CECS 378 EXAM QUESTIONS ANSWERED CORRECTLY LATEST UPDATE 2026

CECS 378 EXAM QUESTIONS ANSWERED CORRECTLY LATEST UPDATE 2026 What is access control as defined by NIST IR 7298? - Answers The process of granting or denying specific requests to obtain and use information and related information processing services, and to enter specific physical facilities. How does RFC 4949 define access control? - Answers A process by which use of system resources is regulated according to a security policy and permitted only by authorized entities according to that policy. What is one basic security requirement for access control? - Answers Limit information system access to authorized users, processes acting on behalf of authorized users, or devices. What does the principle of least privilege entail? - Answers Employing the least privilege for specific security functions and privileged accounts. What should be done to prevent non-privileged users from executing privileged functions? - Answers Prevent non-privileged users from executing privileged functions and audit the execution of such functions. What is a recommended action after a defined period of inactivity? - Answers Terminate a user session automatically. What is the purpose of using session locks with pattern-hiding displays? - Answers To prevent access and viewing of data after a period of inactivity. What should be done to protect remote access sessions? - Answers Employ cryptographic mechanisms to protect the confidentiality of remote access sessions. What is required before allowing wireless access? - Answers Authorize wireless access prior to allowing such connections. What should be done to control the connection of mobile devices? - Answers Control connection of mobile devices and encrypt controlled unclassified information (CUI) on them. What is the significance of monitoring remote access sessions? - Answers To ensure control and security during remote access. What does CUI stand for? - Answers Controlled Unclassified Information. What is the relationship between access control and computer security? - Answers All of computer security is concerned with access control, which assures security services in a computer system. What should be done with organizational portable storage devices on external information systems? - Answers Limit use of organizational portable storage devices on external information systems. What is a derived security requirement related to the flow of CUI? - Answers Control the flow of CUI in accordance with approved authorizations. What should be provided to users regarding privacy and security? - Answers Provide privacy and security notices consistent with applicable CUI rules. What is the purpose of limiting unsuccessful logon attempts? - Answers To enhance security by preventing unauthorized access. What does computer security aim to assure according to RFC 4949? - Answers Security services in a computer system, particularly those that assure access control service. What is one way to protect wireless access? - Answers Using authentication and encryption. What is Discretionary Access Control (DAC)? - Answers Access control based on the identity of the requestor and specific access rules. What does Mandatory Access Control (MAC) rely on? - Answers It controls access based on security labels compared to security clearances. What is Role-Based Access Control (RBAC)? - Answers Access control based on the roles users have within the system. Define Attribute-Based Access Control (ABAC). - Answers Access control based on attributes of the user, resource, and environmental conditions. What is a Subject in access control? - Answers An entity capable of accessing objects. What are the three classes of Subjects? - Answers Owner, Group, World. What is an Object in access control? - Answers A resource that access is controlled for. What does Access Right describe? - Answers The way a subject may access an object, such as read or write. What is an Access Matrix? - Answers A scheme that shows access rights of subjects to objects. What is a Protection Domain? - Answers A set of objects with associated access rights. What are inodes in UNIX file access control? - Answers Control structures containing key information for a file. What does the Sticky Bit do in UNIX? - Answers It restricts file deletion or renaming to the file's owner. What is the purpose of Access Control Lists (ACLs) in UNIX? - Answers To assign specific user IDs and groups to files for access control. What is the role of Identity, Credential, and Access Management (ICAM)? - Answers To manage digital identities and access control. What does Identity Management focus on? - Answers Assigning attributes to a digital identity and connecting it to an individual. What is Credential Management? - Answers The management of the life cycle of credentials like smart cards and digital certificates. What are the three support elements needed for enterprise-wide access control? - Answers Resource management, Privilege management, Policy management. What is Identity Federation? - Answers Technology that allows organizations to trust external digital identities and credentials. What is the Open Identity Trust Framework? - Answers A standardized specification for identity and attribute exchange. What does the term 'Set User ID' (Set UID) mean? - Answers A mechanism that allows users to execute files with the permissions of the file owner. What is the purpose of the Access Control System Commands? - Answers To manage and enforce access control policies. What are the attributes in Attribute-Based Access Control (ABAC)? - Answers Characteristics of subjects, objects, and the environment used for access control decisions. What is the main obstacle to the adoption of ABAC? - Answers Concerns about performance impact when evaluating access rules. What are Privileges in access control? - Answers Authorized behaviors of a subject defined by an authority. What does the term 'Credential' refer to? - Answers An object that binds an identity to a token for access transactions. What is the goal of Lifecycle Management in Identity Management? - Answers To protect personal identity information and control access to identity data. What is the purpose of the 'Set Group ID' (Set GID)? - Answers To allow a program to run with the permissions of the group that owns the file. What does the term 'Superuser' refer to? - Answers A user exempt from usual access control restrictions with system-wide access. What is the significance of the 'Cardinality' constraint in RBAC? - Answers It sets a maximum number of roles a user can be assigned. What are the two questions Identity Federation addresses? - Answers How to trust external identities and how to vouch for internal identities. What is the role of the OpenID Foundation? - Answers To promote and protect OpenID technologies for user authentication. What does the term 'Access Management' encompass? - Answers Management and control of how entities are granted access to resources. What is the role of Policy Management in access control? - Answers To govern what is allowable and unallowable in access transactions. What is the purpose of the Attribute Exchange Network (AXN)? - Answers To provide a gateway for identity service providers to access identity attributes. What is the main function of the Access Control Matrix? - Answers To represent the permissions of subjects over objects visually. What does the term 'Authorization Table' refer to? - Answers A table that outlines permissions assigned to users for specific files. What is the significance of environmental attributes in access control? - Answers They describe the context in which information access occurs. What is a Denial-of-Service (DoS) attack? - Answers An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources. What are the categories of resources that could be attacked in a DoS attack? - Answers Network bandwidth, system resources, and application resources.