10 Questions
What access principle is implemented by limiting employees' access to only necessary resources required for their job tasks?
Principle of least privilege (POLP)
In which access control model are access permissions predefined and cannot be changed by users?
Mandatory access control (MAC)
Which access control model determines access control based on the role of the user?
Role-based access control (RBAC)
What is the primary goal of implementing Mandatory access control in an organization?
To prevent unauthorized access to sensitive data
Which access control model is based on a set of rules defined by the administrator?
Rule-based access control (RB-RBAC)
What is the key characteristic of Discretionary access control?
Access permissions are determined by the system administrator
What is the primary benefit of implementing the principle of least privilege?
Enhanced security by reducing the attack surface
Which access control model is based on the job functions of users?
Role-based access control (RBAC)
What is the key difference between Mandatory access control and Discretionary access control?
Mandatory access control is based on system-defined rules
Which access control model is used to ensure that users have access to only the resources necessary for their job tasks?
Principle of least privilege (POLP)
Study Notes
Access Control Mechanism
- The system validates the user with the database based on provided credentials/identification, such as password, fingerprint, etc.
- The system then allows the user to perform only those operations or access only those resources for which the user has been authorized.
- Once the identification is successful, the system provides the user access to use the system.
- The correct sequence of steps involved in the access control mechanism is: A user provides their credentials/identification while logging into the system, the system validates the user with the database, the system provides the user access to use the system, and the system allows the user to perform only authorized operations or access resources.
Access Control Elements
- An object is an explicit resource on which an access restriction is imposed.
- A reference monitor verifies the restrictions imposed on objects based on certain access control rules.
Access Control Principles
- The principle of separation of duties (SoD) ensures that no single individual has the authorization rights to perform all functions and simultaneously denies access of all the objects to a single individual.
- The need-to-know principle defines that access is provided only to the information that is required for performing a specific task.
Access Control Models
- Mandatory access control (MAC) is a model where access permissions are available based on the access policies determined by the system and are beyond the user control.
- Role-based access control (RBAC) is a model that assigns permissions to a user role dynamically based on a set of rules defined by the administrator.
- Rule-based access control (RB-RBAC) is a model that determines the access control taken by any possessor of an object to decide the access control of a subject on that object.
- Discretionary access control (DAC) is a model where users can amend the access policies created by the system.
This quiz covers the steps involved in the access control mechanism, including user validation, authorization, and access to resources. It also touches on aspects of network security, encryption, and auditing.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
