18 Questions
What is the primary goal of access control in operating systems?
To manage access to system resources, such as files, directories, pipes, and sockets.
In a Role-Based Access Control (RBAC) system, what determines the level of access a user has?
The user's role, such as 'Basic', 'Standard', or 'Premium'.
In UNIX-like systems, what do the permissions 'r', 'w', and 'x' represent?
Read, write, and execute, respectively, which determine a subject's access to an object.
What is the primary advantage of using Attribute-Based Access Control (ABAC) over RBAC?
ABAC provides more granular access control by considering multiple attributes, such as user subscription level, content rating, and device type.
In a Discretionary Access Control (DAC) model, who has complete control over object access permissions?
The owner of the object.
What is the significance of the 'set-UID' and 'set-GID' permissions in UNIX-like systems?
They allow a program to run with the privileges of the owner or group, respectively, rather than the user executing the program.
What is the primary goal of Authentication in the context of cyber security?
To ensure that only authorized subjects (users, devices, or systems) can access protected resources.
What are the three components of the AAA framework?
Authentication, Authorization, and Accounting.
What is the difference between unidirectional and bidirectional authentication in a client-server scenario?
Unidirectional authentication involves the client proving its identity to the server, while bidirectional authentication involves both the client and server proving their identities to each other.
What is the purpose of the challenge step in the authentication process?
To request proof of identity from the client.
What are the benefits of implementing Authentication in a system?
It maintains the confidentiality, integrity, and availability of data and systems, and provides an audit trail for security monitoring and compliance purposes.
What is the relationship between Authentication and Authorization in the AAA framework?
Authentication verifies the identity of the subject, while Authorization determines whether the authenticated subject has the necessary permissions to access the requested resource.
What is a recommended practice to minimize the risk of unauthorized access when using SSH key-based authentication?
Regularly rotate SSH keys and remove unused or compromised keys from the authorized_keys file.
What is the primary concept of Role-Based Access Control (RBAC)?
Assigning users to predefined roles based on their job functions or responsibilities.
What is the purpose of implementing SSH key management systems, two-factor authentication, or IP address restrictions?
To add extra layers of protection to SSH key-based authentication.
Why is it important to use strong passphrases to protect private keys?
To protect private keys from unauthorized access, especially if the keys are stored on a shared or public machine.
What is the purpose of monitoring SSH access logs and using intrusion detection systems (IDS)?
To identify and respond to suspicious activities or unauthorized access attempts.
What is the benefit of using public/private key authentication with SSH?
To ensure secure remote access to servers and network devices, protecting sensitive data and systems from unauthorized access and potential breaches.
Test your knowledge on the crucial role of authentication in cyber security, including the AAA framework's comprehensive approach to security. Learn about verifying identities and maintaining data confidentiality, integrity, and availability.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
