A back door into a network refers to what?
A.
Mechanisms created by hackers to gain network access at a later time
Discretionary
B.
Monitoring programs implemented on dummy applications to lure intruders
Parker (Wiley, 1998).
QUESTION 1459
A type of access control that supports the management of access rights for groups of subjects is:
Rule-based
C.
Undocumented instructions used by programmers to debug applications
Role-based
D.
Socially engineering passwords from a subject
Mandatory
B.
Monitoring programs implemented on dummy applications to lure intruders
Parker (Wiley, 1998).
QUESTION 1459
A type of access control that supports the management of access rights for groups of subjects is:
Rule-based
A.
Mechanisms created by hackers to gain network access at a later time
Discretionary
B.
Monitoring programs implemented on dummy applications to lure intruders
Parker (Wiley, 1998).
QUESTION 1459
A type of access control that supports the management of access rights for groups of subjects is:
Rule-based
C.
Undocumented instructions used by programmers to debug applications
Role-based
D.
Socially engineering passwords from a subject
Mandatory
Explanation:
Back doors are very hard to trace, as an intruder will often create several avenues into a network to
be exploited later. The only real way to be sure these avenues are closed after an attack is to restore
the operating system from the original media, apply the patches, and restore all data and
applications. * social engineering is a technique used to manipulate users into revealing information
like passwords. * Answer “Undocumented instructions used by programmers to debug
applications”refers to a trap door, which are undocumented hooks into an application to assist
programmers with debugging. Although intended innocently, these can be exploited by intruders. *
“Monitoring programs implemented on dummy applications to lure intruders” is a honey pot orpadded cell. A honey pot uses a dummy server with bogus applications as a decoy for intruders.
Source: Fighting Computer Crime by DonnRole-based access control assigns identical privileges to groups of users. This approach simplifies the
management of access rights, particularly when members of the group change. Thus, access rights
are assigned to a role, not to an individual. Individuals are entered as members of specific groups
and are assigned the access privileges of that group. In answer Discretionary, the access rights to an
object are assigned by the owner at the owner’s discretion. For large numbers of people whose
duties and participation may change frequently, this type of access control can become unwieldy.
Mandatory access control, answer c, uses security labels or classifications assigned to data items and
clearances assigned to users. A user has access rights to data items with a classification equal to or
less than the user’s clearance. Another restriction is that the user has to have a need-to-know the
information; this requirement is identical to the principle of least privilege. Answer ‘rule-based
access control’ assigns access rights based on stated rules. An example of a rule is Access to tradesecret data is restricted to corporate officers, the data owner and the legal department.