2.Two phases for access controls are: The policy definition phase and the policy enforcement phase.
3.Logical address control has three items to be decided what are those questions? Deciding which users can get into a system, monitoring what the user does on that system, Restraining or influencing the user’s behavior on that system.
4.Define Security Kernel: is the central part of a computing environment’s hardware, software, and firmware that enforces access control for computer systems. It provides a central point of access control and implements the reference monitor concept.
5.Access Control Policy is a set of rules that allows a specific group of users to perform a particular set of actions on a particular set of resources.
6.What are the key elements for managing access control policies? Users, Resources, Actions and Relationships.
7.Define Authorization: process of deciding who has access to which computer and network resources.
8.Identification methods are: User name, Smart Card, Biometrics.
9.Authentication types are: Knowledge, ownership and characteristics
10.What is TFA? Two Fact authentication. System containing sensitive or critical information should use at least two or more of the categories care called TFA
11.Name the attacks related to authentication? Authentication by knowledge (password), brute-force attack, a dictionary attack.
12.What is account lockout policy for? To set the threshold to a high enough number that authorized users aren’t locked out due to mistyped passwords.
13.Define synchronous token and asynchronous token? A synchronous token uses an algorithm that calculates a number at both the authentication server and the device. The asynchronous token is the second of two types of token based device; it uses challenge-response technology that involves a dialogue between the...