Page 65 - StudyBook.pdf
P. 65
General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1 49
3. A user from your company is being investigated for attempting to sell propri-
etary information to a competitor.You are the IT security administrator
responsible for assisting with the investigation.The user has claimed that he did
not try to access any restricted files and is consequently not guilty of any
wrongdoing.You have completed your investigation and have a log record
showing that the user did attempt to access restricted files. How does AAA help
you to prove that the user is guilty regardless of what he says?
A. Access Control
B. Auditing
C. Authorization
D. Non-repudiation
4. You have been brought in as a security consultant for a programming team
working on a new operating system designed strictly for use in secure govern-
ment environments. Part of your role is to help define the security require-
ments for the operating system and to instruct the programmers in the best
security methods to use for specific functions of the operating system.What
method of access control is most appropriate for implementation as it relates to
the security of the operating system itself?
A. MAC
B. DAC
C. RBAC
D. All of the above
5. You are designing the access control methodology for a company implementing
an entirely new IT infrastructure.This company has several hundred employees,
each with a specific job function.The company wants their access control
methodology to be as secure as possible due to recent compromises within
their previous infrastructure.Which access control methodology would you use
and why?
A. RBAC because it is job-based and more flexible than MAC
B. RBAC because it is user-based and easier to administer
C. Groups because they are job-based and very precise
D. Groups because they are highly configurable and more flexible than MAC
www.syngress.com
