Bash, the Crucial Exams Chat Bot
AI Bot
Access Control and Authentication Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
Study our Access Control and Authentication flashcards for the ISC2 Certified in Cybersecurity (CC) exam with 24+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Define role-based access control (RBAC) | Access control based on users' roles within an organization |
| Difference between authentication and authorization | Authentication validates identity while authorization determines access rights |
| Explain difference between proactive and reactive identity management | Proactive is preventive while reactive addresses existing issues and threats |
| Explain difference between RBAC and attribute-based access control (ABAC) | RBAC is based on roles while ABAC considers attributes like time, location, or device |
| Name three types of authentication factors | Something you know (password), something you have (security token), and something you are (biometrics) |
| What are some common biometric authentication methods | Fingerprints, facial recognition, iris scanning, voice recognition |
| What are strong passwords | Complex passwords that are long, unique, and include a mix of letters, numbers, and symbols |
| What does "Zero Trust" mean in access control | A security model where no user or device is trusted automatically, even within a network |
| What is a privileged access management (PAM) system | A system specifically designed to secure administrative or privileged accounts |
| What is access control | The process of regulating and restricting access to resources based on user identity or privileges |
| What is an access control list (ACL) | A list specifying which users or groups have permissions to access certain resources |
| What is authentication | The process of verifying the identity of a user or system |
| What is credential stuffing | A cyber attack where stolen username-password pairs are tested on multiple accounts |
| What is federated identity | A system where user identities are shared across multiple enterprises or organizations |
| What is identity management | A framework and set of practices for managing digital identities within a system |
| What is multi-factor authentication (MFA) | A security mechanism that requires two or more authentication factors to verify identity |
| What is OAuth | An authorization protocol that allows third-party applications access to user resources without sharing passwords |
| What is principle of least privilege | Granting users the minimum access necessary to perform their job responsibilities |
| What is single sign-on (SSO) | A system where users log in once and gain access to multiple applications or systems |
| What is the principle of separation of duties | Dividing responsibilities among multiple individuals to prevent fraud or misuse |
| What is the purpose of auditing access control | To monitor and review users' activity to ensure compliance with policies |
| Why is account lockout policy important | To prevent brute-force attacks by locking accounts after repeated failed login attempts |
| Why is password rotation important | To reduce risk of compromised credentials being misused |
| Why is session timeout critical in authentication | To limit exposure by ending sessions after periods of inactivity |
About the Flashcards
Master the essential principles of security with our flashcards for the ISC2 Certified in Cybersecurity (CC) exam. This study set provides a thorough review of the core concepts you'll need to know, focusing on how digital identities are managed and secured. You will explore the differences between authentication and authorization, various authentication factors, and advanced systems like single sign-on (SSO) and multi-factor authentication (MFA). The cards also cover foundational security policies, including the principle of least privilege, separation of duties, and role-based access control (RBAC), ensuring you are well-prepared to demonstrate your expertise on key access control topics.
Topics covered in this flashcard deck:
- Authentication and Identity Management
- Access Control Principles
- Multi-Factor and Single Sign-On
- Access Control Models (RBAC & ABAC)
- Password and Credential Security
- Auditing and Security Policies