All access control systems are about solving problems and meeting business needs. In order to do this effectively, you should be familiar with a variety of access control types and understand how to map those types to various business challenges. Understanding how access control systems are used in the real world is a good way to integrate what works into your own access control systems.
In terms of business continuity, a hostage situation could be considered a disaster.
True
False
_______________ is choosing not to engage in an activity that carries some element of risk.
_______________ is carrying on despite the risks involved in a given activity.
_______________ is the process of assigning risk to someone else.
_______________ combines attempts to minimize the probability and impact of risk.
The three main threat categories are information confidentiality, _______________, and availability.
Even nonsensitive data should be kept under some level of access control.
True
False
Any system or data resource that, if it were lost, stolen, damaged, altered, or publicly divulged, would cause a significant negative impact to the organization should be considered _______________.
A user account with “root” privileges best fits into which one of the following access roles?
User
Service
Daemon
Administrator
A school district was hit with a ransomware attack that prevented teachers from accessing their computer systems. Which term best describes the effect of the attack?
Disclosure
Confidentiality
Integrity
Availability
The principle of separation of privilege requires a minimum of how many conditions to be met before access can be granted?
1
2
3
4
5
Least user access implements what access control requirement?
The group with the least users should be granted the highest level of access.
Users should commonly log onto workstations under limited user accounts, unless they are performing administrative functions.
No user should have administrative rights to a workstation.
All users should have administrative rights to a workstation.
The three basic levels of need for information are existence of information, view partial information, and _______________.