Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 76-80
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 86-90
Next Topic/Section

Answers to Questions 81-85

81. Under role based access control, access rights are grouped by:

A. Sensitivity label

B. Role name

C. Rules

D. Policy name

Explanation: With role-based access control, access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. For example, within a hospital system the role of doctor can include operations to perform diagnosis, prescribe medication, and order laboratory tests; and the role of researcher can be limited to gathering anonymous clinical information for studies.

Rules specify the individual access control decision criteria, not groupings of anything. Policy names are typically given to sets of rules for access control and other security-related decisions. Sensitivity labels are used in Mandatory Access Control (MAC), rather than Role-based access control (RBAC).

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

82. Which of the following will you consider as a "role" under a role based access control system?

A. Bank teller

B. Bank computer

C. Bank network

D. Bank rules

Explanation: With role-based access control, access rights are grouped by role name, and the use of resources is restricted to individuals authorized to assume the associated role. For example, within a hospital system the role of doctor can include operations to perform diagnosis, prescribe medication, and order laboratory tests; and the role of researcher can be limited to gathering anonymous clinical information for studies.

Bank computer, network and rules are not job-related roles.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

83. The Lattice Based Access Control model was developed MAINLY to deal with:

A. Affinity

B. Integrity

C. Confidentiality

D. No Answer is Correct

Explanation: The Lattice Based Access Control model was developed to deal mainly with information flow in computer systems. Information flow is clearly central to confidentiality but to some extent it also applies to integrity. The basic work in this area was done around 1970 and was driven mostly by the defense sector. Information flow in computer systems is concerned with flow from one security class (also called security label) to another. These controls are applied to objects. An object is a container of information, and an object can be a directory or file. In summary, this is a model that deals with confidentiality and to limited extent integrity.

Integrity based access control is related to mandatory access control, but it is not the primary use of the Lattice Based Access Control model. Affinity is not primarily related to the Lattice Based Access Control model, and access control is not as concerned with integrity as it is with confidentiality.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

84. With the Lattice Based Access Control model, a security class is also called a:

A. Control factor

B. Security label

C. Mandatory number

D. Serial ID

Explanation: The Lattice Based Access Control model was developed to deal mainly with information flow in computer systems. Information flow is clearly central to confidentiality but to some extent it also applies to integrity. The basic work in this area was done around 1970 and was driven mostly by the defense sector. Information flow in computer systems is concerned with flow from one security class (also called security label) to another. Some possible security labels would be "secret", "top secret", etc. These controls are applied to objects. An object is a container of information; an object can be a directory or file.

& Section 1.1: Access Control

& Section 5.5.5: MAC/DAC/RBAC

 

85. What should you do to the user accounts as soon as employment is terminated?

A. Disable the user accounts and have the data kept for a specified period of time

B. Maintain the user accounts and have the data kept for a specified period of time

C. Disable the user accounts and erase immediately the data kept

D. No Answer is Correct

Explanation: A record of user logins with time and date stamps must be kept to ensure that any unauthorized access that occurs can be detected (although possibly after the fact). User accounts shall be disabled and data kept for a specified period of time as soon as employment is terminated. All users must log on to gain network access.

If the user account is maintained, then the terminated employee can potentially access the network via dial-up or the Internet, and gain access to company data and resources, so it is important that the account be disabled. It is a good idea to retain the former employee's data for a period of time, until you think it will no longer be needed by the company. Although normally public directories are provided for storing company documents spreadsheets, etc., it's fairly normal for much job-related data to end up in an employee's home directory as well.

& Section 5.4.1.9.1: Termination (HR Policy)


Previous Topic/Section
Answers to Questions 76-80
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 86-90
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.