CND - MODULE 3 QUESTIONS WITH COMPLETE
SOLUTIONS!!
What are the three elements of network security? Answer - Network Security
Controls, Network Security Protocols, Network Security Devices
What are network security controls? Answer - The security features that
should be appropriately configured and implemented to ensure network
security. The cornerstones of any systematic discipline of security. Security
controls work together to allow or restrict access to organization's resources
based on identity management.
What are network security protocols? Answer - Protocols implement security
related operations to ensure the security and integrity of data in transit. Ensure
the security of data passing through the network. Implement methods that
restrict unauthorized users from accessing the network. Use encryption and
cryptographic techniques to maintain security of messages passing through the
network.
What are network security devices? Answer - Devices that are deployed to
protect computer networks from unwanted traffic and threats. These devices
can be categorized into active devices, passive devices, and preventative
devices. Also consists of UTM, which combines features of all the devices.
,What are the 7 network security controls? Answer - Access Control,
Identification, Authentication, Authorization, Accounting, Cryptography,
Security Policy
What are access controls? Answer - The selective restriction of access to a
place or other system/network resource. Protects information assets by
determining who can an cannot access them. Involves user identification,
authentication, authorization, and accountability. Method for reducing the risk
of data getting affected by providing limited access to users for accessing
computer resources. Helps maintain integrity, confidentiality, and availability of
information. Grants permissions based on user's access permissions and
associated roles. Includes file permissions, program permissions, and data
rights.
What are the 4 main access control terms? Answer - Subject, Object,
Reference Monitor, Operation
What is an access control subject? Answer - User or process, which attempts
to access the objects. Subjects are those entities that perform certain actions
on the system.
What is an access control object? Answer - An explicit resource on which
access restriction is imposed. Access controls implemented on the objects
further control actions performed by the user.
What is an access control reference monitor? Answer - Monitors the
restrictions imposed according to certain access control rules. Implements a set
of rules on the ability of the subject to perform certain actions on the object.
What is an access control operation? Answer - An action performed by the
subject on the object. For example, user trying to delete a file. Here, the user is
the subject, delete is the operation, and file is the object.
, What are the access control principles? What are the general steps in access
control? Answer - Deals with restricting or allowing the access controls to
users or processes. Step 1. Users have user have to provide their credentials
while logging into the system. Step 2. System validates users with the provided
credentials such as password, fingerprint, etc. with the database. Step 3. Once
the identification is successful, the system provides the user with access to the
system. 4. The system then allows the user to perform only those operations or
access only those resources for which the user is authorized.
what are the 3 main parts for an access control instruction? Answer - Target -
Permissions are set for certain attributes and entities. These attributes and
entities are known as targets. Permissions - Permissions set for the target
explains the actions allowed or denied for those targets. Bind Rule - Specifies
the subject to access control instructions.
What are the 9 administrative access controls? Answer - Security Policy,
Monitoring and supervising, Separation of duties, Job rotation, Information
classification, Personnel procedures, Investigations, Testing, Security awareness
and training.
What is security policy and procedure (access controls)? Answer - Determine
the method of implementing security practices in an organization. These
specify the extent to which the company can accept a risk and specifies the
level of actions allows in the organization.
What is personnel controls/procedures (access controls)? Answer - Determine
the methods by which employees may handle the security principles.
Personnel controls specify the steps taken in the case of any non-compliance
issue. The change of security determines the steps taken right from the hiring
of an employee until the employee leaves or shift to any other department.
SOLUTIONS!!
What are the three elements of network security? Answer - Network Security
Controls, Network Security Protocols, Network Security Devices
What are network security controls? Answer - The security features that
should be appropriately configured and implemented to ensure network
security. The cornerstones of any systematic discipline of security. Security
controls work together to allow or restrict access to organization's resources
based on identity management.
What are network security protocols? Answer - Protocols implement security
related operations to ensure the security and integrity of data in transit. Ensure
the security of data passing through the network. Implement methods that
restrict unauthorized users from accessing the network. Use encryption and
cryptographic techniques to maintain security of messages passing through the
network.
What are network security devices? Answer - Devices that are deployed to
protect computer networks from unwanted traffic and threats. These devices
can be categorized into active devices, passive devices, and preventative
devices. Also consists of UTM, which combines features of all the devices.
,What are the 7 network security controls? Answer - Access Control,
Identification, Authentication, Authorization, Accounting, Cryptography,
Security Policy
What are access controls? Answer - The selective restriction of access to a
place or other system/network resource. Protects information assets by
determining who can an cannot access them. Involves user identification,
authentication, authorization, and accountability. Method for reducing the risk
of data getting affected by providing limited access to users for accessing
computer resources. Helps maintain integrity, confidentiality, and availability of
information. Grants permissions based on user's access permissions and
associated roles. Includes file permissions, program permissions, and data
rights.
What are the 4 main access control terms? Answer - Subject, Object,
Reference Monitor, Operation
What is an access control subject? Answer - User or process, which attempts
to access the objects. Subjects are those entities that perform certain actions
on the system.
What is an access control object? Answer - An explicit resource on which
access restriction is imposed. Access controls implemented on the objects
further control actions performed by the user.
What is an access control reference monitor? Answer - Monitors the
restrictions imposed according to certain access control rules. Implements a set
of rules on the ability of the subject to perform certain actions on the object.
What is an access control operation? Answer - An action performed by the
subject on the object. For example, user trying to delete a file. Here, the user is
the subject, delete is the operation, and file is the object.
, What are the access control principles? What are the general steps in access
control? Answer - Deals with restricting or allowing the access controls to
users or processes. Step 1. Users have user have to provide their credentials
while logging into the system. Step 2. System validates users with the provided
credentials such as password, fingerprint, etc. with the database. Step 3. Once
the identification is successful, the system provides the user with access to the
system. 4. The system then allows the user to perform only those operations or
access only those resources for which the user is authorized.
what are the 3 main parts for an access control instruction? Answer - Target -
Permissions are set for certain attributes and entities. These attributes and
entities are known as targets. Permissions - Permissions set for the target
explains the actions allowed or denied for those targets. Bind Rule - Specifies
the subject to access control instructions.
What are the 9 administrative access controls? Answer - Security Policy,
Monitoring and supervising, Separation of duties, Job rotation, Information
classification, Personnel procedures, Investigations, Testing, Security awareness
and training.
What is security policy and procedure (access controls)? Answer - Determine
the method of implementing security practices in an organization. These
specify the extent to which the company can accept a risk and specifies the
level of actions allows in the organization.
What is personnel controls/procedures (access controls)? Answer - Determine
the methods by which employees may handle the security principles.
Personnel controls specify the steps taken in the case of any non-compliance
issue. The change of security determines the steps taken right from the hiring
of an employee until the employee leaves or shift to any other department.
