Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/15

Click to flip

15 Cards in this Set

  • Front
  • Back
QUESTION 1:

Which of the following is NOT a valid access control mechanism?

A. DAC (Discretionary Access Control) list.

B. SAC (Subjective Access Control) list.

C. MAC (Mandatory Access Control) list.

D. RBAC (Role Based Access Control) list.
Answer: B

Explanation:

The three basic access control mechanisms are: MAC (Mandatory Access Control), DAC (Discretionary Access Control) and RBAC (Role Based Access Control). There is no SAC (Subjective Access Control) list. Incorrect Answers:

C: The three basic access control mechanisms are: MAC (Mandatory Access Control), DAC (Discretionary Access Control) and RBAC (Role Based Access Control). MAC is based on predefined access privileges to a resource.

A: The three basic access control mechanisms are: MAC (Mandatory Access Control), DAC (Discretionary Access Control) and RBAC (Role Based Access Control). DAC is based on the owner of the resource allowing other users access to that resource.

D: The three basic access control mechanisms are: MAC (Mandatory Access Control), DAC (Discretionary Access Control) and RBAC (Role Based Access Control). RBAC is based on the role or responsibilities users have in the organization.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 2:

Which of the following best describes an access control mechanism in which access control decisions are based on the responsibilities that an individual user or process has in an organization?

A. MAC (Mandatory Access Control)

B. RBAC (Role Based Access Control)

C. DAC (Discretionary Access Control)

D. None of the above.
Answer: B

Explanation:

Access control using the RBAC model is based on the role or responsibilities users have in the organization. These usually reflect the organization's structure and can be implemented system wide. Incorrect Answers:

A: Access control using the MAC model is based on predefined access privileges to a resource. C: Access control using the DAC model is based on the owner of the resource allowing other users access to that resource.

D: Access control using the RBAC model is based on the role or responsibilities users have in the organization. References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 3:

Which of the following best describes an access control mechanism that allows the data owner to create and administer access control?

A. MACs (Mandatory Access Control)

B. RBACs (Role Based Access Control)

C. LBACs (List Based Access Control)

D. DACs (Discretionary Access Control)
Answer: D

Explanation:

The DAC model allows the owner of a resource to control access privileges to that resource. This model is dynamic in nature and allows the owner of the resource to grant or revoke access to individuals or groups of individuals.

Incorrect Answers:

A: Access control using the MAC model is based on predefined access privileges to a resource. B: Access control using the RBAC model is based on the role or responsibilities users have in the organization. C: Access control using the LBAC model is based on a list of users and the privileges they have been granted to an object. This list is usually created by the administrator.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10, 668.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 4:

Which of the following is an inherent flaw in the DAC (Discretionary Access Control) model?

A. DAC (Discretionary Access Control) relies only on the identity of the user or process, leaving room for a Trojan horse.

B. DAC (Discretionary Access Control) relies on certificates, allowing attackers to use those certificates.

C. DAC (Discretionary Access Control) does not rely on the identity of a user, allowing anyone to use an account.

D. DAC (Discretionary Access Control) has no known security flaws.
Answer: A

Explanation:

The DAC model is more flexible than the MAC model. It allows the owner of a resource to control access privileges to that resource. Thus, access control is entirely at the digression of the owner, as is the resource that is shared. In other words, there are no security checks to ensure that malicious code is not made available for sharing.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, p. 720.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 393.
QUESTION 5:

Which of the following access control methods provides the most granular access to protected objects?

A. Capabilities

B. Access control lists

C. Permission bits

D. Profiles
Answer: B

Explanation:

Access control lists enable devices in your network to ignore requests from specified users or systems, or grant certain network capabilities to them. ACLs allow a stronger set of access controls to be established in your network. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats.

References:

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp. 13, 216, 219
QUESTION 6:

You work as the security administrator at Certkiller .com. You set permissions on a file object in a network operating system which uses DAC (Discretionary Access Control). The ACL (Access Control List) of the file is as follows:

Owner: Read, Write, Execute User A: Read, Write, - User B: -, -, - (None) Sales: Read,-, - Marketing: -, Write, - Other Read, Write,

User "A" is the owner of the file. User "B" is a member of the Sales group. What effective permissions does User "B" have on the file?

A. User B has no permissions on the file.

B. User B has read permissions on the file.

C. User B has read- and write permissions on the file.

D. User B has read, write and execute permissions on the file.
Answer: A

Explanation:

ACLs have a list of users and their associated access that they have been granted to a resource such as a file. When a user attempts to access a resource the ACL is checked to see if the user has the required privileges, if the required privileges are not found, access is denied. In this ACL, User B does not have an associated access privilege to the resource. Therefore User B has no permissions on the resource and will not be able to access it. Incorrect Answers:

B, C, D: In this ACL, User B does not have an associated access privilege to the resource. Therefore User B has absolutely no permissions on the resource.

References:

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp. 13, 211 Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 9-10.
QUESTION 7:

You work as the security administrator at Certkiller .com. Certkiller has a RBAC (Role Based Access Control) compliant system for which you are planning the security implementation. There are three types of resources including files, printers, and mailboxes and four distinct departments with distinct functions including Sales, Marketing, Management, and Production in the system. Each department needs access to different resources. Each user has a workstation. Which roles should you create to support the RBAC (Role Based Access Control) model?

A. File, printer, and mailbox roles.

B. Sales, marketing, management, and production roles.

C. User and workstation roles.

D. Allow access and deny access roles.
Answer: B

Explanation:

Access control using the RBAC model is based on the role or responsibilities users have in the organization. These roles usually reflect the organization's structure, such as its division into different departments, each with its distinct role in the organization. Thus the RBAC model could be based on the different departments. Incorrect Answers:

A: The RBAC model is based on user roles, not on resource roles such as file, printer, and mailbox roles. These resource roles might not reflect the different departments' access requirements to them. C: The RBAC model is based on user roles, not on a division between users and machines. Grouping all users together does not differentiate between the different access requirements of different users based on the role that those users fulfill in the organization.

D: By implementing allow access and deny access roles, we would create only two options: access to all resources or no access. This does not differentiate between the different access requirements of different users based on the role that those users fulfill in the organization.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 8:

With regard to DAC (Discretionary Access Control), which of the following statements are true?

A. Files that don't have an owner CANNOT be modified.

B. The administrator of the system is an owner of each object.

C. The operating system is an owner of each object.

D. Each object has an owner, which has full control over the object.
Answer: D

Explanation:

The DAC model allows the owner of a resource to control access privileges to that resource. Thus, access control is entirely at the digression of the owner who has full control over the resource. Incorrect Answers:

A: Each file does have an owner, which is the user that created the file, or the user to whom the creator of the file has transferred ownership.

B: The creator of the resource is the owner of that resource, not the administrator. C: The creator of the resource is the owner of that resource, not the operating system. References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 9-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 9:

Which of the following are used to make access decisions in a MAC (Mandatory Access Control) environment?

A. Access control lists

B. Ownership

C. Group membership

D. Sensitivity labels
Answer: D

Explanation:

Mandatory Access Control is a strict hierarchical model usually associated with governments. All objects are given security labels known as sensitivity labels and are classified accordingly. Then all users are given specific security clearances as to what they are allowed to access.

Incorrect Answers:

A: DAC uses an Access Control List (ACL) that identifies the users who have been granted access to a resource.

B: DAC is based on the ownership of a resource. The owner of the resource controls access to that resource. C: RBAC is based on group membership, which would reflect both the role users fulfill in the organization and the structure of the organization.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-9.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 10:

Which of the following access control methods allows access control decisions to be based on security labels associated with each data item and each user?

A. MACs (Mandatory Access Control)

B. RBACs (Role Based Access Control)

C. LBACs (List Based Access Control)

D. DACs (Discretionary Access Control)
Answer: A

Explanation:

Mandatory Access Control is a strict hierarchical model usually associated with governments. All objects are given security labels known as sensitivity labels and are classified accordingly. Then all users are given specific security clearances as to what they are allowed to access.

Incorrect Answers:

A: RBAC is based on group membership, which would reflect both the role users fulfill in the organization and the structure of the organization.

C: LBAC is based on a list of users and the privileges they have been granted to an object. This list is usually created by the administrator.

D: DAC is based on the ownership of a resource. The owner of the resource controls access to that resource. References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 11:

Which of the following access control methods relies on user security clearance and data classification?

A. RBAC (Role Based Access Control).

B. NDAC (Non-Discretionary Access Control).

C. MAC (Mandatory Access Control).

D. DAC (Discretionary Access Control).
Answer: C

Explanation:

MAC is a strict hierarchical mode that is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data.

Incorrect Answers:

A: RBAC is based on the role users fulfill in the organization. B: There is no NDAC.

D: DAC is based on the ownership of a resource. The owner of the resource controls access to that resource. References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 12:

Which of the following is a characteristic of MAC (Mandatory Access Control)?

A. Uses levels of security to classify users and data.

B. Allows owners of documents to determine who has access to specific documents.

C. Uses access control lists which specify a list of authorized users.

D. Uses access control lists which specify a list of unauthorized users.
Answer: A

Explanation:

MAC is a strict hierarchical mode that is based on classifying data on importance and categorizing data by department. Users receive specific security clearances to access this data.

Incorrect Answers:

B: DAC is based on ownership of a resource. The owner of the resource controls access to that resource. C, D: DAC and LBAC use Access Control Lists (ACL) that identifies the users who have been granted access to a resource.

References:

Michael Cross, Norris L. Johnson, Jr. and Tony Piltzecker, Security+ Study Guide and DVD Training System, Rockland, MA, Syngress, 2002, pp. 8-10.

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, p. 13.
QUESTION 13:

Which of the following terms best represents a MAC (Mandatory Access Control) model?

A. Lattice

B. Bell La-Padula

C. BIBA

D. Clark and Wilson
Answer: A

Explanation:

The word lattice is used to describe the upper and lower bounds of a user's access permission. In other words, a user's access differs at different levels. It describes a hierarchical model that is based on classifying data on sensitivity and categorizing it at different levels. Users must have the correct level of security clearances to access the data. This is the system that MAC is based on.

Incorrect Answers:

B: TheBell La-Padula model prevents a user from accessing information that has a higher security rating than that which the user is authorized to access. It also prevents information from being written to a lower level of security. Thus this model is based on classification which is used in MAC. However, it is not the best answer. C: TheBIBA model is similar to the Bell La-Padula model but is more concerned with information integrity. D: TheClark and Wilson model prevents the direct access of data. Data can only be accessed through applications that have predefined capabilities. This prevents unauthorized modification, errors, and fraud from occurring. This does not describe MAC.

References:

Mike Pastore and Emmett Dulaney, Security+ Study Guide, 2nd Edition, Alameda, Sybex, 2004, pp. 455,267269.
QUESTION 14:

Which of the following password generators is based on challenge-response mechanisms?

A. asynchronous

B. synchronous

C. cryptographic keys

D. smart cards
Answer: B

Explanation:

An synchronous password generator, has an authentication server that generates a challenge (a large number or string) which is encrypted with the private key of the token device and has that token device's public key so it can verify authenticity of the request (which is independent from the time factor). That challenge can also include a has of transmitted data, so not only can the authentication be assured; but also the data integrity. Reference:

Todd Bill, The Security+ Training Guide, Que Publishing, Indianapolis, 2003, Part 1, Chapter 1
QUESTION 15:

Which of the following password management systems is designed to provide for a large number of users?

A. self service password resets

B. locally saved passwords

C. multiple access methods

D. synchronized passwords
Answer: A

Explanation:

A self service password reset is a system where if an individual user forgets their password, they can reset it on their own (usually by answering a secret question on a web prompt, then receiving a new temporary password on a pre-specified email address) without having to call the help desk. For a system with many users, this will significantly reduce the help desk call volume.

Incorrect answers:

B: Locally saved password management systems are not designed for large networks and large amounts of users.

C: A multi-factor system is when two or more access methods are included as part of the authentication process. This would be impractical with a large number of users.

D: Synchronized password would pose a serious threat for any amount of users. Reference:

Todd Bill, The Security+ Training Guide, Que Publishing, Indianapolis, 2003, Part 1, Chapter 2