MIS 4850 Systems Security
Review Questions | Chapter 5 Access Control
Student Name: ______
1) ______is the process of assessing the identity of each individual claiming to have permission to use a resource.
A) Authorizations
B) Authentication
C) Accuracy
D) Auditing
2) ______is the process of collecting information about the activities of each individual in log files for immediate and later analysis.
A) Authorizations
B) Authentication
C) Accuracy
D) Auditing
3) In which of the following access permissions are granted to group of people based on the type of job they are doing in an organization?
A) list-based access control
B) mandatory access control
C) discretionary access control
D) role-based access control
4) In which of the following access permissions are granted to individuals rather than to groups?
A) list-based access control
B) mandatory access control
C) discretionary access control
D) role-based access control
5) Most users who have access to servers use reusable passwords for authentication.
a) TRUEb) FALSE
6) Users should select very long and complex passwords and use the same password at all sites for auditability. a) TRUE b) FALSE
7) Passwords offer reasonable security at reasonable cost and will likely continue to increase in importance in the future. a) TRUE b) FALSE
8) A ______card is an access card that has a built-in microprocessor and memory.
A) magnetic stripe
B) smart
C) Both A and B
D) Neither A nor B
9) A ______card stores authentication data.
A) magnetic stripe
B) smart
C) Both A and B
D) Neither A nor B
10) ______can be much shorter than ______.
A) PINs, passwords
B) Passwords, PINs
C) there is no general length difference between passwords and PINs
D) None of the above
11) ______record(s) and analyze(s) what a person or program actually did.
A) Authentication
B) Authorizations
C) Auditing
D) All of the above
12) Which of the following statements is true about log files?
A) Log files should be read regularly.
B) External auditing should be conducted periodically.
C) Automatic alerts should be established.
D) All of the above
13) Which of the following is one of the four bases for authentication credentials?
A) what you know
B) what you have
C) Both A and B
D) Neither A nor B
14) Compared to access control based on individual accounts, role-based access control is ______.
A) less prone to error
B) more expensive
C) Both A and B
D) Neither A nor B
15) Long passwords that use several types of keyboard characters are called ______passwords.
A) complex
B) reusable
C) dictionary
D) one-time
16) Password cracking is usually done over the network by trying many passwords to log into an account.
TRUEFALSE
Book, page 249
17) In the military, departments do not have the ability to alter access control rules set by higher authorities in ______.
A) policy-based access control
B) mandatory access control
C) discretionary access control
D) multilevel access control
18) In ______the department has discretion over giving access to individuals, within policy standards set by higher authorities.
A) policy-based access control
B) mandatory access control
C) discretionary access control
D) delegated access control
ReviewQuestionsCh5_Sol.doc1/3