Sec+ 11-12 Identify Access Control

Access Control

The process of determining who or what can access or use resources within a system.

Access Control Models

Frameworks used to define and implement access control policies; includes Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Rule-Based Access Control.

Identification

The act of presenting credentials or an identifier to a system.

Authentication

The process of verifying the identity of a user or system.

Authorization

The process of granting or denying specific permissions to a user or system.

Discretionary Access Control (DAC)

An access control model where the owner of the resource decides who can access it.

Mandatory Access Control (MAC)

A strict access control model that relies on security labels and levels to regulate access.

Role-Based Access Control (RBAC)

An access control model where permissions are assigned to specific roles rather than individuals.

Physical Access Control

Methods used to restrict physical access to facilities, resources, or information systems.

Logical Access Control

Access control policies applied via the system or software to manage user access to digital resources.

Single Sign-On (SSO)

An authentication process that allows a user to access multiple applications with one set of login credentials.

Authentication Credentials

The information used to verify a person's identity, including passwords, tokens, and biometric data.

Password Expiration

A policy that requires users to change their password after a specific period.

Access Control Lists (ACL)

A set of rules that specify which users or system processes have access to objects and what operations they can perform.

Multi-Factor Authentication (MFA)

An authentication method that requires two or more verification factors to gain access to a resource.

Behavioral Biometrics

Authentication based on patterns of user behavior, such as typing speed and mouse movements.

Geolocation

Authentication based on the physical location of a user or device.

OAuth

An open standard for access delegation used by websites to grant third-party applications limited access to user accounts without exposing passwords.

Access Control is the process of determining who or what can _______ or use resources within a system.

Access Control

_______ is the act of presenting credentials or an identifier to a system.

Identification

The process of verifying the identity of a user or system is known as _______.

Authentication

The process of granting or denying specific permissions to a user or system is called _______.

Authorization

In Discretionary Access Control (DAC), the _______ of the resource decides who can access it.

owner

Mandatory Access Control (MAC) relies on security _______ and levels to regulate access.

labels

_______ assigns permissions to specific roles rather than individuals in an organization.

Role-Based Access Control (RBAC)

Methods used to restrict physical access to facilities or resources are known as _______ Access Control.

Physical

_______ Access Control refers to policies applied via the system or software to manage user access to digital resources.

Logical

Single Sign-On (SSO) allows a user to access multiple applications with one set of _______ credentials.

login

What is the primary purpose of Access Control?

To protect resources by determining who can access them.

What does DAC stand for?

Discretionary Access Control.

In MAC, who enforces the access policies?

A central authority, based on security labels.

What does RBAC stand for?

Role-Based Access Control.

What is an example of Logical Access Control?

Use of passwords and access control lists.

What is the benefit of Multi-Factor Authentication (MFA)?

Increases security by requiring multiple verification methods.

What role do Authentication Credentials play?

They verify a person’s identity.

What is the significance of Single Sign-On (SSO)?

It simplifies user access by using one set of credentials.

What is an Access Control List (ACL)?

A set of rules defining user access to resources.

How does Behavioral Biometrics enhance security?

By analyzing user behavior patterns for authentication.