Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
53 Cards in this Set
- Front
- Back
________ is a flow of information between a subject and an object.
|
Access
|
|
A ________ is an active entity that requests access to an object, which is a passive entity.
|
subject
|
|
A _________ can be a user, program, or process.
|
subject
|
|
________ is the assurance that information is not disclosed to unauthorized subjects.
|
Confidentiality
|
|
Some security mechanisms that provide ________ are encryption, logical and physical access control, transmission protocols, database views, and controlled traffic flow.
|
confidentiality
|
|
_____________ solutions include directories, web access management, password management, legacy single sign-on, account management, and profile update.
|
Identity management
|
|
__________ reduces the complexity of keeping up with different passwords for different systems.
|
Password synchronization (single sign-on)
|
|
__________ password reset reduces the help-desk call volumes by allowing users to reset their own passwords.
|
Self-service
|
|
________ password reset reduces the resolution process for password issues for the help-desk department.
|
Assisted
|
|
IdM directories contain all resource information, users' attributes, authorization profiles, roles, and possibly access control policies so other IdM applications have one _________ resource from which to gather this information.
|
centralized
|
|
An __________ workflow component is common in account management products that provide IdM solutions.
|
automated
|
|
________ refers to the creation, maintenance, and deactivation of user objects and attributes, as they exist in one or more systems, directories, or applications.
|
User provisioning
|
|
The HR database is usually considered the __________ source for user identities because that is where it is first developed and properly maintained.
|
authoritative
|
|
There are three main access control models:
|
discretionary, mandatory, and nondiscretionary
|
|
____________ enables data owners to dictate what subjects have access to the files and resources they own.
|
Discretionary access control (DAC)
|
|
________ uses a security label system. Users have clearances, and resources have security labels that contain data classifications.
|
Mandatory access control (MAC)
|
|
________ access control uses a role-based method to determine access rights and permissions.
|
Nondiscretionary
|
|
________ access control is based on the user's role and responsibilities within the company.
|
Role-based
|
|
Three main types of __________ exist: menus and shells, database views, and physically constrained interfaces.
|
restricted interface measurements
|
|
_________ are bound to objects and indicate what subjects can use them.
|
Access control lists
|
|
A ________ table is bound to a subject and lists what objects it can access.
|
capability
|
|
Access control can be administered in two main ways: _________ and ___________.
|
centralized and decentralized
|
|
RADIUS, TACACS+, and Diameter are examples of _________ administration access control techniques.
|
centralized
|
|
A __________ administration example is a peer-to-peer working group.
|
decentralized
|
|
Security policy, personnel controls, supervisory structure, security-awareness training, and testing are examples of __________ controls.
|
administrative
|
|
Network segregation, perimeter security, computer controls, work area separation, data backups, and cable are examples of __________ controls.
|
physical
|
|
System access, network architecture, network access, encryption and protocols, and auditing are examples of __________ controls.
|
technical
|
|
__________ control mechanisms provide one or more of the following functionalities: preventative, detective, corrective, deterrent, recovery, or compensative.
|
access
|
|
For a subject to be able to access a resource, it must be identified, authenticated, and authorized, and should be _________ for its actions.
|
held accountable
|
|
_________ can be accomplished by biometrics, a password, a passphrase, a cognitive password, a one-time password, or a token.
|
Authentication
|
|
A __________ error in biometrics means the system rejected an authorized individual, and a _________ error means an imposter was authenticated.
|
Type 1, Type 2
|
|
A memory card cannot process information, but a _________ can.
|
smart card
|
|
Access controls should default to ___________ access.
|
no access
|
|
____________ and need-to-know principles limit users' rights to only what is needed to perform tasks of their job.
|
Least-privilege
|
|
____________ capabilities can be accomplished through Kerberos, SESAME, domains, and thin clients.
|
Single sign-on
|
|
___________ technology requires a user to be authenticated to the network only one time.
|
Single sign-on
|
|
In Kerberos, a user receives a ticket from the __________ so they can authenticate to a service.
|
KDC
|
|
The Kerberos user receives a __________, which allows him to request access to resources through the ticket granting service. The TGS generates a new ticket with the session keys.
|
ticket granting ticket (TGT)
|
|
Types of ___________ attacks include denial of service, spoofing, dictionary, brute force, and war dialing.
|
access control
|
|
____________ can track user activities, application events, and system events.
|
Audit logs
|
|
Keystroke monitoring is a type of _________ that tracks each keystroke made by a user.
|
auditing
|
|
Audit logs should be protected and regularly _________.
|
reviewed
|
|
Object __________ can unintentionally disclose information
|
reuse
|
|
Just removing pointers to files is not always enough protection for proper _________.
|
object reuse
|
|
Information can be obtained via electrical signals in airwaves. The ways to combat this type of intrusion are _________, white noise, and control zones.
|
TEMPEST
|
|
User __________ is accomplished by what someone knows, is, or has.
|
authentication
|
|
One-time password-generating token devices can use both _________ or __________ methods.
|
synchronous or asynchronous
|
|
Strong authentication requires two of the three user authentication attributes (what someone knows, is or ________).
|
has
|
|
Kerberos addresses privacy and ___________ but not availability.
|
integrity
|
|
The following are weaknesses of ___________: the KDC is a single point of failure; it is susceptible to password guessing; session and secret keys are locally stored; KDC needs to always be available; and there must be management of secret keys.
|
Kerberos
|
|
IDSs can be statistical (monitor behavior) or ___________ (watch for known attacks).
|
signature-based
|
|
_________ is a safeguard against disclosure of confidential information because it returns media back to its original state.
|
Degaussing
|
|
_________ is a type of social engineering with the goal of obtaining personal information, credentials, credit card numbers, or financial data.
|
Phishing
|