Which of the following is a set of rules that control the working environment of user accounts and
computer accounts?
A.
Mandatory Access Control
B.
Access control list
C.
Group Policy
D.
Intrusion detection system
Explanation:
Group Policy is a feature of the Microsoft Windows NT family of operating systems. It is a set of
rules, which control the working environment of user accounts and computer accounts. Group Policy
provides the centralized management and configuration of operating systems, applications, and
users’ settings in an Active Directory environment. Group Policy is often used to restrict certain
actions that may pose potential security risks. For example, block access to the Task Manager,
restrict access to certain folders, disable the downloading of executable files, and so on.
As part of Microsoft’s IntelliMirror technologies, Group Policy aims to reduce the cost of supporting
users. IntelliMirror technologies relate to the management of disconnected machines or roaming
users and include roaming user profiles, folde redirection, and offline files.Answer A is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set of
access privileges for an object of the system. Access to an object is restricted on the basis of the
sensitivity of the object and granted through authorization. Sensitivity of an object is defined by the
label assigned to it. For example, if a user receives a copy of an object that is marked as “secret”, he
cannot grant permission to other users to see this object unless they have the appropriate
permission.Answer D is incorrect. An Intrusion detection system (IDS) is used to detect unauthorized attempts
to access and manipulate computer systems locally or through the Internet or an intranet. It can
detect several types of attacks and malicious behaviors that can compromise the security of a
network and computers. This includes network attacks against vulnerable services, unauthorized
logins, and access to sensitive data, and malware (e.g. viruses, worms, etc.). An IDS also detects
attacks that originate from within a system. In most cases, an IDS has three main components:
Sensors, Console, and Engine. Sensors generate security events. A console is used to alert and
control sensors and to monitor events. An engine is used to record events and to generate security
alerts based on received security events.In many IDS implementations, these three components are combined into a single device. Basically,
the following two types of IDS are used:
Network-based IDS Host-based IDSAnswer B is incorrect. Access control list (ACL) is a rule list containing access control entries. It is
used to allow or deny access to network resources. ACL can be implemented on network users and
network devices such as routers and firewalls. Routers and firewalls use ACL to determine which
packets should be forwarded or dropped.