Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CTAINASL_Week 11
| Question | Answer |
|---|---|
| True or False: Access control is mainly concerned with managing authorization and permissions to resources systems or information. | True. |
| True or False: Access control focuses only on authentication and does not involve permissions after identity is verified. | False. Access control manages and regulates authorization and permissions granted to individuals or entities to access resources systems or information. |
| True or False: The purpose of access control principles is to support confidentiality integrity and availability of sensitive information and resources. | True. |
| True or False: The principle of least privilege allows users to receive extra permissions in advance in case they need them later. | False. Least privilege means users should receive only the minimum privileges necessary to perform their authorized tasks. |
| True or False: Under least privilege access rights should be based on specific needs and responsibilities within an organization. | True. |
| True or False: Least privilege reduces unauthorized access accidental misuse and the impact of security breaches by limiting access to what is required. | True. |
| True or False: Need-to-know means a user may access confidential information as long as the user belongs to the organization. | False. Need-to-know requires access only when the information or resource is necessary for the person duties or responsibilities. |
| True or False: The need-to-know principle is based on legitimate business need rather than curiosity job title alone or general membership in a company. | True. |
| True or False: Need-to-know helps minimize unauthorized disclosure or misuse of sensitive data. | True. |
| True or False: Separation of duties gives one trusted person full control over a critical process to improve accountability. | False. Separation of duties divides critical tasks among multiple individuals to prevent one person from having complete control or authority over a process. |
| True or False: Separation of duties creates checks and balances that reduce the risk of fraud errors or malicious activity. | True. |
| True or False: A process where one employee can request approve and release payment without review violates separation of duties. | True. |
| True or False: Defense in depth means relying on one powerful security tool instead of several overlapping controls. | False. Defense in depth uses multiple layers of security controls such as technical physical and administrative controls. |
| True or False: Firewalls intrusion detection systems encryption access controls and employee training can all be part of defense in depth. | True. |
| True or False: In defense in depth if one security layer is breached the remaining layers may still provide protection. | True. |
| True or False: Access control models define how permissions are granted revoked and enforced. | True. |
| True or False: Access control models ignore user identity roles attributes and security policies. | False. Access control models may use user identity roles attributes and security policies to manage and enforce access. |
| True or False: Mandatory Access Control is a strict and centralized model commonly used in high-security environments. | True. |
| True or False: In Mandatory Access Control the resource owner has complete freedom to grant and revoke access to any user. | False. That describes Discretionary Access Control. In Mandatory Access Control access decisions are based on predefined rules and labels enforced by the system or security policies. |
| True or False: MAC commonly uses labels such as sensitivity levels and categories assigned to users and resources. | True. |
| True or False: In MAC labels may include classifications such as top secret secret confidential and categories such as finance HR or research. | True. |
| True or False: MAC policies are typically enforced by the operating system or security kernel rather than by ordinary users. | True. |
| True or False: Discretionary Access Control is flexible because the resource owner controls granting or revoking access to the resource. | True. |
| True or False: In DAC access control lists specify permissions for individual users or groups. | True. |
| True or False: DAC does not allow users to delegate access rights to others. | False. DAC allows users to delegate access rights but the final decision on access rests with the resource owner. |
| True or False: DAC is commonly used in desktop operating systems and file-sharing systems. | True. |
| True or False: Role-Based Access Control assigns permissions directly to every individual user as the main method of access management. | False. RBAC associates permissions with roles and users receive access through assigned roles. |
| True or False: RBAC simplifies access administration by grouping users with similar responsibilities into roles. | True. |
| True or False: In RBAC a user can be assigned one or more roles. | True. |
| True or False: RBAC is often useful in large enterprises and government institutions because of complex access control requirements. | True. |
| True or False: Attribute-Based Access Control is dynamic and fine-grained because it evaluates attributes of users resources and the environment. | True. |
| True or False: ABAC only considers a user role and does not evaluate resource or environmental attributes. | False. ABAC may evaluate user roles user attributes resource attributes and environmental factors such as time or location. |
| True or False: ABAC policies define conditions involving attributes to make access decisions. | True. |
| True or False: ABAC is commonly used in distributed systems cloud computing and web applications. | True. |
| True or False: Access control methods are mechanisms used to regulate access in computer networks physical facilities and digital systems. | True. |
| True or False: Access control methods are designed to allow access first and verify authorization later. | False. Access control methods are designed to ensure only authorized individuals or entities can access specific resources while preventing unauthorized access. |
| True or False: Passwords and passphrases are basic and widely used access control methods. | True. |
| True or False: A password is considered biometric authentication because it identifies a user through behavior or physical characteristics. | False. Passwords are secret character combinations. Biometrics use physical or behavioral characteristics such as fingerprints facial recognition or voice recognition. |
| True or False: Biometric authentication verifies identity using physical or behavioral characteristics of an individual. | True. |
| True or False: Fingerprints iris patterns retina patterns facial recognition and voice recognition are examples of biometric factors. | True. |
| True or False: Biometric systems compare captured biometric data against stored templates before granting access. | True. |
| True or False: Two-Factor Authentication and Multi-Factor Authentication require more than one form of authentication. | True. |
| True or False: A password plus a temporary code sent to a mobile device is an example of 2FA or MFA. | True. |
| True or False: MFA means logging in multiple times using the same password. | False. MFA requires multiple forms of authentication not repeated use of the same factor. |
| True or False: Single Sign-On allows users to authenticate once and access multiple systems or resources without reentering credentials. | True. |
| True or False: SSO removes all access control requirements because one login grants unlimited access to every system. | False. SSO simplifies access but still maintains control and security. |
| True or False: SSO can improve user convenience while still maintaining access control. | True. |
| True or False: A company that uses password login temporary mobile code role permissions and employee training is applying only one access control method. | False. This combines multiple methods and controls including authentication factors role-based permissions and administrative training. |
| True or False: A system using roles for job functions and attributes such as location time and clearance level is closer to ABAC than pure RBAC. | True. |
| True or False: A user who owns a folder and personally edits the access control list for that folder is an example of DAC. | True. |
| True or False: A classified military system where access depends on labels assigned to users and resources is more likely using MAC. | True. |
| True or False: A payroll system requiring one employee to create payroll and another employee to approve it demonstrates separation of duties. | True. |
Created by:
MamurMD