This site is 100% ad supported. Please add an exception to adblock for this site.

CISSP

Start Studying!

Terms

undefined, object
copy deck
Access controls is concerned with protecting?
Confidentiality, Integrity and Availability. (CIA Triad)
Access control is concerned with reducing risk. What is the formula?
Risk = Threat x Vulnerability
What is CHAP?
Challenge Handshake Authentication Protocol.
What is so special about CHAP?
Central location sends challenge to remote user; user responds with encrypted hash of challege; password is NOT sent in CLEAR text over link and messages are encrypted
What does TACACS stand for?
Terminal Access Controller Access Control System.
What two items are required in TACACS?
Requires user-id and static password.
Rows are often known as what in databases?
Rows represent records and known as Tuples.
Columns are often known as what in databases?
Columns are often known as Attributes
What are three goals that database normalization attempts to achieve?
Removing redundant data; eliminating attributes in a table that do NOT depend on the table's primary key; remove repeating groups of data
What are the THREE principles of Controlling Access?
Least privilege; separation of duties; rotation of duties.
What model is followed for "Separation of Duties"?
Clark-Wilson.
MAC is an Access Control Type; what does it stand for?
MAC = Mandatory Access Control.
LBAC is an Access Control Type; what does it stand for?
Lattice-Based Access Control.
What are MAC's strenghts?
Controlled by the system and cannot be overridden; not subject to user error; enforces strict controls on multi-security systems; helps prevent information leakage.
What are MAC weaknesses?
Protects only information in a digital form. Physical copies can be distributed - unsecure access.
DAC is an Access Control; what does it stand for?
DAC = Discretionary Access Control.
What are DAC's strengths?
Convenient; easier to use and flexible; users feel as if they are in control; simple to understand; software personification.
What are DAC's weaknesses?
Fails to distinguish between user and programs; processs can change access control attributes; is subject to user arbitrary discretion; system is open to malicious software; there is no protection against "trusted" user error.
What does RBAC stand for as an Access Control?
RBAC = Role-Based Access Control.
What are the primary functions of RBAC?
Non-discretionary; Centralized authority; database management; limited access rights for each role
What does CBAC stand for as an Access Control?
CBAC = Context-Based Access Control.
What does PARBAC stand for as an Access Control?
PARBAC = Privacy-Aware RBAC.
What are the key criterias for Identity?
Issuing of Identity; Naming Standards; Non-descriptive; Tracking and Auditing; Unique; Not Shared.
AAA?
Authentication, Authorization; Accountability.
What are the five security models?
1. Lattice 2. Chinese Wall model 3. Bell-LaPadula 4. BIBA 5. Clark-Wilson
What does the China-Wall Model focus on?
It deals with "Conflict of Interest."
What does Bell-LaPadula focus on?
Confidentiality and not integrity.
What TWO key principles exist in Bell-La Padula?
NO READ UP (NRU) and NO WRITE DOWN(NWD).
What is the opposite of Bell-LaPadula?
BIBA - NO READ DOWN (NRD) and NO WRITE UP.(NWU)
What BIBA's focus?
Integrity.
What are TWO key principles of BIBA?
NO READ DOWN (NRD) and NO WRITE UP (NWU).
What is Clark-Wilson's focus?
Separation of Duties.
Start Studying!

Deck Info

32

jm5398

permalink