Identify common authorization mechanisms

Exam Essentials 
655
resources. Common authorization mechanisms include implicit deny, access control lists, 
access control matrixes, capability tables, constrained interfaces, content-dependent con-
trols, and context-dependent controls. These mechanisms enforce security principles such 
as the need-to-know, the principle of least privilege, and separation of duties.
Know details about each of the access control models.
With Discretionary Access 
Control (DAC) models, all objects have owners and the owners can modify permissions. 
Administrators centrally manage nondiscretionary controls. Role Based Access Control 
(RBAC) models use task-based roles and users gain privileges when administrators place 
their accounts into a role. Rule-based access control models use a set of rules, restrictions, 
or filters to determine access. The Mandatory Access Control (MAC) model uses labels to 
identify security domains. Subjects need matching labels to access objects.
Understand basic risk elements.
Risk is the possibility or likelihood that a threat can 
exploit a vulnerability and cause damage to assets. Asset valuation identifies the value of 
assets, threat modeling identifies threats against these assets, and vulnerability analysis 
identifies weaknesses in an organization’s valuable assets. Access aggregation is a type of 
attack that combines, or aggregates, nonsensitive information to learn sensitive information 
and is used in reconnaissance attacks.
Know how brute-force and dictionary attacks work.
Brute-force and dictionary attacks 
are carried out against a stolen password database file or the logon prompt of a system. 
They are designed to discover passwords. In brute-force attacks, all possible combinations 
of keyboard characters are used, whereas a predefined list of possible passwords is used 
in a dictionary attack. Account lockout controls prevent their effectiveness against online 
attacks.

Download 19,3 Mb.

Do'stlaringiz bilan baham: