Bash, the Crucial Exams Chat Bot
AI Bot
Access Control and Authentication Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Define role-based access control (RBAC) | Access control based on users' roles within an organization |
| Difference between authentication and authorization | Authentication validates identity while authorization determines access rights |
| Explain difference between proactive and reactive identity management | Proactive is preventive while reactive addresses existing issues and threats |
| Explain difference between RBAC and attribute-based access control (ABAC) | RBAC is based on roles while ABAC considers attributes like time, location, or device |
| Name three types of authentication factors | Something you know (password), something you have (security token), and something you are (biometrics) |
| What are some common biometric authentication methods | Fingerprints, facial recognition, iris scanning, voice recognition |
| What are strong passwords | Complex passwords that are long, unique, and include a mix of letters, numbers, and symbols |
| What does "Zero Trust" mean in access control | A security model where no user or device is trusted automatically, even within a network |
| What is a privileged access management (PAM) system | A system specifically designed to secure administrative or privileged accounts |
| What is access control | The process of regulating and restricting access to resources based on user identity or privileges |
| What is an access control list (ACL) | A list specifying which users or groups have permissions to access certain resources |
| What is authentication | The process of verifying the identity of a user or system |
| What is credential stuffing | A cyber attack where stolen username-password pairs are tested on multiple accounts |
| What is federated identity | A system where user identities are shared across multiple enterprises or organizations |
| What is identity management | A framework and set of practices for managing digital identities within a system |
| What is multi-factor authentication (MFA) | A security mechanism that requires two or more authentication factors to verify identity |
| What is OAuth | An authorization protocol that allows third-party applications access to user resources without sharing passwords |
| What is principle of least privilege | Granting users the minimum access necessary to perform their job responsibilities |
| What is single sign-on (SSO) | A system where users log in once and gain access to multiple applications or systems |
| What is the principle of separation of duties | Dividing responsibilities among multiple individuals to prevent fraud or misuse |
| What is the purpose of auditing access control | To monitor and review users' activity to ensure compliance with policies |
| Why is account lockout policy important | To prevent brute-force attacks by locking accounts after repeated failed login attempts |
| Why is password rotation important | To reduce risk of compromised credentials being misused |
| Why is session timeout critical in authentication | To limit exposure by ending sessions after periods of inactivity |
This deck explains principles of access control, types of authentication methods, and best practices for identity management.