2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	585/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 581 582 583 584 585 586 587 588 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Domain 5: Identity and Access Management (IAM)

B.
Diameter
C.
TACACS+
D.
TACACS
Refer the following scenario when answering questions 19 and 20.
An administrator has been working within an organization for over 10 years. He has
moved between different IT divisions within the company and has retained privileges
from each of the jobs that he’s had during his tenure. Recently, supervisors admonished
him for making unauthorized changes to systems. He once again made an unauthor-
ized change that resulted in an unexpected outage and management decided to termi-
nate his employment at the company. He came back to work the following day to clean
out his desk and belongings, and during this time he installed a malicious script that
was scheduled to run as a logic bomb on the first day of the following month.
The script will change administrator passwords, delete files, and shut down over
100 servers in the datacenter.
19.
Which of the following basic principles was violated during the administrator’s
employment?
A.
Implicit deny
B.
Loss of availability
C.
Defensive privileges
D.
Least privilege
20.
What could have discovered problems with this user’s account while he was employed?
A.
Policy requiring strong authentication
B.
Multifactor authentication
C.
Logging
D.
Account review

Chapter
14
Controlling and
Monitoring Access
The CISSP exAM ToPICS Covered In
ThIS ChAPTer InClude:
✓
Domain 5: Identity and Access Management (IAM)
■
5.4 Implement and manage authorization mechanisms
■
5.4.1 Role Based Access Control (RBAC)
■
5.4.2 Rule-based access control
■
5.4.3 Mandatory Access Control (MAC)
■
5.4.4 Discretionary Access Control (DAC)
■
5.4.5 Attribute Based Access Control (ABAC)

Chapter 13, “Managing Identity and Authentication,” pre-
sented several important topics related to the Identity and
Access Management (IAM) domain for the CISSP certifi cation
exam. This chapter builds on those topics and includes key information on some common
access control models. It also includes information on how to prevent or mitigate access
control attacks. Be sure to read and study the materials from each of these chapters to
ensure complete coverage of the essential material for this domain.
Comparing Access Control Models
Chapter 13 focused heavily on identifi cation and authentication. After authenticating sub-
jects, the next step is authorization. The method of authorizing subjects to access objects
varies depending on the access control method used by the IT system.
A
subject
is an active entity that accesses a passive object, and an
object
is a passive entity that provides information to active subjects. For exam-
ple, when a user accesses a file, the user is the subject and the file is the
object.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 581 582 583 584 585 586 587 588 ... 881