Information Security Lecture 3: Authorization and Access Control Quiz

Questions and Answers

What is the next step after completing identification and authentication?

• Authorization (correct)
• Decryption
• Key generation
• Encryption

Which concept enables management of access at a more granular level?

• Access control (correct)
• Intrusion detection system
• Encryption
• Firewall configuration

What principle advocates providing a user with the minimum levels of access required to perform their tasks?

• Principle of most privilege
• Principle of random privilege
• Principle of least privilege (correct)
• Principle of equal privilege

Which methodology specifies permissions attached to an object that specify which subjects can access the object and what operations they can perform?

Access control lists (B)

What enables determination of what an authenticated party is allowed to do?

Authorization (C)

Define authorization and access control in the context of information security.

Authorization and access control are concepts that determine what a party is allowed to do and whether they will be allowed or denied access to specific resources. Authorization specifies where the party should be allowed or denied access, while access control enables management of this access at a more granular level.

What is the purpose of authorization in the context of information security?

Authorization, as the next step after identification and authentication, enables the determination of exactly what an authenticated party is allowed to do.

What is the principle of least privilege and how does it relate to authorization?

The principle of least privilege advocates providing a user with the minimum levels of access required to perform their tasks. This principle is related to authorization as it ensures that access is limited to only what is necessary for the party to fulfill their duties.

How is access control typically implemented in the context of information security?

Access control is typically implemented through the use of access controls, which specify permissions attached to an object, determining which subjects can access the object and what operations they can perform.

What are the two main concepts used to achieve the determination of access to specific resources?

The two main concepts used to achieve this determination are authorization and access control. Authorization specifies where the party should be allowed or denied access, while access control enables management of this access at a more granular level.

Flashcards

Authorization

The process of verifying if a subject (like a user) has the necessary permissions to access a resource.

Access control

A mechanism for managing and enforcing access to resources. It determines which subjects can access specific resources and what actions they can perform.

Principle of least privilege

The principle of granting the least amount of access necessary for a subject to perform their required tasks.

Access Control Lists (ACLs)

A method for specifying permissions attached to an object, determining which subjects can access it and what actions they can perform.

Authorization

The step that follows identification and authentication, determining what actions an authenticated subject is allowed to perform.

Access Control

A method for specifying permissions attached to an object, outlining which subjects can access it.

Principle of Least Privilege

The process of granting the least amount of access required for a user to complete their tasks.

Access Control Lists (ACLs)

A list detailing permissions associated with an object, determining which subjects can access it and their allowed actions.

Identification and Authentication

The process of establishing who a user is and authenticating their identity.

Authorization

The process of determining what actions an authenticated subject is permitted to perform.