GMU IT 223 Exam 2 (Lecture 5-9) Questions With Correct Answers.

What is access control? - Answer-authorized entities can use a system when they need to. How is policy related to access control? - Answer-Policy driven control of access to systems, data, and dialogues. Examples of access control include barriers, passwords, and bio-metrics. What is the role of authentication in access control? - Answer-Verification (or not) of an individual's claim (usually of identity). What is the role of authorization in access control? - Answer-An entity (via his/her/its identity) is given certain permissions to access particular resources. What is the role of auditing in access control? - Answer-After-the-fact analysis of data collected about an individual's activities What are 4 different ways to authenticate a claim of identity? Can you give an example of each? - Answer-- What you know - a password for an account - What you have - a door key, a smart card - Who you are - fingerprint - What you do - how you pronounce a passphrase What is multi-factor authentication? Why is it useful? - Answer-Role Based Access Control (RBAC). Lessens number of opportunities for errors How does MFA impact the probability of a false negative result? - Answer-Increases probability of false negative How does MFA impact the probability of a false positive result? - Answer-Decreases probability of false positiveWhat is mandatory access control? - Answer-Strict access control barriers to gain Entry, no variation allowed. What is discretionary access control? - Answer-A department can decide what access to allow for each individual. How does a multi-level security (MLS) system work? - Answer-Classified information requires complex layers of control that far exceed basic clearance granting and badge granting policies. On a NTK (Need to Know) access Can you give examples of common policy requirements for physical security? - Answer-CCTV, wireless cameras, preventing dumpster diving, PC locking when leaving desk. Why is it important to consider utilities? - Answer-Electricity, water, HVAC must be supplied to adequate level, inspected and tested regularly. Also, backup generator. What are important issues to remember when disposing of computer equipment? - Answer-Ensure data destruction, keeping records of decommissioned equipment, minimize environmental liabilities, and choosing the right vendors What is the role of a password in access control? - Answer-allows you to restrict access to vital password information on a "need to know" basis. The most common form is "role-based access control" which allows you to assign broad roles (with a set of password permissions) and then assign users to those roles. Can you give examples of common policy requirements for passwords? - Answer-Changing passwords on regular intervals, not changing the password to something you've had before, at least 8 characters long, at least one change of case, at least one digit, at least one special character, and not at the end of the password. How do users sometimes misuse passwords? - Answer-Sharing passwords or accounts and reusing passwords on different systems and sites.Can you give examples of physical devices used in access control? - Answer-In Cabling Security, wiring has to be sufficiently hidden from tapping capabilities, or accidental cutting. Wiring closets locked and monitored. What is the most important issue when using physical devices in this way? - Answer-Loss and Theft are common. 2 Factor authentication eases loss or theft. What does "bio-metrics" mean literally? in the I.T. context? - Answer-based on something you are (your fingerprint, iris pattern, face, hand geometry, etc.) or something you do (write, type, walk, etc.). The major promise of bio-metrics is to make reusable passwords obsolete. The process by which a person's unique physical and other traits are detected and recorded by an electronic device or system as a means of confirming identity. Can you give examples of common bio-metric technologies? - Answer-Fingerprint recognition, iris scanning, and face recognition What are two important parts of the bio-metric process that are never perfect? - Answer-Overly exact matches cause false rejections. Too loose a matching index will cause false acceptances. What is a false acceptance rate (FAR)? - Answer-Match to a template that should not be made. What is a false rejection rate (FRR)? - Answer-rate of false acceptances as a percentage of total access attempts What are three different purposes for which bio-metric are commonly used? - Answer-Verification, supplicant is compared to table entry or template. Identification, situation where the supplicant does not state his or her identity door access.