Which access control method is user directed

Each group has individual file permissions and each user is assigned to groups based on their work role. RBAC assigns access based on roles. This is different from groups since users can belong to multiple groups but should only be assigned to one role.

Example roles are: accountants, developer, among others. An accountant would only gain access to resources that an accountant would need on the system. This requires the organization to constantly review the role definitions and have a process to modify roles to segregate duties.

If not, role creep can occur. Considered the strictest of all levels of access control systems. The design and implementation of MAC is commonly used by the government.

Under a MAC environment, access to resource objects is controlled by the settings defined by a system administrator. This means access to resource objects is controlled by the operating system based on what the system administrator configured in the settings. It is not possible for users to change access control of a resource. Each user account is also assigned classification and category properties. This system provides users access to an object if both properties match.

If a user has high classification but is not part of the category of the object, then the user cannot access the object. MAC is the most secure access control but requires a considerable amount of planning and requires a high system management due to the constant updating of objects and account labels. The IL represented the level of trust the object would have. Subjects were assigned an IL level, which was assigned to their access token.

Periodic Table. Physical Science. Plant Science. Science Class. American Literature. British Literature. Classic Novels. Creative Writing. English Grammar. Higher English. Medieval literature. Proverbs and Idioms.

Vocab Builder. Criminal Justice. Political Science. Religion and Bible. Social Studies. Social Work. Linear Algebra. Multiplication Tables. Statistical Methods. Body Systems. Medical Exams. Medical Subspecialties. Medical Terminology. Misc Healthcare Topics. Nursing Subspecialties. Other Healthcare Fields. Home Economics. Interior Design. Landscape Architecture. Massage Therapy. Pest Control. Australian Law.

Business Law. California Bar Exam. Civil Procedure. Constitutional Law. Contract Law. Corporate Law. Criminal Law. Florida Bar Exam. Insurance Law. Intellectual Property. International Law. Legal Studies. Pharmacy Law.

Property Law. Real Estate Law. Texas Bar Exam. Alternative Medicine. Health Class. Health Science. Human Development. Mental Health. Public Health. ACE Health Coach. Real Estate. Computer Programming. Computer Science. Graphic Design. Information Security. Information Technology. Management Information Systems. Culinary Arts. Art History. Other Fine Arts. Cultural Literacy. Knowledge Rehab. National Capitals. People You Should Know. Sports Trivia. Loading flashcards Which of the following statements correctly describes biometric methods?

They are the least expensive and provide the most protection. They are the most expensive and provide the least protection. They are the least expensive and provide the least protection. They are the most expensive and provide the most protection.

Compared with the other available authentication mechanisms, biometric methods provide the highest level of protection and are the most expensive. Which of the following statements correctly describes passwords? They are the least expensive and most secure.

They are the most expensive and least secure. They are the least expensive and least secure. They are the most expensive and most secure. Passwords provide the least amount of protection, but are the cheapest because they do not require extra readers as with smart cards and memory cards , do not require devices as do biometrics , and do not require a lot of overhead in processing as in cryptography.

Passwords are the most common type of authentication method used today. This protocol is not used; cryptography is used. An authentication service generates a challenge, and the smart token generates a response based on the challenge. The token challenges the user for a username and password. The authentication service sends the user a challenge value, which the user enters into the token.

The token encrypts or hashes this value, and the user uses this as her one-time password. Which access control method is considered user-directed? Nondiscretionary B. Mandatory C. Identity-based D. The DAC model allows users, or data owners, the discretion of letting other users access their resources. Which item is not part of a Kerberos authentication implementation? Message authentication code B.

Ticket granting service C. Authentication service D. Users, programs, and services. Message authentication code MAC is a cryptographic function and is not a key component of Kerberos.

Kerberos is made up of a KDC, a realm of principals users, services, applications, and devices , an authentication service, tickets, and a ticket granting service. If a company has a high turnover rate, which access control structure is best?

Role-based B. Decentralized C. Rule-based D. It is easier on the administrator if she only has to create one role, assign all of the necessary rights and permissions to that role, and plug a user into that role when needed. Otherwise, she would need to assign and extract permissions and rights on all systems as each individual came and left the company.

A user authenticating to a system and the system authenticating to the user B. A user authenticating to two systems at the same time C. A user authenticating to a server and then to a process D. A user authenticating, receiving a ticket, and then authenticating to a service.

Mutual authentication means it is happening in both directions. Instead of just the user having to authenticate to the server, the server also must authenticate to the user. In discretionary access control security, who has delegation authority to grant access to data? User B. Security officer C. Security policy D. This question may seem a little confusing if you were stuck between user and owner. Only the data owner can decide who can access the resources she owns.

She may be a user and she may not. A user is not necessarily the owner of the resource. Only the actual owner of the resource can dictate what subjects can actually access the resource. Which could be considered a single point of failure within a single sign-on implementation? Authentication server B. Logon credentials D. In a single sign-on technology, all users are authenticating to one source. If that source goes down, authentication requests cannot be processed.

What role does biometrics play in access control? Authorization B. Authenticity C. Authentication D. In some cases, biometrics can be used for identification, but that was not listed as an answer choice. What determines if an organization is going to operate under a discretionary, mandatory, or nondiscretionary access control model? Administrator B. Security policy C. Culture D. Security levels. The security policy sets the tone for the whole security program.

It dictates the level of risk that management and the company are willing to accept. This in turn dictates the type of controls and mechanisms to put in place to ensure this level of risk is not exceeded. Which of the following best describes what role-based access control offers companies in reducing administrative burdens?

It allows entities closer to the resources to make decisions about who can and cannot access resources. It provides a centralized approach for access control, which frees up department managers. User membership in roles can be easily revoked and new ones established as job assignments dictate.

It enforces enterprise-wide security policies, standards, and guidelines. An administrator does not need to revoke and reassign permissions to individual users as they change jobs. Instead, the administrator assigns permissions and rights to a role, and users are plugged into those roles. Which of the following is the best description of directories that are used in identity management technology?

Most are hierarchical and follow the X. Most have a flat architecture and follow the X.