Scribd
Upload
35 views

Authorization Multiple Choice Questions

Uploaded by

Md. Abdullah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views

Authorization Multiple Choice Questions

Uploaded by

Md. Abdullah
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

What is authentication primarily concerned with?

a) Restricting actions of authenticated users

b) Determining if you are who you say you are

c) Enforcing access control policies

d) Managing user clearances

Authorization is best defined as:

a) Verifying user identity

b) Restricting access to system resources

c) Delegating authority to users

d) Determining if you are who you say you are

Which of the following is a form of access control?

a) Authentication

b) Authorization

c) Identification

d) Recognition

Access Control Lists (ACLs) and Capabilities (C-lists) are derived from:

a) Authentication protocols

b) Authorization matrices

c) Lampson's access control matrix

d) User role assignments

In Lampson's Access Control Matrix, what do subjects index?

a) Rows

b) Columns

c) Cells

d) Elements
Capabilities store access control matrix information by:

a) Columns

b) Rows

c) Cells

d) Elements

The primary purpose of managing access control matrices efficiently is to:

a) Reduce the number of users

b) Enhance user experience

c) Ensure data integrity

d) Improve system performance

What is the solution proposed to improve performance for authorization operations?

a) Split the ACL into more manageable pieces

b) Combine the ACL with capabilities

c) Implement dynamic access control policies

d) Increase user clearances

With ACLs and Capabilities, which direction do arrows point?

a) In the same direction

b) In opposite directions

c) Upward

d) Downward

The "confused deputy" scenario illustrates a classic security problem related to:

a) Authentication failures

b) Authorization bypass

c) Access control misconfiguration

d) Insider threats

In the "confused deputy" scenario, what role does the compiler play?
a) Authorized user

b) Unauthorized user

c) Confused deputy

d) Access control manager

What is one advantage of Capabilities over ACLs in preventing the "confused deputy" problem?

a) Capabilities are easier to implement

b) Capabilities are data-oriented

c) Capabilities are less flexible

d) Capabilities make delegation of authority easier

Which security model focuses on confidentiality?

a) Bell-LaPadula

b) Biba

c) Clark-Wilson

d) Brewer-Nash

According to the Simple Security Condition in Bell-LaPadula, what must be true for a subject to read
an object?

a) L(S) ≤ L(O)

b) L(O) ≤ L(S)

c) I(S) ≤ I(O)

d) I(O) ≤ I(S)

Which criticism was raised by McLean against the Bell-LaPadula model?

a) It lacks simplicity

b) It violates integrity principles

c) It is too restrictive

d) It is too trivial

Biba's security model is primarily concerned with:


a) Confidentiality

b) Integrity

c) Availability

d) Authentication

In Biba's model, what must be true for a subject to write to an object?

a) I(O) ≤ I(S)

b) I(S) ≤ I(O)

c) L(S) ≤ L(O)

d) L(O) ≤ L(S)

Multilateral Security (MLS) systems enforce access control:

a) Horizontally

b) Vertically

c) Diagonally

d) Radially

Compartments are used in MLS to enforce restrictions:

a) Horizontally

b) Vertically

c) Diagonally

d) Laterally

What is the purpose of compartments in MLS?

a) To enforce the need-to-know principle

b) To reduce system complexity

c) To increase system performance

d) To streamline access control processes

MLS and compartments are primarily used in which types of systems?

a) Classified government/military systems


b) Public access systems

c) Corporate intranets

d) Personal computing devices

Which of the following statements about MLS and compartments is true?

a) MLS can be used without compartments

b) Compartments can be used without MLS

c) MLS always uses compartments

d) Compartments are more commonly used than MLS

Which security model focuses on integrity?

a) Bell-LaPadula

b) Biba

c) Clark-Wilson

d) Brewer-Nash

MLS systems are primarily concerned with enforcing:

a) Confidentiality

b) Integrity

c) Availability

d) Accountability

The purpose of compartments in MLS is to:

a) Restrict access to specific types of information

b) Enforce mandatory access controls

c) Ensure data integrity

d) Improve system performance

What do compartments enforce in MLS systems?

a) The need-to-know principle

b) Mandatory access controls


c) Discretionary access controls

d) Role-based access controls

Which of the following is NOT an MLS classification level?

a) Restricted

b) Confidential

c) Secret

d) Public

In MLS, which clearance level allows access to the most sensitive information?

a) Restricted

b) Confidential

c) Secret

d) Top Secret

MLS systems are commonly used in:

a) Educational settings

b) Commercial enterprises

c) Classified government/military environments

d) Public libraries

MLS and compartments are primarily concerned with:

a) Authenticating users

b) Authorizing actions

c) Ensuring data confidentiality and integrity

d) Enforcing password policies

Which of the following best describes authentication?

a) Verifying user identity

b) Restricting access to system resources

c) Delegating authority to users


d) Ensuring data integrity

What is the main purpose of authorization?

a) Verifying user identity

b) Determining if a user is who they claim to be

c) Restricting actions of authenticated users

d) Storing access control matrices

Access Control Lists (ACLs) are primarily associated with which concept?

a) Authentication

b) Authorization

c) Identification

d) Recognition

Capabilities are derived from which theoretical concept?

a) Access Control Lists

b) Authentication protocols

c) Lampson's access control matrix

d) User role assignments

What do subjects index in Lampson's Access Control Matrix?

a) Rows

b) Columns

c) Cells

d) Elements

How are capabilities stored in access control matrices?

a) By columns

b) By rows

c) By cells

d) By elements
What is the primary reason for managing access control matrices efficiently?

a) To increase the number of users

b) To reduce system performance

c) To ensure data integrity

d) To improve system performance

How can ACLs be split into more manageable pieces?

a) By storing each column with its corresponding object

b) By storing each row with its corresponding subject

c) By increasing user clearances

d) By reducing the number of users

With ACLs and Capabilities, which direction do arrows typically point?

a) In the same direction

b) In opposite directions

c) Upward

d) Downward

The "confused deputy" scenario is associated with which security problem?

a) Authentication failures

b) Authorization bypass

c) Access control misconfiguration

d) Insider threats

In the "confused deputy" scenario, who is the confused deputy?

a) Compiler

b) Authorized user

c) Unauthorized user

d) Access control manager


What advantage do Capabilities have over ACLs in preventing the "confused deputy" problem?

a) They are easier to implement

b) They make delegation of authority easier

c) They are less flexible

d) They are data-oriented

Bell-LaPadula primarily deals with which aspect of security?

a) Confidentiality

b) Integrity

c) Availability

d) Authentication

According to the Simple Security Condition in Bell-LaPadula, what must be true for a subject to read
an object?

a) L(S) ≤ L(O)

b) L(O) ≤ L(S)

c) I(S) ≤ I(O)

d) I(O) ≤ I(S)

What criticism was raised by McLean against the Bell-LaPadula model?

a) It lacks simplicity

b) It violates integrity principles

c) It is too restrictive

d) It is too trivial

Biba's security model primarily focuses on which aspect of security?

a) Confidentiality

b) Integrity

c) Availability

d) Authentication
According to Biba's model, what must be true for a subject to write to an object?

a) I(O) ≤ I(S)

b) I(S) ≤ I(O)

c) L(S) ≤ L(O)

d) L(O) ≤ L(S)

MLS primarily enforces access control:

a) Horizontally

b) Vertically

c) Diagonally

d) Radially

Compartments in MLS enforce restrictions:

a) Horizontally

b) Vertically

c) Diagonally

d) Laterally

The purpose of compartments in MLS is to:

a) Restrict access to specific types of information

b) Enforce mandatory access controls

c) Ensure data integrity

d) Improve system performance

MLS systems are primarily used in:

a) Educational settings

b) Commercial enterprises

c) Classified government/military environments

d) Public libraries

Which security model focuses on integrity?


a) Bell-LaPadula

b) Biba

c) Clark-Wilson

d) Brewer-Nash

MLS systems are commonly used in:

a) Educational settings

b) Commercial enterprises

c) Classified government/military environments

d) Public libraries

MLS and compartments are primarily concerned with:

a) Authenticating users

b) Authorizing actions

c) Ensuring data confidentiality and integrity

d) Enforcing password policies

In Biba's security model, what must be true for a subject to read an object?

a) I(S) ≤ I(O)

b) I(O) ≤ I(S)

c) L(S) ≤ L(O)

d) L(O) ≤ L(S)

What is the main purpose of compartments in MLS?

a) To enforce the need-to-know principle

b) To reduce system complexity

c) To increase system performance

d) To streamline access control processes

Which of the following is NOT a classification level in MLS?

a) Restricted
b) Confidential

c) Secret

d) Public

Which clearance level allows access to the most sensitive information in MLS?

a) Restricted

b) Confidential

c) Secret

d) Top Secret

Which concept does MLS primarily enforce?

a) Confidentiality

b) Integrity

c) Availability

d) Authenticity

The purpose of compartments in MLS is to:

a) Restrict access to specific types of information

b) Enforce mandatory access controls

c) Ensure data integrity

d) Improve system performance

In MLS, which type of controls are used to enforce restrictions across security levels?

a) Role-based access controls

b) Discretionary access controls

c) Mandatory access controls

d) Attribute-based access controls

MLS systems are primarily used in which environments?

a) Classified government/military

b) Public libraries
c) Corporate offices

d) Retail stores

What does the Biba model primarily focus on?

a) Confidentiality

b) Integrity

c) Availability

d) Authentication

According to Biba's model, what must be true for a subject to write to an object?

a) I(O) ≤ I(S)

b) I(S) ≤ I(O)

c) L(S) ≤ L(O)

d) L(O) ≤ L(S)

MLS systems are primarily concerned with enforcing:

a) Confidentiality

b) Integrity

c) Availability

d) Authentication

What is the purpose of compartments in MLS?

a) To enforce the need-to-know principle

b) To reduce system complexity

c) To increase system performance

d) To streamline access control processes

Which of the following is NOT a classification level in MLS?

a) Restricted

b) Confidential

c) Secret
d) Public

In MLS, which clearance level allows access to the most sensitive information?

a) Restricted

b) Confidential

c) Secret

d) Top Secret

Which concept does MLS primarily enforce?

a) Confidentiality

b) Integrity

c) Availability

d) Authenticity

The purpose of compartments in MLS is to:

a) Restrict access to specific types of information

b) Enforce mandatory access controls

c) Ensure data integrity

d) Improve system performance

You might also like