CYSE 101 FINAL STUDY SET with COMPLETE SOLUTION | 275 Questions with 100% Correct Answers [BEST]
0 view 0 purchase
Course
CYSE 101
Institution
Western Governors University
What is access control? Correct Answer: A security technique that regulates who or what can view or use resources in a computing environment
It enables administrators to manage access at a more granular level
Authentication Correct Answer: Authentication is the step after identification
...
cyse 101 final study set with complete solution | 275 questions with 100 correct answers best
Written for
Western Governors University
CYSE 101
All documents for this subject (10)
Seller
Follow
Classroom
Reviews received
Content preview
CYSE 101 FINAL STUDY SET with COMPLETE SOLUTION |
275 Questions with 100% Correct Answers [BEST]
What is access control? Correct Answer: A security technique that regulates who or what can
view or use resources in a computing environment
It enables administrators to manage access at a more granular level
Authentication Correct Answer: Authentication is the step after identification
It is to determine whether the claim of the identity is true
Because access control is typically based on the identity of the user who requests access to a
resource, authentication is essential to effective security.
What is the role of authorization in access control? Correct Answer: Authorization is the step
after authentication.
Authorization allows us to specify where the party should be allowed or denied access.
What is the role of auditing in access control? Correct Answer: We perform audits to ensure that
compliance with applicable laws, policies, and other bodies of administrative control is being
accomplished as well as
detecting misuse. We may audit a variety of activities, including compliance with policy, proper
security architecture, configuration management, personal behavior of users, or other activities.
What are 4 different ways to authenticate a claim of identity? Correct Answer: What you know -
a password for an account
What you have - a door key, a smart card
Who you are - fingerprint
What you do - how you pronounce a passphrase
What is multi-factor authentication? Correct Answer: A method of computer access control in
which a user is only granted access after successfully presenting evidence to an authentication
mechanism
It decreases the probability of a false positive and increases the probability of a false negative
Mandatory Access Control (MAC) Correct Answer: A model of access control in which the
owner of
the resource does not get to decide who gets to access it, but instead access is decided by a group
or individual who has the authority to set access on resources.
Discretionary Access Control (DAC) Correct Answer: A model of access control based on
access
,being determined by the owner of the resource in question. The owner of the resource can decide
who does and does not have access, and exactly what access they are allowed to have.
Role-Based Access Control (RBAC) Correct Answer: A model of access control that, similar to
MAC, functions on access controls set by an authority responsible for doing so, rather than by
the owner of the resource. The difference between RBAC and MAC is
that access control in RBAC is based on the role the individual being granted access is
performing.
For example, if we have an employee whose only role is to enter data into a particular
application, through RBAC we would only allow the employee access to that application,
regardless of the sensitivity or lack of sensitivity of any other resource he might potentially
access.
How does a multi-level security (MLS) system work? Correct Answer: The application of a
computer system to process information with incompatible classifications (i.e., at different
security levels), permit access by users with different security clearances and needs-to-know, and
prevent users from obtaining access to information for which they lack authorization.
Classified information requires complex layers of control that far exceed basic clearance granting
and badge granting policies.
Why is it important to consider utilities? Correct Answer: Because they can provide temporary
power in case of a power outage occurs, preventing loss of data.
What are important issues to remember when disposing of computer equipment? Correct
Answer: Make sure the hard disk has to be wiped regardless of how it will be used in the future
to prevent data to be recovered.
Making sure someone is there to supervise proper destruction of equipment.
What is the role of the password in access control? Correct Answer: Used to gain access to the
server and is reusable over a period of time.
Can you give examples of common policy requirements for passwords? Correct Answer: Not
using same passwords at multiple sites.
Disabling passwords that are no longer valid or if employee is not working anymore.
Passwords must be stored as hashes.
Make them long and complex.
How do users sometimes misuse passwords? Correct Answer: Using someone else's to the
answer to reset a password
,Sharing passwords; makes auditing challenging.
Social engineering is calling a call center on someone else's behalf in order to gain unauthorized
access.
Can you give examples of physical devices used in access control? Correct Answer: Cameras
Locks on doors
What does "biometrics" mean literally? In the I.T. context? Correct Answer: Use of biological
measurements for authentication
Based on something you are or something you do
Can you give examples of common biometric technologies? Correct Answer: Fingerprinting
Iris recognition
What are two important parts of the biometric process that are never perfect? Correct Answer:
Promises to make reusable passwords obsolete
Requires an enrollment scan
The scanning process is not perfectly repeatable
False Acceptance Rate (FAR) Correct Answer: Occurs when we accept a user whom we should
actually have rejected.
This type of issue is also referred to as a false positive.
False Rejection rate (FRR) Correct Answer: Is the problem of rejecting a legitimate user when
we should have accepted him.
This type of issue is commonly known outside the world of biometrics as a false negative.
What are three different purposes for which biometric are commonly used? Correct Answer:
Replacing passwords
Ease of access
Verification
Identification
Watch lists
, What are ways in which a biometric process can fail? Correct Answer: When the system cannot
recognize the individual
Something is blocking the camera
What is a PKI? What are its components? What is its purpose? Correct Answer: Is public key
infrastructure and is where public key authentication is used with digital certificates.
How might an attacker compromise a PKI? Correct Answer: PKI needs a way to generate
public/private key.
If an impostor can deceive the provisioning authority, the system breaks down controlling the
giving of access credentials is the prime authentication issue.
How does the principle of least permissions relate to authorization? Correct Answer: Because it
performs similar duty it is an important concept promoting minimal user profile privileges not
giving too much permission to do his/her job.
What is federated identity management? Correct Answer: System in which two companies can
pass identity assertions to each other without allowing to access internal data.
What is the purpose of auditing? Correct Answer: One of the primary ways we can ensure
accountability through technical means is by ensuring that we have accurate records of who did
what and when they
did it.
Auditing provides us with the data with which we can implement accountability. If we do not
have the ability to assess our activities over a period of time, then we do not have the ability to
facilitate accountability on a large scale. Particularly in larger organizations, our capacity to audit
directly equates to our ability to hold anyone accountable for anything.
Federated Identity Management Correct Answer: An arrangement that can be made among
multiple enterprises that lets subscribers use the same identification data to obtain access to the
networks of all enterprises in the group
The means of linking a person's electronic identity and attributes, stored across multiple distinct
identity management systems. Related to single sign-on (SSO), in which a user's single
authentication ticket, or token, is trusted across multiple IT systems or organizations. SSO is a
subset of federated identity management as it relates to authentication.
Race Conditions Correct Answer: Occur when multiple processes or multiple threads within a
process control or share access to a particular resource, and the correct handling of that resource
depends on the proper ordering or timing of transactions.
HSPD-12 Correct Answer: Stands for Homeland Security Presidential Directive 12
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.