הכנה למבחן בניהול אבטחת מידע

Be careful not to confuse authentication with authorization. Authentication is the process of verifying the identity of the sender and/or receiver of information. Authorization establishes what the user is allowed to do once the user has been identified and authenticated by the system. Another “A” term sometimes misinterpreted is accountability, which is the ability to track actions to users.

Denial-of-service attack, whereby the perpetrator is able to lock out many users by discovering their user identifications and entering a specified number of invalid passwords, is minimized.

Counter-based token that combines the base secret with a synchronized counter to generate the OTP.

There are several weaknesses and types of attacks against smart cards, including answers b, c, and d.

Important elements of biometric devices are accuracy, processing speed, and user acceptability.

The watchdog function is used to validate TCP sessions when data is not sent for extended periods of time. This functionality is often referred to as TOC/TOU (Time of Check versus Time of Use) validation.

Access controls can be centrally located on the server.

DACs permit resource owners to specify who has access and what privileges other users will have.

Access decisions are based on the owner’s authorization, the subject’s label, the object’s label, and the security policy.

Constrained user interfaces restrict user access to specific system resources by not allowing them to request the function, information, or access to specific system resources.