SóProvas


ID
2522851
Banca
FCC
Órgão
DPE-RS
Ano
2017
Provas
Disciplina
Sistemas Operacionais
Assuntos

No sistema operacional Windows 7, antes de uma entidade obter acesso a um objeto, ela deve se identificar para o subsistema de segurança. Essa identidade está contida no token de acesso que é recriado cada vez que uma entidade faz logon. Antes de permitir o acesso de uma entidade a um objeto, o sistema operacional verifica e determina se o token de acesso da entidade tem autorização para acessar o objeto e concluir a tarefa desejada. Isso é feito por meio da comparação de informações do token de acesso com as Access Control Entries − ACEs do objeto. Uma ACE

Alternativas
Comentários
  • Access Control Entries

    An access control entry (ACE) is an element in an access control list (ACL). An ACL can have zero or more ACEs. Each ACE controls or monitors access to an object by a specified trustee. For information about adding, removing, or changing the ACEs in an object's ACLs, see Modifying the ACLs of an Object in C++.

    There are six types of ACEs, three of which are supported by all securable objects. The other three types are Object-specific ACEs supported by directory service objects.

    All types of ACEs contain the following access control information:

        A security identifier (SID) that identifies the trustee to which the ACE applies.

        An access mask that specifies the access rights controlled by the ACE.

        A flag that indicates the type of ACE.

        A set of bit flags that determine whether child containers or objects can inherit the ACE from the primary object to which the ACL is attached.

    The following table lists the three ACE types supported by all securable objects.

    Type                                 Description

    Access-denied ACE         Used in a discretionary access control list (DACL) to deny access rights to a trustee.

    Access-allowed ACE        Used in a DACL to allow access rights to a trustee.

    System-audit ACE            Used in a system access control list (SACL) to generate an audit record when the trustee attempts to exercise the specified access rights.

     

    For a table of object-specific ACEs, see Object-specific ACEs.

     

    Fonte:

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa374868(v=vs.85).aspx