Computer Security: Principles and Practice
Midterm Review Questions f With Complete
Solutions 100% Verified Newest 2025
T -ANSWER Access control is the central element of computer security.
T -ANSWER An auditing function monitors and keeps a record of user accesses to system
resources.
T -ANSWER The principal objectives of computer security are to prevent
unauthorized users from gaining access to resources, to prevent legitimate users from
accessing resources in an unauthorized manner, and to enable legitimate users to access
resources in an authorized manner.
T -ANSWER A user may belong to multiple groups.
T -ANSWER An access right describes the way in which a subject may access an object.
F -ANSWER Traditional RBAC systems define the access rights of individual users and
groups of users.
Access control -ANSWER 1. __________ implements a security policy that specifies who
or what may have access to each specific system resource and the type of access that is
permitted in each instance.
Authentication -ANSWER __________ is verification that the credentials of a user or
other system entity are valid.
, Authorization -ANSWER _________ is the granting of a right or permission to a system
entity to access a system resource.
DAC -ANSWER __________ is the traditional method of implementing access control.
MAC -ANSWER __________ controls access based on comparing security labels with
security clearances.
mandatory access control -ANSWER A concept that evolved out of requirements for
military information security is ______ .
subject -ANSWER A __________ is an entity capable of accessing objects.
object -ANSWER A(n) __________ is a resource to which access is controlled.
RBAC -ANSWER __________ is based on the roles the users assume in a system rather
than the user's identity.
role -ANSWER A __________ is a named job function within the organization that
controls this computer system
Constraints -ANSWER __________ provide a means of adapting RBAC to the specifics of
administrative and security policies in an organization.
Cardinality -ANSWER __________ refers to setting a maximum number with respect to
roles.
Midterm Review Questions f With Complete
Solutions 100% Verified Newest 2025
T -ANSWER Access control is the central element of computer security.
T -ANSWER An auditing function monitors and keeps a record of user accesses to system
resources.
T -ANSWER The principal objectives of computer security are to prevent
unauthorized users from gaining access to resources, to prevent legitimate users from
accessing resources in an unauthorized manner, and to enable legitimate users to access
resources in an authorized manner.
T -ANSWER A user may belong to multiple groups.
T -ANSWER An access right describes the way in which a subject may access an object.
F -ANSWER Traditional RBAC systems define the access rights of individual users and
groups of users.
Access control -ANSWER 1. __________ implements a security policy that specifies who
or what may have access to each specific system resource and the type of access that is
permitted in each instance.
Authentication -ANSWER __________ is verification that the credentials of a user or
other system entity are valid.
, Authorization -ANSWER _________ is the granting of a right or permission to a system
entity to access a system resource.
DAC -ANSWER __________ is the traditional method of implementing access control.
MAC -ANSWER __________ controls access based on comparing security labels with
security clearances.
mandatory access control -ANSWER A concept that evolved out of requirements for
military information security is ______ .
subject -ANSWER A __________ is an entity capable of accessing objects.
object -ANSWER A(n) __________ is a resource to which access is controlled.
RBAC -ANSWER __________ is based on the roles the users assume in a system rather
than the user's identity.
role -ANSWER A __________ is a named job function within the organization that
controls this computer system
Constraints -ANSWER __________ provide a means of adapting RBAC to the specifics of
administrative and security policies in an organization.
Cardinality -ANSWER __________ refers to setting a maximum number with respect to
roles.
