hijacking, and exploitation of privileged information or resources.

How can carefully following the principle of least privilege help in mitigating the impact of potential attacks on a system?

By carefully following the principle of least privilege when configuring systems, allocating permissions for accounts, and planning out security, some of the more easily accessed tools that attackers can use against the system can be taken away. This helps in mitigating the impact of potential attacks by reducing the attack surface and limiting the capabilities of potential attackers.

What are the four basic tasks related to access control, and how do they differ from each other?

The four basic tasks related to access control are allowing access, denying access, limiting access, and revoking access. Allowing access grants a particular party or parties access to a resource, denying access prohibits access to a resource, limiting access restricts the level of access to a resource, and revoking access takes away previously granted access to a resource.

How do over-privileged users make the system vulnerable to attacks, and what happens when they encounter malware or attack code?

Over-privileged users make the system vulnerable to attacks by having excessive access and administrative capabilities. When they encounter malware or attack code, these attacks have free reign on the system because they are acting as the over-privileged user, who in turn has administrative capabilities.

What is the consequence of the over-privileged user opening an e-mail attachment containing malware?

The consequence of the over-privileged user opening an e-mail attachment containing malware is that the malware is able to exploit the user's excessive privileges and potentially gain unauthorized access to the system.

What is the principle of least privilege and how does it relate to system configuration and security planning?

The principle of least privilege is the practice of limiting a user's access rights to only what are required to perform their tasks. It relates to system configuration and security planning by reducing the potential impact of security breaches and limiting the damage that can be caused by malicious activities.

How can carefully following the principle of least privilege help in mitigating the impact of potential attacks on a system?

Carefully following the principle of least privilege helps in mitigating the impact of potential attacks on a system by reducing the attack surface and limiting the capabilities of potential attackers, thereby minimizing the potential damage and unauthorized access that can occur.