首页
登录
从业资格
In the fields of physical security and i
In the fields of physical security and i
题库
2022-08-02
97
问题
In the fields of physical security and information security, access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization (授权). An access control mechanism ( ) between a user (or a process executing on behalf of a user) and system resources, such as applications, operating systems, firewalls, routers, files, and databases. The system must first authenticate (验证) a user seeking access. Typically the authentication function determines whether the user is ( 此空作答 ) to access the system at all. Then the access control function determines if the specific requested access by this user is permitted. A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for this user. The access control function consults this database to determine whether to ( ) access. An auditing function monitors and keeps a record of user accesses to system resources. In practice, a number of ( ) may cooperatively share the access control function. All operating systems have at least a rudimentary (基本的) , and in many cases a quite robust, access control component. Add-on security packages can add to the ( ) access control capabilities of the OS. Particular applications or utilities, such as a database management system, also incorporate access control functions. External devices, such as firewalls, can also provide access control services. A.denied B.permitted C.prohibited D.rejected
选项
答案
B
解析
在物理安全和信息安全领域,访问控制是对一个地方或其他资源的访问限制。访问的行为可能意味着消费、输入或使用。允许访问资源被称为授权。 访问控制机制连接用户 ( 代表用户执行的进程 ) 和系统资源 ( 如应用程序、操作系统、防火墙、路由器、文件和数据库 ) 之间的连接。系统必须首先对用户进行身份验证。通常,身份验证功能决定用户是否被允许访问系统。然后,访问控制功能决定是否允许该用户指定的访问权限。安全管理员维护一个授权数据库,该数据库指定允许该用户访问哪些资源的类型。访问控制函数咨询此数据库以确定是否授予访问权。审计功能监视并保存用户访问系统资源的记录。在实践中,一些用户可以合作共享访问控制函数。所有操作系统都至少有一个基本的,而且在许多情况下是一个相当健壮的访问控制组件。附加安全包可以添加到操作系统的自动访问控制功能。特定的应用程序或实用程序,如数据库管理系统,也包括访问控制功能。外部设备,如防火墙,也可以提供访问控制服务。
转载请注明原文地址:https://tihaiku.com/congyezige/2409074.html
本试题收录于:
中级 软件设计师题库软件水平考试初中高级分类
中级 软件设计师
软件水平考试初中高级
相关试题推荐
信息系统安全开发生命周期(SecurityDevelopmentLifeC
Inthefieldsofphysicalsecurityandi
Inthefieldsofphysicalsecurityandi
Networksecurityistheprotectionofth
Networksecurityistheprotectionofth
Networksecurityistheprotectionofth
IPSec中安全关联(SecurityAssociations)三元组是(
Networksecurityconsistsofpoliciesan
Networksecurityconsistsofpoliciesan
Networksecurityconsistsofpoliciesan
随机试题
Oneofthebitterestandmosttime-worndebatesinstudentunionbarsupand
皮亚杰的研究表明,感知运动阶段的一个显著标志是儿童渐渐获得()。A.客体客观性
我国《旅游法》第2条规定,在中华人民共和国境内的和在中华人民共和国境内组织到境外
A.醋酸盐缓冲液 B.稀硝酸 C.盐酸 D.硝酸 E.稀盐酸砷盐检查法中
某篮球队共有九人,分三组举行三人制篮球赛,他们的球衣号码分别是从1号到9号,分组
女,28岁,因龋齿致牙冠大部分缺损影响美观。要求固定义齿修复。查:残根,叩(-)
下列各项中,属于流动资产的有( )。A.货币资金 B.应收账款 C.存货
对于做好运输市场的行政管理的要求有()A.营造良好的市场经营秩序 B.及时公布
投资项目决策分析与评价的基本要求包括贯彻落实科学发展观、资料数据准确可靠和()
6日龄男婴,家中接生,近二日哺乳困难,牙关发紧,面部肌肉有小抽搐,体温37℃,心
最新回复
(
0
)