Review: Using Access Controls

Sort each item into its proper category Subjects A user A software process Objects A network A server A file A database Match each term with its definition Identification The process of creating an account or identifying a process or user on the system Authentication The process of proving a subject is who or what it claims to be Authorization The process of determining what rights or permissions a subject should have Accounting The process of tracking authorized and unauthorized use of a resource or rights Sort each description into the correct group. Discretionary Access Control Stresses the importance of a resource's owner A resource's owner can assign rights to other users The owner of a resource is granted full control over it John shares a file with Suzie using Google Drive, giving her editing rights over that file. Role-Based Access Control Permissions are based on which role a user fulfills in the organization The default types of accounts in Windows are an example of this type of access control Jim, a standard user, cannot install applications. He calls for Tim, an administrator, to install an application for him. Mandatory Access Control Permissions are assigned based on the idea of security clearance levels. Users with a certain security clearance can usually access resources that are labeled at or below their level. Which of these is NOT considered a Rule-Based access model? Discretionary Access Control Role-Based Access Control Mandatory Access Control Which of these are examples of non-repudiation? (You may select more than one.) Video surveillance Using biometric factors as authentication Having a person sign to certify that they received a document Using a PIN as well as a password to log in Authentication Factors Something You Know username password PIN security challenge question ("What is your first pet's name?") pattern lock Something You Have hardware token (USB keyfob) smart card smartphone Something You Are retinal scan fingerprint reader facial recognition To get in to his gradebook app on his phone, Mr. Johnson has to type in his username AND then type in a PIN. Is this an example of two-factor authentication? Yes No Encryption Terms Match each term with its definition Cleartext an unencrypted message Cipher text an encrypted message Cipher the process or algorithm used to encrypt a message Types of Encryption Sort each description into the proper group. Symmetric Encryption Uses a single key to encrypt and decrypt data Used when speed is of utmost importance Much less processor-intensive Used to encode network transmissions Asymmetric Encryption Uses a public key and a private key Used when security is of utmost importance More processor-intensive Mostly used for authentication technologies Fill in the blanks! In asymmetric encryption, a person's secret private key is most often used to decrypt data. A mathematically related public key is used to encrypt that data. The two keys are not interchangeable. In Public Key Infrastructure, who is in charge of issuing digital certificates? users create their own certificates Certificate Authorities Google The government in which the entity is based If you visit a website and get a warning about an invalid certificate, what could be the problem? (You may select more than one.) the site's certificate has expired the site got hacked you may be about to get phished you mistyped the website's URL In the above situation, what should you do (most of the time)? download and install the certificate from that site clear your browser's cache do not visit that website report the website to the police Instead of passwords, websites typically store _ to check during user authentication. encrypted passwords cryptographic hashes digital certificates biometric data Select the options that represent password best practices (you may select more than one): Pam's administrator password is 16 characters long. Lionel uses his pet's name (all letters) in his password. Hal uses the same password for most sites so he won't have to write it down. Lily has a different password for everything and keeps a list of them under her keyboard. Patrick replaces certain letters of memorable phrases with numbers or characters to create passwords. Liam uses a password manager that uses a master password and encryption. He brags about not knowing what any of his passwords actually are. Kim changes her password every 4 weeks.