You are in the planning phase of designing a network for your organization. You want to implement an access control model where users are able to grant permissions to resources that they are the owner of. Which access control model should you implement?

DAC

(Discretionary Access Control)

   - least restrictive

   - two weaknesses

     *relies on end-user subject to set

         proper level of security

      *subject's permissions gets "inherited" by any  

        programs that the subject executs

What type of logical access control method allows you to define who can access an object and the type of access that they will have to that object?

Access Control List

What identifies two-factor authentication?

Fingerprint and passphrase

Describe two Job Rotation security principle?

- Prevent an employee from becoming

   irreplaceable

- Provide employee cross-training

In Kerberos authentication, an authenticator is passed over the network to prove that a session key was recently created and is confidential. By default, how long does this authenticator last?

5 minutes

Which authentication method uses a challenge and a response to authenticate the user over the network?

CHAP

(Challenge-Handshake Authentication Protocol)

- three-way handshake

What type of physical security device can you implement to counter piggybacking?

Man-trap

- security device that monitors & controls two interlocking doors to a small room (a vestibule) that separates a nonsecured area from a secured area.

Which access control model is based on a security labeling system?

Mandatory Access Control (MAC)

- most restrictive

- the end user cannont implement, modify,

  or transfer controls

You are the network administrator for an electrical engineering consulting firm. Your company's latest contract involves design work for a large manufacturer of entertainment simulators. Mitigation against corporate espionage from competitor companies is an important factor in the security requirements for this contract. The client wishes to maintain strict control over access to its proprietary designs. Which type of network security model would you deploy that makes use of both smart cards and passwords to provide multi-factor authentication?

EAP

(Extended Authentication Protocols)

- an "envelope" that can carry many kinds of exchange

   data used for authentication, such as a

   challenge/response and one-time passwords.

You need to provide a user with the ability to make changes to existing files and folders as well as create new files and folders within a specific folder. Which access control list (ACL) permission should you grant the user while following least privilege practices?

Write

You are the network administrator for your organization. You are implementing a new method of access control where users are assigned permissions to resources dependant on their role in the organization. Which access control model are you implementing?

RBAC

You need to ensure that more than one person is able to perform the tasks and responsibilities of a specific job. What should you use to accomplish this?

Job rotation

You are a network consultant. You are in the process of planning the security for a network that requires very high security. What access control model involves classifying each user and resource and assigning a security level to each classification?

MAC

(Mandatory Access Control)

What security device is used to monitor network traffic for illegal activities based on known attack-signatures?

NIDS

(Network Intrusion Detection System)

 - watches for attempts to penetrate a network

 - work on principle of comparing new behavior against

    normal or acceptable behavior

 - looks for suspicious patterns

What statement describes identification and authentication?

Identification is part of the authentication process.

You need to ensure that once users are authenticated with their username and password, they are able to access all the resources they need on the network. What authentication model should you implement?

Single sign-on

What type of access control is determined by configuring an access control list (ACL)?

Discretionary Access Control (DAC)

You are a security consultant for a large multimedia entertainment company. What physical access security model utilizes two sets of doors, such that the first set of doors must close before a second set opens?

Man-trap