Читаем CISSP Practice полностью

a. 1 only

b. 2 only

c. 1 and 3

d. 2 and 4

131. d. This combination represents something that you have (i.e., PKI keys) and something that you know (i.e., PIN). There is no hardware token to lose or steal. Therefore, this is a strong form of two-factor authentication that can be used to support logical access.

132. RuBAC is rule-based access control, ACL is access control list, IBAC is identity-based access control, DAC is discretionary access control, and MAC is mandatory access control. For identity management, which of the following equates the access control policies and decisions between the U.S. terminology and the international standards?

1. RuBAC = ACL

2. IBAC = ACL

3. IBAC = DAC

4. RuBAC = MAC

a. 1 only

b. 2 only

c. 3 only

d. 3 and 4

132. d. Identity-based access control (IBAC) and discretionary access control (DAC) are considered equivalent. The rule-based access control (RuBAC) and mandatory access control (MAC) are considered equivalent. IBAC uses access control lists (ACLs) whereas RuBAC does not.

133. For identity management, most network operating systems are based on which of the following access control policy?

a. Rule-based access control (RuBAC)

b. Identity-based access control (IBAC)

c. Role-based access control (RBAC)

d. Attribute-based access control (ABAC)

133. b. Most network operating systems are implemented with an identity-based access control (IBAC) policy. Entities are granted access to resources based on any identity established during network logon, which is compared with one or more access control lists (ACLs). These lists may be individually administered, may be centrally administered and distributed to individual locations, or may reside on one or more central servers. Attribute-based access control (ABAC) deals with subjects and objects, rule-based (RuBAC) deals with rules, and role-based (RBAC) deals with roles or job functions.

134. RBAC is role-based access control, MAC is mandatory access control, DAC is discretionary access control, ABAC is attribute-based access control, PBAC is policy-based access control, IBAC is identity-based access control, RuBAC is rule-based access control, RAdAC is risk adaptive access control, and UDAC is user-directed access control. For identity management, RBAC policy is defined as which of the following?

a. RBAC = MAC + DAC

b. RBAC = ABAC + PBAC

c. RBAC = IBAC + RuBAC

d. RBAC = RAdAC + UDAC

134. c. Role-based access control policy (RBAC) is a composite access control policy between identity-based access control (IBAC) policy and rule-based access control (RuBAC) policy and should be considered as a variant of both. In this case, an identity is assigned to a group that has been granted authorizations. Identities can be members of one or more groups.

135. A combination of something you have (one time), something you have (second time), and something you know is used to represent which of the following personal authentication proofing scheme?

a. One-factor authentication

b. Two-factor authentication

c. Three-factor authentication

d. Four-factor authentication

135. b. This situation illustrates that multiple instances of the same factor (i.e., something you have is used two times) results in one-factor authentication. When this is combined with something you know, it results in a two-factor authentication scheme.

136. Remote access controls are a part of which of the following?

a. Directive controls

b. Preventive controls

c. Detective controls

d. Corrective controls

136. b. Remote access controls are a part of preventive controls, as they include Internet Protocol (IP) packet filtering by border routers and firewalls using access control lists. Preventive controls deter security incidents from happening in the first place.