Bash, the Crucial Exams Chat Bot
AI Bot
Access Control and Authentication Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Define role-based access control (RBAC) | Access control based on users' roles within an organization |
| Difference between authentication and authorization | Authentication validates identity while authorization determines access rights |
| Explain difference between proactive and reactive identity management | Proactive is preventive while reactive addresses existing issues and threats |
| Explain difference between RBAC and attribute-based access control (ABAC) | RBAC is based on roles while ABAC considers attributes like time, location, or device |
| Name three types of authentication factors | Something you know (password), something you have (security token), and something you are (biometrics) |
| What are some common biometric authentication methods | Fingerprints, facial recognition, iris scanning, voice recognition |
| What are strong passwords | Complex passwords that are long, unique, and include a mix of letters, numbers, and symbols |
| What does "Zero Trust" mean in access control | A security model where no user or device is trusted automatically, even within a network |
| What is a privileged access management (PAM) system | A system specifically designed to secure administrative or privileged accounts |
| What is access control | The process of regulating and restricting access to resources based on user identity or privileges |
| What is an access control list (ACL) | A list specifying which users or groups have permissions to access certain resources |
| What is authentication | The process of verifying the identity of a user or system |
| What is credential stuffing | A cyber attack where stolen username-password pairs are tested on multiple accounts |
| What is federated identity | A system where user identities are shared across multiple enterprises or organizations |
| What is identity management | A framework and set of practices for managing digital identities within a system |
| What is multi-factor authentication (MFA) | A security mechanism that requires two or more authentication factors to verify identity |
| What is OAuth | An authorization protocol that allows third-party applications access to user resources without sharing passwords |
| What is principle of least privilege | Granting users the minimum access necessary to perform their job responsibilities |
| What is single sign-on (SSO) | A system where users log in once and gain access to multiple applications or systems |
| What is the principle of separation of duties | Dividing responsibilities among multiple individuals to prevent fraud or misuse |
| What is the purpose of auditing access control | To monitor and review users' activity to ensure compliance with policies |
| Why is account lockout policy important | To prevent brute-force attacks by locking accounts after repeated failed login attempts |
| Why is password rotation important | To reduce risk of compromised credentials being misused |
| Why is session timeout critical in authentication | To limit exposure by ending sessions after periods of inactivity |
Front
What is credential stuffing
Click the card to flip
Back
A cyber attack where stolen username-password pairs are tested on multiple accounts
Front
Define role-based access control (RBAC)
Back
Access control based on users' roles within an organization
Front
Why is account lockout policy important
Back
To prevent brute-force attacks by locking accounts after repeated failed login attempts
Front
Explain difference between proactive and reactive identity management
Back
Proactive is preventive while reactive addresses existing issues and threats
Front
What is access control
Back
The process of regulating and restricting access to resources based on user identity or privileges
Front
What does "Zero Trust" mean in access control
Back
A security model where no user or device is trusted automatically, even within a network
Front
What are some common biometric authentication methods
Back
Fingerprints, facial recognition, iris scanning, voice recognition
Front
Difference between authentication and authorization
Back
Authentication validates identity while authorization determines access rights
Front
What is multi-factor authentication (MFA)
Back
A security mechanism that requires two or more authentication factors to verify identity
Front
Why is password rotation important
Back
To reduce risk of compromised credentials being misused
Front
Name three types of authentication factors
Back
Something you know (password), something you have (security token), and something you are (biometrics)
Front
What is principle of least privilege
Back
Granting users the minimum access necessary to perform their job responsibilities
Front
What is the principle of separation of duties
Back
Dividing responsibilities among multiple individuals to prevent fraud or misuse
Front
Why is session timeout critical in authentication
Back
To limit exposure by ending sessions after periods of inactivity
Front
What is OAuth
Back
An authorization protocol that allows third-party applications access to user resources without sharing passwords
Front
What is single sign-on (SSO)
Back
A system where users log in once and gain access to multiple applications or systems
Front
What is an access control list (ACL)
Back
A list specifying which users or groups have permissions to access certain resources
Front
What is authentication
Back
The process of verifying the identity of a user or system
Front
What is identity management
Back
A framework and set of practices for managing digital identities within a system
Front
What is the purpose of auditing access control
Back
To monitor and review users' activity to ensure compliance with policies
Front
What is a privileged access management (PAM) system
Back
A system specifically designed to secure administrative or privileged accounts
Front
Explain difference between RBAC and attribute-based access control (ABAC)
Back
RBAC is based on roles while ABAC considers attributes like time, location, or device
Front
What are strong passwords
Back
Complex passwords that are long, unique, and include a mix of letters, numbers, and symbols
Front
What is federated identity
Back
A system where user identities are shared across multiple enterprises or organizations
1/24
This deck explains principles of access control, types of authentication methods, and best practices for identity management.