You shall not pass! Except for you...you may pass...and you...and you...BUT NOT YOU!
Can't Trust Em
It's a CAT-astrophy
100
True or False; DAC is the most restrictive access control model.
False
100
Methodology for making modifications and keeping track of changes
Change management
100
This device acts as a substitute on behalf of a primary device.
Proxy
100
You would implement this to ensure that users can only access their company devices during regular business hours.
Time of day restrictions
100
A written document detailing the process for restoring IT resources following a disruptive event.
DRP or Disaster Recovery Plan
200
This access control method is considered more "real world" than others.
What is Role Based Access Control
200
Attempts to create "hard" numbers associated with risk of an element in system by using historical data.
Quantitative risk calculation
200
This device can take several actions when it receives a packet, allow, block, prompt.
Firewall
200
The policy of only giving users the bare minimum credentials so that they can perform their job.
Least privilege
200
Determining in advance who will be authorized to take over in the event of the incapacitation of a key employee
Succession Plan
300
Access is allowed or denied to resource objects based on a set of rules defined by a system administrator.
What is Rule Based Access Control
300
Expected monetary loss every time a risk occurs.
Single Loss Expectancy (SLE)
300
This type of firewall keeps a record of the state of a connection between an internal and external device.
Stateful Packet Filtering
300
Bob from accounting has decided he's fed up with the poor wireless signal he gets from his desk, one day he brings in his own wireless router and hooks it up under his desk. What has Bob done?
Set up a Rogue Access Point
300
Average amount of time it takes a device to recover from a failure
Mean time to recovery (MTTR)
400
This is the strictest of all levels of control. It takes a hierarchical approach to controlling access to resources.
What is Mandatory Access Control
400
Policy that defines actions users may perform while accessing systems
Acceptable Use Policy (AUP)
400
This authentication solution uses tickets to provide access to resources.
Kerberos
400
Imaginary line by which an element is measured of compared.
Baseline.
400
The least fault tolerant RAID.
RAID level 0
500
List one of the two weaknesses that we covered about Discretionary Access Control.
Relies on decisions by the end user.
or
Permissions will be inherited by programs that the subject executes.
500
The Security Policy Cycle includes these three phases