Chapter 11 NSS

1.

1 point

__________ in access control means that if a condition is not explicitly met, then access is to be rejected.

Implicit deny

Prevention control

Explicit rejection

Denial of duties

2.

1 point

Which of these is a set of permissions that is attached to an object?

object modifier

Subject Access Entity (SAE)

access control list (ACL)

security entry designator

3.

1 point

How is the Security Assertion Markup Language (SAML) used?

It is an authenticator in IEEE 802.1x.

It allows secure web domains to exchange user authentication and authorization data.

It is no longer used because it has been replaced by LDAP.

It is a backup to a RADIUS server.

4.

1 point

A process functioning on behalf of the user who attempts to access a file is known as a(n) ________.

operation check

subject

resource

object

5.

1 point

A(n) ________ constructs LDAP statements based on user inputs in order to retrieve information from the database or modify its contents.

LDAP injection attack

modified Trojan attack

SQL/LDAP insert attack

RBASE plug-in attack

6.

1 point

What is the version of the X.500 standard that runs on a personal computer over TCP/IP?

Lite RDAP

LDAP

IEEE X.501

DAP

7.

1 point

In the Mandatory Access Control (MAC) model, every subject and object ________.

must be given a number from 200–900

is assigned a label

is restricted and cannot be accessed

can be changed by the owner

8.

1 point

With the development of IEEE 802.1x port security, the _______ authentication server has seen even greater usage.

RADIUS

DAP

RDAP

AAA

9.

1 point

A user entering her user name would correspond to the action in access
control.

authorization

authentication

identfication

access

10.

1 point

Which authentication protocol is available as a free download that runs on Microsoft Windows, Apple Mac OS X, and Linux?

LDAP

Kerberos

RADIUS

IEEE 802.1x

11.

1 point

What is the name given to the individual who periodically reviews security settings and maintains records of access by users?

custodian

supervisor

manager

owner

12.

1 point

Which of these is NOT part of the makeup of the AAA elements in network security?

auditing usage (accounting)

determining user need (analyzing)

controlling access to network resources (authentication)

enforcing security policies (authorization)

13.

1 point

A RADIUS authentication server requires that the _____ be authenticated first.

authenticator

user

authentication server

supplicant

14.

1 point

Which statement about Rule Based Access Control is true?

It dynamically assigns roles to subjects based on rules.

It is considered a real-world approach by linking a user’s job function with security.

It requires that a custodian set all rules.

It is considered obsolete today.

15.

1 point

The principle known as ________ in access control means that each user should be given only the minimal amount of privileges necessary for that person to perform his job function.

least privilege

deny all

mandatory limitations

enterprise security

16.

1 point

What is the current version of TACACS?

TACACS v5

TACACS+

XTACACS

TRACACS

17.

1 point

Which Microsoft Windows feature provides centralized management and configuration of computers and remote users who are using Active Directory?

Resource Allocation Entities

AD Management Services (ADMS)

Windows Register Settings

Group Policy

18.

1 point

What is the least restrictive access control model?

Mandatory Access Control (MAC)

Discretionary Access Control (DAC)

Rule Based Access Control (RBAC)

Role Based Access Control (RBAC)

19.

1 point

A(n) ________ is the person who is responsible for the information, determines the level of security needed for the data, and delegates security duties as required.

administrator

owner

end-user

custodian

20.

1 point

In the ________ model, the end-user cannot change any security settings.

Mandatory Access Control

Discretionary Access Control

Security Access Control

Restricted Access Control