Computer Security Chapter 4 Access Control Definitions Quiz
10 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What principle should be employed to reduce the risk of malevolent activity without collusion?

  • Principle of equal privilege
  • Principle of most privilege
  • Principle of least privilege (correct)
  • Principle of random privilege
  • What function should non-privileged accounts or roles be used for?

  • Accessing non-security functions (correct)
  • Accessing privileged functions
  • Executing administrative commands
  • Accessing sensitive data
  • What is the purpose of limiting unsuccessful logon attempts?

  • Preventing unauthorized access (correct)
  • Facilitating multiple login attempts
  • Enhancing user convenience
  • Providing administrative access
  • What is the purpose of encrypting CUI on mobile devices?

    <p>Protecting sensitive information</p> Signup and view all the answers

    Which cryptographic mechanisms should be employed to protect the confidentiality of remote access sessions?

    <p>Symmetric-key encryption</p> Signup and view all the answers

    What does NISTIR 7298 define access control as?

    <p>The process of granting or denying specific requests to obtain and use information and related information processing services</p> Signup and view all the answers

    According to RFC 4949, what does access control regulate?

    <p>Use of system resources according to a security policy</p> Signup and view all the answers

    According to SP 800-171, what is one of the basic security requirements for access control?

    <p>Limit information system access to authorized users, processes acting on behalf of authorized users, or devices</p> Signup and view all the answers

    What is the main focus of access control according to NISTIR 7298?

    <p>Limiting access to authorized users only</p> Signup and view all the answers

    According to RFC 4949, who are the authorized entities for using system resources?

    <p>Authorized users, programs, processes, and other systems</p> Signup and view all the answers

    Study Notes

    Reducing Malevolent Activity

    • Principle of separation of duties should be employed to reduce the risk of malevolent activity without collusion.

    Account Usage

    • Non-privileged accounts or roles should be used for performing routine, daily tasks.

    Logon Attempts

    • Limiting unsuccessful logon attempts is done to prevent brute-force attacks and to reduce the risk of unauthorized access.

    Protecting CUI

    • Encrypting CUI (Controlled Unclassified Information) on mobile devices is done to protect the confidentiality of sensitive information.

    Cryptographic Mechanisms

    • Cryptographic mechanisms such as SSL/TLS and IPSec should be employed to protect the confidentiality of remote access sessions.

    Access Control Definition

    • NISTIR 7298 defines access control as the process of granting or denying access to a resource based on a user's identity, authentication, and authorization.

    Access Control Regulation

    • According to RFC 4949, access control regulates the access of subjects to objects, ensuring that only authorized entities have access to the resources they need.

    Basic Security Requirements

    • One of the basic security requirements for access control according to SP 800-171 is to limit access to authorized personnel, ensuring that only those with a legitimate need have access to sensitive resources.

    Access Control Focus

    • The main focus of access control according to NISTIR 7298 is to ensure that access to resources is restricted to authorized individuals, entities, or systems.

    Authorized Entities

    • According to RFC 4949, authorized entities are individuals, systems, or processes that have been granted access to system resources based on their identity, authentication, and authorization.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your understanding of access control definitions as explained in Chapter 4 of 'Computer Security: Principles and Practice Fourth Edition'. This quiz covers the process of granting or denying specific requests to obtain and use information, related information processing services, and to enter specific physical facilities.

    More Like This

    Use Quizgecko on...
    Browser
    Browser