Term Definition
How do you know at what point Your environment can never be
you can consider your fully secure within it, but you
environment to be secure? can consider an environment
secure when you formulate
multilayered defenses that will
allow you to have a successful
resistance, should one or more
of your defenses fail.
Give this one a try later!
True False
2 of 116
Definition Term
,Ultimately, a threat is something What is "utility" in the Parkerian
that has the potential to cause hexad?
harm.
Give this one a try later!
True False
Correct definition
What is a threat in information security?
3 of 116
Term Definition
Discuss the difference between Authentication should come first
authorization and access to authenticate the person is the
control. correct person then
authorization to allow the
person access to what they
need.
Give this one a try later!
True False
Correct definition
Authorization is the process of determining what exactly the
authenticated party can do. Access controls are
, implemented tools and systems used to allow or deny
access.
4 of 116
Term Definition
The detection and analysis
What are the differences
phase is where the action
between the MAC and DAC
begins. In this phase, you detect
models of access control?
an issue, decide whether it’s
x
actually an incident, and
respond to it appropriately.
Most often, you’ll detect the
issue with a security tool or
service, like an intrusion
detection system (IDS), antivirus
(AV) software, firewall logs,
proxy logs, or alerts from a
security information and event
monitoring (SIEM) tool or
managed security service
provider (MSSP).
Give this one a try later!
True False
Correct definition
, In DAC the owner of the resource fully decides who gets
access to it, in MAC the owner of the resource doesn't
decide who gets access to it.
In the discretionary access control (DAC) model, the owner
of the resource determines who gets access to it and
exactly what level of access they can have.
In the mandatory access control (MAC) model, the owner
of the resource doesn’t get to decide who gets to access it.
Instead, a separate group or individual has the authority to
set access to resources. 5 of 116
Term Definition
Rule-based access control
What is the Rule-based Access
allows access according to a set
Control model?
of rules defined by the system
administrator. If the rule is
matched, access to the resource
will be granted or denied
accordingly.
A good example of rule-based
access control is an ACL used
by a router. You might see a rule
specifying that traffic coming
from source A to destination B
on port C is allowed. Any other
traffic between the two devices
would be denied.
Give this one a try later!
True False