Chapter 4 Access Control
自主访问控制模型(Discretionary Access Control Model, DAC Model)
自主访问控制模型是根据自主访问控制策略建立的一种模型,允许合法用户以用户或用户组的身份访 问策略规定的客体,同时阻止非授权用户访问客体,某些用户还可以自主地把自己所拥有的客体的访问权限授予其他用户。自主访问控制又称为任意访问控制。 Linux, Unix, Windows NT或是SERVER版本的操作系统都提供自主访问控制的功能。在实现上,首先要对用户的身份进行鉴别,然后就可以按照访问控制列表所赋予用户的权限,允 许和限制用户使用客体的资源。主体控制权限的修改通常由特权用户(管理员)或是特权用户组实现。
任意访问控制对用户提供的这种灵活的数据访问方式,使得DAC广泛应用在商业和工业环境中;由 于用户可以任意传递权限,那么,没有访问文件(File1)权限的用户A就能够从有访问权限的用户B那里得到访问权限或是直接获得文件;可见,DAC模型 提供的安全防护还是相对比较低的,不能给系统提供充分的数据保护。
自主访问控制模型的特点是授权的实施主体(可以授权的主体、管理授权的客体、授权组)自主负责赋予和回收其他主体对客体资源的访问权限。DAC模型一般采用访问控制矩阵和访问控制列表来存放不同主体的访问控制信息,从而达到对主体访问权限限制的目的。
Kerberos:网络认证协议
(Kerberos: Network Authentication Protocol)
Kerberos这一名词来源于希腊神话“三个头的狗——地狱之门守护者”
Kerberos 是一种网络认证协议,其设计目标是通过密钥系统为客户机 / 服务器应用程序提供强大的认证服务。该认证过程的实现不依赖于主机操作系统的认证,无需基于主机地址的信任,不要求网络上所有主机的物理安全,并假定网络 上传送的数据包可以被任意地读取、修改和插入数据。在以上情况下, Kerberos 作为一种可信任的第三方认证服务,是通过传统的密码技术(如:共享密钥)执行认证服务的。
认证过程具体如下:客户机向认证服务器(AS)发送请求,要求得到某服务器的证书,然后 AS 的响应包含这些用客户端密钥加密的证书。证书的构成为: 1) 服务器 “ticket” ; 2) 一个临时加密密钥(又称为会话密钥 “session key”) 。客户机将 ticket (包括用服务器密钥加密的客户机身份和一份会话密钥的拷贝)传送到服务器上。会话密钥可以(现已经由客户机和服务器共享)用来认证客户机或认证服务器,也 可用来为通信双方以后的通讯提供加密服务,或通过交换独立子会话密钥为通信双方提供进一步的通信加密服务。
上述认证交换过程需要只读方式访问 Kerberos 数据库。但有时,数据库中的记录必须进行修改,如添加新的规则或改变规则密钥时。修改过程通过客户机和第三方 Kerberos 服务器(Kerberos 管理器 KADM)间的协议完成。有关管理协议在此不作介绍。另外也有一种协议用于维护多份 Kerberos 数据库的拷贝,这可以认为是执行过程中的细节问题,并且会不断改变以适应各种不同数据库技术。
1. Which of the following statements correctly describes biometric methods?
A. They are the least expensive and provide the most protection.
B. They are the most expensive and provide the least protection.
C. They are the least expensive and provide the least protection.
D. They are the most expensive and provide the most protection.
2. What is derived from a passphrase?
A. Personal password
B. Virtual password
C. User ID
D. Valid password
3. Which of the following statements correctly describes passwords?
A. They are the least expensive and most secure.
B. They are the most expensive and least secure.
C. They are the least expensive and least secure.
D. They are the most expensive and most secure.
4. What is the reason for enforcing the separation of duties?
A. No one person can complete all the steps of a critical activity.
B. It induces an atmosphere for collusion.
C. It increases dependence on individuals.
D. It makes critical tasks easier to accomplish.
5. Which of the following is not a logical access control?
A. Encryption
B. Network architecture
C. ID badge
D. Access control matrix
6. An access control model should be applied in a _______________ manner.
A. Detective
B. Recovery
C. Corrective
D. Preventive
7. Which access control policy is enforced when an environment uses a
nondiscretionary model?
A. Rule-based
B. Role-based
C. Identity-based
D. Mandatory
8. How is a challenge/response protocol utilized with token device
implementations?
A. This protocol is not used; cryptography is used.
B. An authentication service generates a challenge, and the smart token
generates a response based on the challenge.
C. The token challenges the user for a username and password.
D. The token challenges the user’s password against a database of stored
credentials.
9. Which access control method is user-directed?
A. Nondiscretionary
B. Mandatory
C. Identity-based
D. Discretionary
10. Which provides the best authentication?
A. What a person knows
B. What a person is
C. What a person has
D. What a person has and knows
11. Which item is not part of a Kerberos authentication implementation?
A. Message authentication code
B. Ticket granting service
C. Authentication service
D. Users, programs, and services
12. Which model implements access control matrices to control how subjects
interact with objects?
A. Mandatory
B. Centralized
C. Decentralized
D. Discretionary
13. What does authentication mean?
A. Registering a user
B. Identifying a user
C. Validating a user
D. Authorizing a user
14. If a company has a high turnover rate, which access control structure is best?
A. Role-based
B. Decentralized
C. Rule-based
D. Discretionary
15. A password is mainly used for what function?
A. Identity
B. Registration
C. Authentication
D. Authorization
16. The process of mutual authentication involves _______________.
A. A user authenticating to a system and the system authenticating to the user
B. A user authenticating to two systems at the same time
C. A user authenticating to a server and then to a process
D. A user authenticating, receiving a ticket, and then authenticating to a service
17. Reviewing audit logs is an example of which security function?
A. Preventive
B. Detective
C. Deterrence
D. Corrective
18. In discretionary access control security, who has delegation authority to grant
access to data?
A. User
B. Security office
C. Security policy
D. Owner
19. Which could be considered a single point of failure within a single sign-on
implementation?
A. Authentication server
B. User’s workstation
C. Logon credentials
D. RADIUS
20. What role does biometrics play in access control?
A. Authorization
B. Authenticity
C. Authentication
D. Accountability
21. What determines if an organization is going to operate under a discretionary,
mandatory, or nondiscretionary access control model?
A. Administrator
B. Security policy
C. Culture
D. Security levels
22. What type of attack attempts all possible solutions?
A. Dictionary
B. Brute force
C. Man-in-the-middle
D. Spoofing
23. Spoofing can be described as which of the following?
A. Eavesdropping on a communication link
B. Working through a list of words
C. Session hijacking
D. Pretending to be someone or something else
24. Which of the following is not an advantage of a centralized access control
administration?
A. Flexibility
B. Standardization
C. A higher level of security
D. No need for different interpretations of a necessary security level
25. Which of the following best describes what role-based access control offers
companies in reducing administrative burdens?
A. It allows entities closer to the resources to make decisions about who can
and cannot access resources.
B. It provides a centralized approach for access control, which frees up
department managers.
C. User membership in roles can be easily revoked and new ones established
as job assignments dictate.
D. It enforces enterprise-wide security policies, standards, and guidelines.
Answers
1. D. Compared to the other available authentication mechanisms, biometric
methods provide the highest level of protection and are the most expensive.
2. B. Most systems do not use the actual passphrase or password the user enters.
Instead, they put this value through some type of encryption or hashing
function to come up with another format of that value, referred to as a virtual
password.
3. C. Passwords provide the least amount of protection, but are the cheapest
because they do not require extra readers (as with smart cards and memory
cards), do not require devices (as do biometrics), and do not require a lot of
overhead in processing (as in cryptography). Passwords are the most common
type of authentication method used today.
4. A. Separation of duties is put into place to ensure one entity cannot carry
out a task that could be damaging or risky to the company. It requires two or
more people to come together to do their individual tasks to accomplish the
overall task. If a person wanted to commit fraud and separation of duties was
in place, they would need to participate in collusion.
5. C. A logical control is the same thing as a technical control. All of the answers
were logical in nature except an ID badge. Badges are used for physical
security and are considered physical controls.
6. D. The best approach to security is to try to prevent bad things from occurring
by putting the necessary controls and mechanisms in place. Detective controls
should also be implemented, but a security model should not work from a
purely detective approach.
7. B. Roles work as containers for users. The administrator or security professional
creates the roles and assigns rights to them and then assigns users to the
container. The users then inherit the permissions and rights from the
containers (roles), which is how implicit permissions are obtained.
8. B. An asynchronous token device is based on challenge/response mechanisms.
The authentication service sends the user a challenge value, which the user
enters into the token. The token encrypts or hashes this value, and the user
uses this as her one-time password.
9. D. The DAC model allows users, or data owners, the discretion of letting other
users access their resources. DAC is implemented by ACLs, which the data
owner can configure.
10. D. This is considered a strong authentication approach because it is two factor—
it uses two out of the possible three authentication techniques
(something a person knows, is, or has).
11. A. Message authentication code (MAC) is a cryptographic function and is
not a key component of Kerberos. Kerberos is made up of a KDC, a realm
of principals (users, services, applications, and devices), an authentication
service, tickets, and a ticket granting service.
12. D. DAC is implemented and enforced through the use of access control
lists (ACLs), which are held in a matrix. MAC is implemented and enforced
through the use of security labels.
13. C. Authentication means to validate the identity of a user. In most systems,
the user must submit some type of public information (username, account
number) and a second credential to prove this identity. The second piece of
the credential set is private and should not be shared.
14. A. It is easier on the administrator if she only has to create one role, assign all of
the necessary rights and permissions to that role, and plug a user into that role
when needed. Otherwise, she would need to assign and extract permissions and
rights on all systems as each individual came and left the company.
15. C. As stated in a previous question, passwords are the most common
authentication mechanism used today. They are used to validate a user’s identity.
16. A. Mutual authentication means it is happening in both directions. Instead
of just the user having to authenticate to the server, the server also must
authenticate to the user.
17. B. Reviewing audit logs takes place after the fact, after some type of incident
happens. It is detective in nature because the security professional is trying
to figure out what exactly happened, how to correct it, and possibly who is
responsible.
18. D. This question may seem a little confusing if you were stuck between user
and owner. Only the data owner can decide who can access the resources
she owns. She may be a user and she may not. A user is not necessarily the
owner of the resource. Only the actual owner of the resource can dictate what
subjects can actually access the resource.
19. A. In a single sign-on technology, all users are authenticating to one source. If
that source goes down, authentication requests cannot be processed.
20. C. Biometrics is a technology that validates an individual’s identity by reading
a physical attribute. In some cases, biometrics can be used for identification,
but that was not listed as an answer choice.
21. B. The security policy sets the tone for the whole security program. It dictates
the level of risk that management and the company are willing to accept. This
in turn dictates the type of controls and mechanisms to put in place to ensure
this level of risk is not exceeded.
22. B. A brute force attack tries a combination of values in an attempt to discover
the correct sequence that represents the captured password or whatever the
goal of the task is. It is an exhaustive attack, meaning the attacker will try over
and over again until she is successful.
23. D. Spoofing is the process of pretending to be another person or process with
the goal of obtaining unauthorized access. Spoofing is usually done by using a
bogus IP address, but it could be done by using someone else’s authentication
credentials.
24. A. A centralized approach does not provide as much flexibility as decentralized
access control administration, because one entity is making all the decisions
instead of several entities that are closer to the resources. A centralized
approach is more structured in nature, which means there is less flexibility.
25. C. An administrator does not need to revoke and reassign permissions to
individual users as they change jobs. Instead, the administrator assigns
permissions and rights to a role, and users are plugged into those roles.
51
Sample Questions
1. The goals of integrity do NOT include
A. Accountability of responsible
individuals
B. Prevention of the modification
of information by unauthorized
users
C. Prevention of the unauthorized
or unintentional modification of
information by authorized
users
D. Preservation of internal and
external consistency
2. Kerberos is an authentication scheme that can
be used to implement
A. Public key cryptography
B. Digital signatures
C. Hash functions
D. Single Sign-On
3. The fundamental entity in a relational database
is the
A. Domain
B. Relation
C. Pointer
D. Cost
4. In a relational database, security is provided to
the access of data through
A. Candidate keys
B. Views
C. Joins
D. Attributes
5. In biometrics, a “one-to-one” search to verify
an individual’s claim of an identity is called
A. Audit trail review
B. Authentication
C. Accountability
D. Aggregation
6. Biometrics is used for identification in the
physical controls and for authentication in the
A. Detective controls
B. Preventive controls
C. Logical controls
D. Corrective controls
7. Referential Integrity requires that for any
foreign key attribute, the referenced relation
must have
A. A tuple with the same value for
its primary key
B. A tuple with the same value for
its secondary key
C. An attribute with the same
value for its secondary key
D. An attribute with the same
value for its other foreign key
8. A password that is the same for each log-on is
called a
A. Dynamic password
B. Static password
C. Passphrase
D. One-time pad
9. The number of times a password should be
changed is NOT a function of
A. The criticality of the
information to be protected
B. The frequency of the
password’s use
C. The responsibilities and
clearance of the user
D. The type of workstation used
10. The description of a relational database is
called the
A. Attribute
B. Record
C. Schema
D. Domain
11. A statistical anomaly-based intrusion detection
system
A. Acquires data to establish a
normal system operating
profile
B. Refers to a database of known
attack signatures
C. Will detect an attack that does
not significantly change the
system’s operating
characteristics
D. Does not report an event that
caused a momentary anomaly
in the system
12. Intrusion detection systems can be all of the
following types EXCEPT
A. Signature-based
B. Statistical anomaly-based
C. Network-based
D. Defined-based
13. In a relational data base system, a primary key
is chosen from a set of
A. Foreign keys
B. Secondary keys
C. Candidate keys
D. Cryptographic keys
14. A standard data manipulation and relational
database definition language is
A. OOD
B. SQL
C. SLL
D. Script
15. An attack that can be perpetrated against a
remote user’s callback access control is
A. Call forwarding
B. A Trojan horse
C. A maintenance hook
D. Redialing
16. The definition of CHAP is
A. Confidential Hash
Authentication Protocol
B. Challenge Handshake
Authentication Protocol
C. Challenge Handshake
Approval Protocol
D. Confidential Handshake
Approval Protocol
17. Using symmetric key cryptography, Kerberos
authenticates clients to other entities on a
network and facilitates communications
through the assignment of
A. Public keys
B. Session keys
C. Passwords
D. Tokens
18. Three things that must be considered for the
planning and implementation of access control
mechanisms are
A. Threats, assets, and objectives
B. Threats, vulnerabilities, and
risks
C. Vulnerabilities, secret keys,
and exposures
D. Exposures, threats, and
countermeasures
19. In mandatory access control, the authorization
of a subject to have access to an object is
dependent upon
A. Labels
B. Roles
C. Tasks
D. Identity
20. The type of access control that is used in local,
dynamic situations where subjects have the
ability to specify what resources certain users
may access is called
A. Mandatory access control
B. Rule-based access control
C. Sensitivity-based access
control
D. Discretionary access control
21. Role-based access control is useful when
A. Access must be determined by
the labels on the data
B. There are frequent personnel
changes in an organization
C. Rules are needed to determine
clearances
D. Security clearances must be
used
22. Clipping levels are used to
A. Limit the number of letters in a
password
B. Set thresholds for voltage
variations
C. Reduce the amount of data to
be evaluated in audit logs
D. Limit errors in callback
systems
23. Identification is
A. A user being authenticated by
the system
B. A user providing a password to
the system
C. A user providing a shared
secret to the system
D. A user professing an identity to
the system
24. Authentication is
A. The verification that the
claimed identity is valid
B. The presentation of a user’s ID
to the system
C. Not accomplished through the
use of a password
D. Only applied to remote users
25. An example of two-factor authentication is
A. A password and an ID
B. An ID and a PIN
C. A PIN and an ATM card
D. A fingerprint
26. In biometrics, a good measure of performance
of a system is the
A. False detection
B. Crossover Error Rate (CER)
C. Positive acceptance rate
D. Sensitivity
27. In finger scan technology,
A. The full fingerprint is stored.
B. Features extracted from the
fingerprint are stored.
C. More storage is required than
in fingerprint technology.
D. The technology is applicable to
large one-to-many database
searches.
28. An acceptable biometric throughput rate is
A. One subject per two minutes
B. Two subjects per minute
C. Ten subjects per minute
D. Five subjects per minute
29. In a relational database, the domain of a
relation is the set of allowable values
A. That an attribute can take
B. That tuples can take
C. That a record can take
D. Of the primary key
30. Object-Oriented Database (OODB) systems:
A. Are ideally suited for text-only
information
B. Require minimal learning time
for programmers
C. Are useful in storing and
manipulating complex data
such as images and graphics
D. Consume minimal system
resources
Answers
1. Answer: a). Accountability is holding individuals responsible for
their actions. Answers b, c and d are the three goals of
integrity.
2. Answer: d). Kerberos is a third-party authentication protocol
that can be used to implement single sign-on. Answer a is
incorrect since public key cryptography is not used in the basic
Kerberos protocol. Answer b is a public key-based capability,
and answer c is a one-way transformation used to disguise
passwords or to implement digital signatures.
3. Answer: b). The fundamental entity in a relational database is
the relation in the form of a table. Answer a is the set of
allowable attribute values and answers c a nd d are distractors.
4. Answer: b). Answer a, candidate keys, are the set of unique
keys from which the primary key is selected. Answer c, Joins,
are operations that can be performed on the database, and the
attributes (d) denote the columns in the relational table.
5. Answer: b). Answer a is a review of audit system data, usually
done after the fact. Answer c is holding individuals responsible
for their actions, and answer d is obtaining higher sensitivity
information from a number of pieces of information of lower
sensitivity.
6. Answer: c). The other answers are different categories of
controls where preventive controls attempt to eliminate or
reduce vulnerabilities before an attack occurs; detective
controls attempt to determine that an attack is taking place or
has taken place; and corrective controls involve taking action
to restore the system to normal operation after a successful
attack.
7. Answer: a). Answers b and c are incorrect since a secondary
key is not a valid term. Answer d is a distractor since referential
integrity has a foreign key referring to a primary key in another
relation.
8. Answer: b). In answer a, the password changes at each logon.
For answer c, a passphrase is a long word or phrase that is
converted by the system to a password. In answer d, a onetime
pad refers to a using a random key only once when
sending a cryptographic message.
9. Answer: d). The type of workstation used as the platform is not
the determining factor. Items a, b and c are determining
factors.
10. Answer: c). The other answers are portions of a relation or
table.
11. Answer: a). A statistical anomaly-based intrusion detection
system acquires data to establish a normal system operating
profile. Answer b is incorrect since it is used in signature-based
intrusion detection. Answer c is incorrect since a statistical
anomaly-based intrusion detection system will not detect an
attack that does not significantly change the system operating
characteristics. Similarly, answer d is incorrect since the
statistical anomaly-based IDS is susceptible to reporting an
event that caused a momentary anomaly in the system.
12. Answer: d). All the other answers are types of IDS.
13. Answer: c). Candidate keys by definition. Answer a is incorrect
since a foreign key in one table refers to a primary key in
another. Answer b is a made-up distractor and answer d refers
to keys used in encipherment and decipherment.
14. Answer: b). All other answers do not apply.
15. Answer: a). A cracker can have a person’s call forwarded to
another number to foil the call back system. Answer b is
incorrect since it is an example of malicious code embedded in
useful code. Answer c is incorrect since it might enable
bypassing controls of a system through means used for
debugging or maintenance. Answer d is incorrect since it is a
distractor.
16. Answer: b).
17. Answer: b). Session keys are temporary keys assigned by the
KDC and used for an allotted period of time as the secret key
between two entities. Answer a is incorrect since it refers to
asymmetric encryption that is not used in the basic Kerberos
protocol. Answer c is incorrect since it is not a key, and answer
d is incorrect since a token generates dynamic passwords.
18. Answer: b). Threats define the possible source of security
policy violations, vulnerabilities describe weaknesses in the
system that might be exploited by the threats, and the risk
determines the probability of threats being realized. All three
items must be present to meaningfully apply access control.
Therefore, the other answers are incorrect.
19. Answer: a). Mandatory access controls use labels to determine
if subjects can have access to objects, depending on the
subjects’ clearances. Answer b, roles, is applied in nondiscretionary
access control as is answer c, tasks. Answer d,
identity, is used in discretionary access control.
20. Answer: d). Answers a and b require strict adherence to labels
and clearances. Answer c is a made-up distractor.
21. Answer: b). Role-based access control is part of nondiscretionary
access control. Answers a, c and d relate to
mandatory access control.
22. Answer: c). Reducing the amount of data to be evaluated, by
definition. Answer a is incorrect since clipping levels do not
relate to letters in a password. Answer b is incorrect since
clipping levels in this context have nothing to do with
controlling voltage levels. Answer d is incorrect since they are
not used to limit call back errors.
23. Answer: d). A user presents an ID to the system as
identification. Answer a is incorrect since presenting an ID is
not an authentication act. Answer b is incorrect since a
password is an authentication mechanism. Answer c is
incorrect since it refers to cryptography or authentication.
24. Answer: a). Answer b is incorrect since it is an identification
act. Answer c is incorrect since authentication can be
accomplished through the use of a password. Answer d is
incorrect since authentication is applied to local and remote
users.
25. Answer: c). These items are something you know and
something you have. Answer a is incorrect since, essentially,
only one factor is being used, something you know (password.)
Answer b is incorrect for the same reason. Answer d is
incorrect since only one biometric factor is being used.
26. Answer: b). The other items are made-up distractors.
27. Answer: b). The features extracted from the fingerprint are
stored. Answer a is incorrect since the equivalent of the full
fingerprint is not stored in finger scan technology. Answers c
and d are incorrect since the opposite is true of finger scan
technology.
28. Answer: c).
29. Answer: a).
30. Answer: c). The other answers are false since for a., relational
databases are ideally suited to text-only information, b. and d.,
OODB systems have a steep learning curve and consume a
large amount of system resources .
自主访问控制模型(Discretionary Access Control Model, DAC Model)
自主访问控制模型是根据自主访问控制策略建立的一种模型,允许合法用户以用户或用户组的身份访 问策略规定的客体,同时阻止非授权用户访问客体,某些用户还可以自主地把自己所拥有的客体的访问权限授予其他用户。自主访问控制又称为任意访问控制。 Linux, Unix, Windows NT或是SERVER版本的操作系统都提供自主访问控制的功能。在实现上,首先要对用户的身份进行鉴别,然后就可以按照访问控制列表所赋予用户的权限,允 许和限制用户使用客体的资源。主体控制权限的修改通常由特权用户(管理员)或是特权用户组实现。
任意访问控制对用户提供的这种灵活的数据访问方式,使得DAC广泛应用在商业和工业环境中;由 于用户可以任意传递权限,那么,没有访问文件(File1)权限的用户A就能够从有访问权限的用户B那里得到访问权限或是直接获得文件;可见,DAC模型 提供的安全防护还是相对比较低的,不能给系统提供充分的数据保护。
自主访问控制模型的特点是授权的实施主体(可以授权的主体、管理授权的客体、授权组)自主负责赋予和回收其他主体对客体资源的访问权限。DAC模型一般采用访问控制矩阵和访问控制列表来存放不同主体的访问控制信息,从而达到对主体访问权限限制的目的。
Kerberos:网络认证协议
(Kerberos: Network Authentication Protocol)
Kerberos这一名词来源于希腊神话“三个头的狗——地狱之门守护者”
Kerberos 是一种网络认证协议,其设计目标是通过密钥系统为客户机 / 服务器应用程序提供强大的认证服务。该认证过程的实现不依赖于主机操作系统的认证,无需基于主机地址的信任,不要求网络上所有主机的物理安全,并假定网络 上传送的数据包可以被任意地读取、修改和插入数据。在以上情况下, Kerberos 作为一种可信任的第三方认证服务,是通过传统的密码技术(如:共享密钥)执行认证服务的。
认证过程具体如下:客户机向认证服务器(AS)发送请求,要求得到某服务器的证书,然后 AS 的响应包含这些用客户端密钥加密的证书。证书的构成为: 1) 服务器 “ticket” ; 2) 一个临时加密密钥(又称为会话密钥 “session key”) 。客户机将 ticket (包括用服务器密钥加密的客户机身份和一份会话密钥的拷贝)传送到服务器上。会话密钥可以(现已经由客户机和服务器共享)用来认证客户机或认证服务器,也 可用来为通信双方以后的通讯提供加密服务,或通过交换独立子会话密钥为通信双方提供进一步的通信加密服务。
上述认证交换过程需要只读方式访问 Kerberos 数据库。但有时,数据库中的记录必须进行修改,如添加新的规则或改变规则密钥时。修改过程通过客户机和第三方 Kerberos 服务器(Kerberos 管理器 KADM)间的协议完成。有关管理协议在此不作介绍。另外也有一种协议用于维护多份 Kerberos 数据库的拷贝,这可以认为是执行过程中的细节问题,并且会不断改变以适应各种不同数据库技术。
1. Which of the following statements correctly describes biometric methods?
A. They are the least expensive and provide the most protection.
B. They are the most expensive and provide the least protection.
C. They are the least expensive and provide the least protection.
D. They are the most expensive and provide the most protection.
2. What is derived from a passphrase?
A. Personal password
B. Virtual password
C. User ID
D. Valid password
3. Which of the following statements correctly describes passwords?
A. They are the least expensive and most secure.
B. They are the most expensive and least secure.
C. They are the least expensive and least secure.
D. They are the most expensive and most secure.
4. What is the reason for enforcing the separation of duties?
A. No one person can complete all the steps of a critical activity.
B. It induces an atmosphere for collusion.
C. It increases dependence on individuals.
D. It makes critical tasks easier to accomplish.
5. Which of the following is not a logical access control?
A. Encryption
B. Network architecture
C. ID badge
D. Access control matrix
6. An access control model should be applied in a _______________ manner.
A. Detective
B. Recovery
C. Corrective
D. Preventive
7. Which access control policy is enforced when an environment uses a
nondiscretionary model?
A. Rule-based
B. Role-based
C. Identity-based
D. Mandatory
8. How is a challenge/response protocol utilized with token device
implementations?
A. This protocol is not used; cryptography is used.
B. An authentication service generates a challenge, and the smart token
generates a response based on the challenge.
C. The token challenges the user for a username and password.
D. The token challenges the user’s password against a database of stored
credentials.
9. Which access control method is user-directed?
A. Nondiscretionary
B. Mandatory
C. Identity-based
D. Discretionary
10. Which provides the best authentication?
A. What a person knows
B. What a person is
C. What a person has
D. What a person has and knows
11. Which item is not part of a Kerberos authentication implementation?
A. Message authentication code
B. Ticket granting service
C. Authentication service
D. Users, programs, and services
12. Which model implements access control matrices to control how subjects
interact with objects?
A. Mandatory
B. Centralized
C. Decentralized
D. Discretionary
13. What does authentication mean?
A. Registering a user
B. Identifying a user
C. Validating a user
D. Authorizing a user
14. If a company has a high turnover rate, which access control structure is best?
A. Role-based
B. Decentralized
C. Rule-based
D. Discretionary
15. A password is mainly used for what function?
A. Identity
B. Registration
C. Authentication
D. Authorization
16. The process of mutual authentication involves _______________.
A. A user authenticating to a system and the system authenticating to the user
B. A user authenticating to two systems at the same time
C. A user authenticating to a server and then to a process
D. A user authenticating, receiving a ticket, and then authenticating to a service
17. Reviewing audit logs is an example of which security function?
A. Preventive
B. Detective
C. Deterrence
D. Corrective
18. In discretionary access control security, who has delegation authority to grant
access to data?
A. User
B. Security office
C. Security policy
D. Owner
19. Which could be considered a single point of failure within a single sign-on
implementation?
A. Authentication server
B. User’s workstation
C. Logon credentials
D. RADIUS
20. What role does biometrics play in access control?
A. Authorization
B. Authenticity
C. Authentication
D. Accountability
21. What determines if an organization is going to operate under a discretionary,
mandatory, or nondiscretionary access control model?
A. Administrator
B. Security policy
C. Culture
D. Security levels
22. What type of attack attempts all possible solutions?
A. Dictionary
B. Brute force
C. Man-in-the-middle
D. Spoofing
23. Spoofing can be described as which of the following?
A. Eavesdropping on a communication link
B. Working through a list of words
C. Session hijacking
D. Pretending to be someone or something else
24. Which of the following is not an advantage of a centralized access control
administration?
A. Flexibility
B. Standardization
C. A higher level of security
D. No need for different interpretations of a necessary security level
25. Which of the following best describes what role-based access control offers
companies in reducing administrative burdens?
A. It allows entities closer to the resources to make decisions about who can
and cannot access resources.
B. It provides a centralized approach for access control, which frees up
department managers.
C. User membership in roles can be easily revoked and new ones established
as job assignments dictate.
D. It enforces enterprise-wide security policies, standards, and guidelines.
Answers
1. D. Compared to the other available authentication mechanisms, biometric
methods provide the highest level of protection and are the most expensive.
2. B. Most systems do not use the actual passphrase or password the user enters.
Instead, they put this value through some type of encryption or hashing
function to come up with another format of that value, referred to as a virtual
password.
3. C. Passwords provide the least amount of protection, but are the cheapest
because they do not require extra readers (as with smart cards and memory
cards), do not require devices (as do biometrics), and do not require a lot of
overhead in processing (as in cryptography). Passwords are the most common
type of authentication method used today.
4. A. Separation of duties is put into place to ensure one entity cannot carry
out a task that could be damaging or risky to the company. It requires two or
more people to come together to do their individual tasks to accomplish the
overall task. If a person wanted to commit fraud and separation of duties was
in place, they would need to participate in collusion.
5. C. A logical control is the same thing as a technical control. All of the answers
were logical in nature except an ID badge. Badges are used for physical
security and are considered physical controls.
6. D. The best approach to security is to try to prevent bad things from occurring
by putting the necessary controls and mechanisms in place. Detective controls
should also be implemented, but a security model should not work from a
purely detective approach.
7. B. Roles work as containers for users. The administrator or security professional
creates the roles and assigns rights to them and then assigns users to the
container. The users then inherit the permissions and rights from the
containers (roles), which is how implicit permissions are obtained.
8. B. An asynchronous token device is based on challenge/response mechanisms.
The authentication service sends the user a challenge value, which the user
enters into the token. The token encrypts or hashes this value, and the user
uses this as her one-time password.
9. D. The DAC model allows users, or data owners, the discretion of letting other
users access their resources. DAC is implemented by ACLs, which the data
owner can configure.
10. D. This is considered a strong authentication approach because it is two factor—
it uses two out of the possible three authentication techniques
(something a person knows, is, or has).
11. A. Message authentication code (MAC) is a cryptographic function and is
not a key component of Kerberos. Kerberos is made up of a KDC, a realm
of principals (users, services, applications, and devices), an authentication
service, tickets, and a ticket granting service.
12. D. DAC is implemented and enforced through the use of access control
lists (ACLs), which are held in a matrix. MAC is implemented and enforced
through the use of security labels.
13. C. Authentication means to validate the identity of a user. In most systems,
the user must submit some type of public information (username, account
number) and a second credential to prove this identity. The second piece of
the credential set is private and should not be shared.
14. A. It is easier on the administrator if she only has to create one role, assign all of
the necessary rights and permissions to that role, and plug a user into that role
when needed. Otherwise, she would need to assign and extract permissions and
rights on all systems as each individual came and left the company.
15. C. As stated in a previous question, passwords are the most common
authentication mechanism used today. They are used to validate a user’s identity.
16. A. Mutual authentication means it is happening in both directions. Instead
of just the user having to authenticate to the server, the server also must
authenticate to the user.
17. B. Reviewing audit logs takes place after the fact, after some type of incident
happens. It is detective in nature because the security professional is trying
to figure out what exactly happened, how to correct it, and possibly who is
responsible.
18. D. This question may seem a little confusing if you were stuck between user
and owner. Only the data owner can decide who can access the resources
she owns. She may be a user and she may not. A user is not necessarily the
owner of the resource. Only the actual owner of the resource can dictate what
subjects can actually access the resource.
19. A. In a single sign-on technology, all users are authenticating to one source. If
that source goes down, authentication requests cannot be processed.
20. C. Biometrics is a technology that validates an individual’s identity by reading
a physical attribute. In some cases, biometrics can be used for identification,
but that was not listed as an answer choice.
21. B. The security policy sets the tone for the whole security program. It dictates
the level of risk that management and the company are willing to accept. This
in turn dictates the type of controls and mechanisms to put in place to ensure
this level of risk is not exceeded.
22. B. A brute force attack tries a combination of values in an attempt to discover
the correct sequence that represents the captured password or whatever the
goal of the task is. It is an exhaustive attack, meaning the attacker will try over
and over again until she is successful.
23. D. Spoofing is the process of pretending to be another person or process with
the goal of obtaining unauthorized access. Spoofing is usually done by using a
bogus IP address, but it could be done by using someone else’s authentication
credentials.
24. A. A centralized approach does not provide as much flexibility as decentralized
access control administration, because one entity is making all the decisions
instead of several entities that are closer to the resources. A centralized
approach is more structured in nature, which means there is less flexibility.
25. C. An administrator does not need to revoke and reassign permissions to
individual users as they change jobs. Instead, the administrator assigns
permissions and rights to a role, and users are plugged into those roles.
51
Sample Questions
1. The goals of integrity do NOT include
A. Accountability of responsible
individuals
B. Prevention of the modification
of information by unauthorized
users
C. Prevention of the unauthorized
or unintentional modification of
information by authorized
users
D. Preservation of internal and
external consistency
2. Kerberos is an authentication scheme that can
be used to implement
A. Public key cryptography
B. Digital signatures
C. Hash functions
D. Single Sign-On
3. The fundamental entity in a relational database
is the
A. Domain
B. Relation
C. Pointer
D. Cost
4. In a relational database, security is provided to
the access of data through
A. Candidate keys
B. Views
C. Joins
D. Attributes
5. In biometrics, a “one-to-one” search to verify
an individual’s claim of an identity is called
A. Audit trail review
B. Authentication
C. Accountability
D. Aggregation
6. Biometrics is used for identification in the
physical controls and for authentication in the
A. Detective controls
B. Preventive controls
C. Logical controls
D. Corrective controls
7. Referential Integrity requires that for any
foreign key attribute, the referenced relation
must have
A. A tuple with the same value for
its primary key
B. A tuple with the same value for
its secondary key
C. An attribute with the same
value for its secondary key
D. An attribute with the same
value for its other foreign key
8. A password that is the same for each log-on is
called a
A. Dynamic password
B. Static password
C. Passphrase
D. One-time pad
9. The number of times a password should be
changed is NOT a function of
A. The criticality of the
information to be protected
B. The frequency of the
password’s use
C. The responsibilities and
clearance of the user
D. The type of workstation used
10. The description of a relational database is
called the
A. Attribute
B. Record
C. Schema
D. Domain
11. A statistical anomaly-based intrusion detection
system
A. Acquires data to establish a
normal system operating
profile
B. Refers to a database of known
attack signatures
C. Will detect an attack that does
not significantly change the
system’s operating
characteristics
D. Does not report an event that
caused a momentary anomaly
in the system
12. Intrusion detection systems can be all of the
following types EXCEPT
A. Signature-based
B. Statistical anomaly-based
C. Network-based
D. Defined-based
13. In a relational data base system, a primary key
is chosen from a set of
A. Foreign keys
B. Secondary keys
C. Candidate keys
D. Cryptographic keys
14. A standard data manipulation and relational
database definition language is
A. OOD
B. SQL
C. SLL
D. Script
15. An attack that can be perpetrated against a
remote user’s callback access control is
A. Call forwarding
B. A Trojan horse
C. A maintenance hook
D. Redialing
16. The definition of CHAP is
A. Confidential Hash
Authentication Protocol
B. Challenge Handshake
Authentication Protocol
C. Challenge Handshake
Approval Protocol
D. Confidential Handshake
Approval Protocol
17. Using symmetric key cryptography, Kerberos
authenticates clients to other entities on a
network and facilitates communications
through the assignment of
A. Public keys
B. Session keys
C. Passwords
D. Tokens
18. Three things that must be considered for the
planning and implementation of access control
mechanisms are
A. Threats, assets, and objectives
B. Threats, vulnerabilities, and
risks
C. Vulnerabilities, secret keys,
and exposures
D. Exposures, threats, and
countermeasures
19. In mandatory access control, the authorization
of a subject to have access to an object is
dependent upon
A. Labels
B. Roles
C. Tasks
D. Identity
20. The type of access control that is used in local,
dynamic situations where subjects have the
ability to specify what resources certain users
may access is called
A. Mandatory access control
B. Rule-based access control
C. Sensitivity-based access
control
D. Discretionary access control
21. Role-based access control is useful when
A. Access must be determined by
the labels on the data
B. There are frequent personnel
changes in an organization
C. Rules are needed to determine
clearances
D. Security clearances must be
used
22. Clipping levels are used to
A. Limit the number of letters in a
password
B. Set thresholds for voltage
variations
C. Reduce the amount of data to
be evaluated in audit logs
D. Limit errors in callback
systems
23. Identification is
A. A user being authenticated by
the system
B. A user providing a password to
the system
C. A user providing a shared
secret to the system
D. A user professing an identity to
the system
24. Authentication is
A. The verification that the
claimed identity is valid
B. The presentation of a user’s ID
to the system
C. Not accomplished through the
use of a password
D. Only applied to remote users
25. An example of two-factor authentication is
A. A password and an ID
B. An ID and a PIN
C. A PIN and an ATM card
D. A fingerprint
26. In biometrics, a good measure of performance
of a system is the
A. False detection
B. Crossover Error Rate (CER)
C. Positive acceptance rate
D. Sensitivity
27. In finger scan technology,
A. The full fingerprint is stored.
B. Features extracted from the
fingerprint are stored.
C. More storage is required than
in fingerprint technology.
D. The technology is applicable to
large one-to-many database
searches.
28. An acceptable biometric throughput rate is
A. One subject per two minutes
B. Two subjects per minute
C. Ten subjects per minute
D. Five subjects per minute
29. In a relational database, the domain of a
relation is the set of allowable values
A. That an attribute can take
B. That tuples can take
C. That a record can take
D. Of the primary key
30. Object-Oriented Database (OODB) systems:
A. Are ideally suited for text-only
information
B. Require minimal learning time
for programmers
C. Are useful in storing and
manipulating complex data
such as images and graphics
D. Consume minimal system
resources
Answers
1. Answer: a). Accountability is holding individuals responsible for
their actions. Answers b, c and d are the three goals of
integrity.
2. Answer: d). Kerberos is a third-party authentication protocol
that can be used to implement single sign-on. Answer a is
incorrect since public key cryptography is not used in the basic
Kerberos protocol. Answer b is a public key-based capability,
and answer c is a one-way transformation used to disguise
passwords or to implement digital signatures.
3. Answer: b). The fundamental entity in a relational database is
the relation in the form of a table. Answer a is the set of
allowable attribute values and answers c a nd d are distractors.
4. Answer: b). Answer a, candidate keys, are the set of unique
keys from which the primary key is selected. Answer c, Joins,
are operations that can be performed on the database, and the
attributes (d) denote the columns in the relational table.
5. Answer: b). Answer a is a review of audit system data, usually
done after the fact. Answer c is holding individuals responsible
for their actions, and answer d is obtaining higher sensitivity
information from a number of pieces of information of lower
sensitivity.
6. Answer: c). The other answers are different categories of
controls where preventive controls attempt to eliminate or
reduce vulnerabilities before an attack occurs; detective
controls attempt to determine that an attack is taking place or
has taken place; and corrective controls involve taking action
to restore the system to normal operation after a successful
attack.
7. Answer: a). Answers b and c are incorrect since a secondary
key is not a valid term. Answer d is a distractor since referential
integrity has a foreign key referring to a primary key in another
relation.
8. Answer: b). In answer a, the password changes at each logon.
For answer c, a passphrase is a long word or phrase that is
converted by the system to a password. In answer d, a onetime
pad refers to a using a random key only once when
sending a cryptographic message.
9. Answer: d). The type of workstation used as the platform is not
the determining factor. Items a, b and c are determining
factors.
10. Answer: c). The other answers are portions of a relation or
table.
11. Answer: a). A statistical anomaly-based intrusion detection
system acquires data to establish a normal system operating
profile. Answer b is incorrect since it is used in signature-based
intrusion detection. Answer c is incorrect since a statistical
anomaly-based intrusion detection system will not detect an
attack that does not significantly change the system operating
characteristics. Similarly, answer d is incorrect since the
statistical anomaly-based IDS is susceptible to reporting an
event that caused a momentary anomaly in the system.
12. Answer: d). All the other answers are types of IDS.
13. Answer: c). Candidate keys by definition. Answer a is incorrect
since a foreign key in one table refers to a primary key in
another. Answer b is a made-up distractor and answer d refers
to keys used in encipherment and decipherment.
14. Answer: b). All other answers do not apply.
15. Answer: a). A cracker can have a person’s call forwarded to
another number to foil the call back system. Answer b is
incorrect since it is an example of malicious code embedded in
useful code. Answer c is incorrect since it might enable
bypassing controls of a system through means used for
debugging or maintenance. Answer d is incorrect since it is a
distractor.
16. Answer: b).
17. Answer: b). Session keys are temporary keys assigned by the
KDC and used for an allotted period of time as the secret key
between two entities. Answer a is incorrect since it refers to
asymmetric encryption that is not used in the basic Kerberos
protocol. Answer c is incorrect since it is not a key, and answer
d is incorrect since a token generates dynamic passwords.
18. Answer: b). Threats define the possible source of security
policy violations, vulnerabilities describe weaknesses in the
system that might be exploited by the threats, and the risk
determines the probability of threats being realized. All three
items must be present to meaningfully apply access control.
Therefore, the other answers are incorrect.
19. Answer: a). Mandatory access controls use labels to determine
if subjects can have access to objects, depending on the
subjects’ clearances. Answer b, roles, is applied in nondiscretionary
access control as is answer c, tasks. Answer d,
identity, is used in discretionary access control.
20. Answer: d). Answers a and b require strict adherence to labels
and clearances. Answer c is a made-up distractor.
21. Answer: b). Role-based access control is part of nondiscretionary
access control. Answers a, c and d relate to
mandatory access control.
22. Answer: c). Reducing the amount of data to be evaluated, by
definition. Answer a is incorrect since clipping levels do not
relate to letters in a password. Answer b is incorrect since
clipping levels in this context have nothing to do with
controlling voltage levels. Answer d is incorrect since they are
not used to limit call back errors.
23. Answer: d). A user presents an ID to the system as
identification. Answer a is incorrect since presenting an ID is
not an authentication act. Answer b is incorrect since a
password is an authentication mechanism. Answer c is
incorrect since it refers to cryptography or authentication.
24. Answer: a). Answer b is incorrect since it is an identification
act. Answer c is incorrect since authentication can be
accomplished through the use of a password. Answer d is
incorrect since authentication is applied to local and remote
users.
25. Answer: c). These items are something you know and
something you have. Answer a is incorrect since, essentially,
only one factor is being used, something you know (password.)
Answer b is incorrect for the same reason. Answer d is
incorrect since only one biometric factor is being used.
26. Answer: b). The other items are made-up distractors.
27. Answer: b). The features extracted from the fingerprint are
stored. Answer a is incorrect since the equivalent of the full
fingerprint is not stored in finger scan technology. Answers c
and d are incorrect since the opposite is true of finger scan
technology.
28. Answer: c).
29. Answer: a).
30. Answer: c). The other answers are false since for a., relational
databases are ideally suited to text-only information, b. and d.,
OODB systems have a steep learning curve and consume a
large amount of system resources .
| 已投稿到: |
|
|---|
