tion of duties is an example of what type of access control?
- Detective - Preventative
Preventive access controls deter intrusion or attacks, for example, separation of duties or dual-custody processes.
Detective access controls search for details about the attack or the attacker, for example, intrusion detection systems.
Corrective access controls implement short-term repairs to restore basic functionality following an attack. Compensative access controls are alternatives to primary access controls.
Which of the following defines an object as used in access control?
- Resources, policies, and systems.
- Policies, procedures, and technologies that are implemented within a system.
- Users, applications, or processes that need to be given access.
- Data, applications, systems, networks, and physical space. - Data, applications, systems, networks, and physical space.
Objects are the data, applications, systems, networks, and physical space.
Subjects are the users, applications, or processes that need access to objects.
Which of the following is the term for the process of validating a subject's identity?
- Auditing - Authentication
Authentication is the process of validating a subject's identity. It includes the identification process, the user providing input to prove identity, and the system accepting that input as valid.
Authorization is the granting or denying a subject's access to an object based on the level of permissions or the actions allowed on the object. Identification identifies the subject. Examples include a username or a user ID number. Auditing is maintaining a record of a subject's activity within the information system.
Encryption is which type of access control?
- Physical -...