Information Security Lecture 3: Authorization and Access Control Quiz

Questions and Answers

PDF Questions PDF Answers

What is the next step after completing identification and authentication?

Authorization (correct)

Decryption

Key generation

Encryption

Which concept enables management of access at a more granular level?

Access control (correct)

Intrusion detection system

Encryption

Firewall configuration

What principle advocates providing a user with the minimum levels of access required to perform their tasks?

Principle of most privilege

Principle of random privilege

Principle of least privilege (correct)

Principle of equal privilege

Which methodology specifies permissions attached to an object that specify which subjects can access the object and what operations they can perform?

Access control lists

What enables determination of what an authenticated party is allowed to do?

Authorization

Define authorization and access control in the context of information security.

Authorization and access control are concepts that determine what a party is allowed to do and whether they will be allowed or denied access to specific resources. Authorization specifies where the party should be allowed or denied access, while access control enables management of this access at a more granular level.

What is the purpose of authorization in the context of information security?

Authorization, as the next step after identification and authentication, enables the determination of exactly what an authenticated party is allowed to do.

What is the principle of least privilege and how does it relate to authorization?

The principle of least privilege advocates providing a user with the minimum levels of access required to perform their tasks. This principle is related to authorization as it ensures that access is limited to only what is necessary for the party to fulfill their duties.

How is access control typically implemented in the context of information security?

Access control is typically implemented through the use of access controls, which specify permissions attached to an object, determining which subjects can access the object and what operations they can perform.

What are the two main concepts used to achieve the determination of access to specific resources?

The two main concepts used to achieve this determination are authorization and access control. Authorization specifies where the party should be allowed or denied access, while access control enables management of this access at a more granular level.