CIS4361 Final Exam with Questions and Correct Answers 2025.

CIS4361 Final Exam with Questions and
Correct Answers 2025




Discretionary ,Access ,Control ,(DAC) ,- ,CORRECT ,ANSWER-Controls ,access ,based
,on ,identity ,of ,the ,requestor
& ,based ,on ,access ,rules ,stating ,what ,requestors ,are/aren't ,allowed ,to ,do

Mandatory ,Access ,Control ,(MAC) ,- ,CORRECT ,ANSWER-Controls ,access ,based ,on
,comparing ,security ,labels ,(how ,sensitive ,system ,resources ,are) ,
with ,security ,clearances ,(which ,system ,entities ,are ,able ,to ,access ,certain ,resources)

Role-Based ,Access ,Control ,(RBAC) ,- ,CORRECT ,ANSWER-Controls ,access ,based
,on ,the ,roles ,users ,have ,
& ,based ,on ,rules ,stating ,what ,accesses ,are ,allowed ,to ,users ,in ,given ,roles

3 ,classes ,in ,an ,Access ,Control ,System ,- ,CORRECT ,ANSWER-Owner ,- ,Creator ,of ,a
,resource ,(file)
Group ,- ,In ,addition ,to ,owner ,privileges, ,a ,group ,of ,users ,may ,also ,have ,granted
,access ,rights
World ,- ,Least ,amount ,of ,access ,rights. ,Users ,that ,are ,able ,to ,access ,the ,system ,but
,NOT ,included ,in ,owner/group ,classes


In ,the ,context ,of ,Access ,Control ,define:
Subject ,-
Object ,- ,- ,CORRECT ,ANSWER-Subject ,- ,Entity ,capable ,of ,accessing ,objects
Objects ,- ,Resource ,used ,to ,contain ,information

Access ,Right ,- ,CORRECT ,ANSWER-The ,way ,in ,which ,a ,subject ,may ,access ,an
,object ,(read, ,write, ,execute, ,delete, ,create, ,search)

, An ,access ,matrix ,is ,implemented ,by ,decomposition ,in ,2 ,ways: ,- ,CORRECT
,ANSWER-1. ,Access ,Control ,Lists
Decomposed ,by ,columns
For ,each ,object, ,list ,users ,and ,permitted ,access ,rights

2. ,Capability ,Tickets
Decomposed ,by ,rows
Specify ,authorized ,objects ,and ,operations ,for ,particular ,user

Protection ,Domain ,- ,CORRECT ,ANSWER-Sets ,of ,objects ,with ,access ,rights ,to ,those
,objects
In ,access ,matrix, ,this ,is ,a ,row

4 ,types ,of ,entities ,in ,a ,base ,model ,RBAC ,system ,- ,CORRECT ,ANSWER-User ,- ,An
,individual ,that ,has ,access ,to ,system ,--> ,user ,ID
Role ,- ,A ,named ,job ,function ,
Permission ,- ,An ,approval ,of ,a ,mode ,of ,access ,to ,one ,or ,more ,objects
Session ,- ,A ,mapping ,between ,user ,and ,an ,activated ,subset ,of ,the ,set ,of ,rules ,to
,which ,the ,user ,is ,assigned


3 ,types ,of ,role ,hierarchy ,constraints ,- ,CORRECT ,ANSWER-Mutually ,Exclusive ,Roles
,- ,A ,user ,can ,only ,be ,assigned ,to ,1 ,role ,in ,set
Cardinality ,- ,Max ,number ,with ,respect ,to ,roles. ,Set ,max ,number ,of ,users ,that ,can ,be
,assigned ,to ,a ,role
Prerequisite ,Roles ,- ,A ,user ,can ,only ,be ,assigned ,to ,a ,particular ,role ,if ,it ,is ,already
,assigned ,to ,some ,other ,specified ,role


Principle ,Threats ,to ,the ,Secrecy ,of ,Passwords ,- ,CORRECT ,ANSWER-Offline
,Dictionary ,Attack
Specific ,Account ,Attack
Popular ,Password ,Attack
Password ,Guessing ,Against ,a ,Single ,User
Workstation ,Hijacking
Exploiting ,User ,Mistakes
Exploiting ,Multiple ,Password ,Use
Electronic ,Monitoring

Offline ,Dictionary ,Attack ,- ,CORRECT ,ANSWER-Compare ,password ,hash ,against
,commonly ,used ,password ,hashes


Specific ,Account ,Attack ,- ,CORRECT ,ANSWER-Attacker ,targets ,specific ,account ,and
,submits ,password ,guesses ,until ,correct


Popular ,Password ,Attack ,- ,CORRECT ,ANSWER-Use ,popular ,password ,and ,try
,against ,a ,wide ,variety ,of ,user ,IDs