2013-03-21 19:54:58 UTC
A logical group of permissions that users need in order to complete a specific organizational task
A logical group of users that are required to complete a specific task
A mapping of which users are supposed to complete specific tasks
None of the above
S2-02: Regulating which resources a particular user can use is known as...?
access control.
user verification.
user validation.
user auditing.
S2-03: Which of the following is a commonly cited reason why Discretionary Access Control systems can be difficult to manage?
Individual users have no say in the granting or revocation of specific permissions, placing a tremendous burden on IT
Individual users have complete control over the granting and revocation of permissions, meaning that IT can be left out of the loop
Discretionary Access Control does not provide a way to grant specific permissions to specific users, meaning that permissions must be controlled through group policies
All of the above are reasons why Discretionary Access Control is hard to manage
S2-04: When a user attempts to log into a system, two things occur: identification and authentication. What happens during the authentication phase of a user attempting to log in to a system?
A. The user states their supposed identity
B. The system somehow infers the identity of the user
C. The system uses some means (password, fingerprint, etc.) to verify the unknown person's claim of identity
A & C
S2-05: True or False: Generally speaking, in a role based access control system, a role can only be assigned to a single user.
True False
S2-06: What is accountability?
Accountability is a formal practice that, when enforced properly, ensures the integrity of all assets in an organization
Accountability is a formal practice that allows administrators to regulate access to an object
Accountability allows the administrators to hold users responsible for their conduct by keeping track of the actions they take
Accountability is a formal practice that, when enforced properly, can prevent security breaches from occurring
S2-07: No write–down (users at a higher level of security writing information to a lower level of security) is a rule of the Bell–LaPadula model.
True False
S2-08: Microsoft Windows is traditionally thought of as using Discretionary Access Control (DAC), though it is possible to create "groups" in order to assign identical permissions to different users simultaneously. This could be used to model based access control.
S2-09: Which of the following is one of the five basic philosophies that govern the design of the Bell–LaPadula confidentiality model?
A security breach cannot occur if a user at a lower level of security reads information at a higher level of security
A security breach can occur if a user at a lower level of security writes information to a higher level of security
A security breach cannot occur if a user at a higher level of security writes information to a lower level of security
A security breach cannot occur if a user at a higher level of security reads information at a lower level of security
S2-10: Select all of the following which are rule(s) of the Biba Integrity model? Select all that apply.
Users at a higher level of integrity may not read information at a lower level of integrity
Users at a higher level of integrity may not write information at a lower level of integrity
Users at a lower level of integrity may not write information to a higher level of integrity
Users at a lower level of integrity may not read information at a higher level of integrity