


Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Notes on network security, encryption, and access control, covering topics such as authorization, physical vs. Logical access controls, security kernel databases, group membership policies, identification vs. Authentication, types of authentication, password best practices, synchronous vs. Asynchronous tokens, biometrics, single sign-on (sso), kerberos kdc servers, security controls, media disposal, dac vs. Non-discretionary access control, rule-based vs. Role-based access control, separation of duties, constrained user interfaces, bell-lapadula vs. Biba model, access control breaches, aaa servers, centralized vs. Decentralized access control, acceptable use policies, cloud services, and advantages/disadvantages of cloud services. It includes questions and answers that can be useful for studying these concepts.
Typology: Exams
1 / 4
This page cannot be seen from the preview
Don't miss anything!



Authorization - correct answers ✔✔Choose the access control component(s) that is/are part of policy definition. (Choose one or more. Deductions will be made for incorrect selections.) Physical access controls control access into buildings and locations, while logical access controls control access into computer systems or networks. - correct answers ✔✔What is the difference between physical access controls and logical access controls?
he security kernel's list of access rights rules. - correct answers ✔✔What is the security kernel database? In group membership policies, authoriziation is defined by what group(s) you're in. Authority-level policies are based on degrees of authority. - correct answers ✔✔What is the difference between group membership policies and authority-level policies? Identification is the method a subject uses to request access to a system or resource, while authentication is the process of verifying the requestor's claim. - correct answers ✔✔What is the difference between identification and authentication? Knowledge (something you know) Ownership (something you have) Characteristics (something you are--biometrics) Location (where you are) Action (something you do or how you do it). - correct answers ✔✔List the five types of authentication. Never share your passwords with anyone, it should be kept private. - correct answers ✔✔List one password best practice. A synchronous token uses an algorithm that calculates a number at both the authentication server and the device. An asynchronous token uses challenge-response technology to authenticate. - correct answers ✔✔What is the difference between a synchronous token and an asynchronous token? Accuracy, acceptability (including privacy issues), and reaction time - correct answers ✔✔List three primary concerns with biometrics Fingerprint, palm print, hand geometry, retina scan, iris scan, facial recognition, voice pattern, keystroke dynamics, signature dynamics. - correct answers ✔✔List three types of biometrics. Allows users to sign onto a computer or network once, and have their identification and authorization allow them into all computers or systems where they are authorized. - correct answers ✔✔Describe Single Sign-On (SSO). An SSO I use regularly is google. I sign into my google account and I'm able to access gmail, google drive, and youtube. - correct answers ✔✔List one SSO that you use regularly. Confirms a user through a pre-exchanged secret key based on the user's password, then uses the key to encrypt further dialog. - correct answers ✔✔A Kerberos KDC server serves as the authentication server (AS). What does the AS do?
Eavesdropping by observation - correct answers ✔✔List two ways that access controls can be compromised. RADIUS DIAMETER SAML (Security Assertion Markup Language) - correct answers ✔✔List three leading types of AAA servers. Centralized access control is managed by a single common entity. With decentralized access control, access control decisions and administration are handled locally. - correct answers ✔✔What is the difference between centralized access control and decentralized access control? Acceptable use policies (AUP) and logon banners - correct answers ✔✔List two common methods for warning users that they may be monitored Community (provided for several organziations) Public (unrelated organizations, generally for public use) Hybrid (components from more than one of the above) - correct answers ✔✔A private cloud is operated for a single organization, either by the organization itself or by a third- party provider. List and briefly describe the other three categories of cloud services. Platform as a Service (PaaS--machine and OS provided and managed by CSP, user installs and runs software) and Software as a Service (SaaS--machine, OS, and software provided and managed by CSP, user simply connects to server and uses the software) - correct answers ✔✔Infrastructure as a Service (IaaS) provides a machine, but the user has to install the OS and manage the machine. List and briefly describe two other common cloud services. No need to maintain data center. - correct answers ✔✔List one advantage of cloud services. Greater difficulty in keeping private data secure. - correct answers ✔✔List one disadvantage of cloud services.