Bash, the Crucial Exams Chat Bot
AI Bot
SSCP - Access Controls Flashcards
ISC2 Systems Security Certified Practitioner (SSCP) Flashcards
| Front | Back |
| Define identification in access control systems | The process of claiming an identity to a system |
| Define the difference between identification and authentication | Identification claims an identity, authentication verifies it |
| Name a key feature of mandatory access control (MAC) | Access decisions are based on classifications and policies, not user discretion |
| Name three common authentication factors | Something you know, something you have, something you are |
| What distinguishes discretionary access control (DAC) | Access is determined by resource owners |
| What does an audit trail provide in access control systems | A record of all access attempts and actions performed |
| What does role-based access control (RBAC) manage | Access rights based on a user's job role |
| What is a token in access control systems | A physical or digital object used for authentication |
| What is an access control matrix | A table specifying permissions for objects and users |
| What is authentication in the context of access controls | Verifying the claimed identity using credentials |
| What is authorization | The process of determining if an authenticated user has permission to access resources |
| What is biometric authentication | Verification using physical characteristics like fingerprints or retina scans |
| What is federation in access control | Linking identities across different organizations or systems |
| What is implicit deny in access control | A default rule to deny access when no explicit permissions are defined |
| What is multi-factor authentication (MFA) | Using two or more authentication factors to verify a user's identity |
| What is single sign-on (SSO) | An authentication process allowing a user to access multiple systems with one set of credentials |
| What is the function of a password policy | Define rules for creating and managing strong passwords |
| What is the primary purpose of access controls | To ensure only authorized users gain access to specific resources |
| What is the principle of least privilege | Grant users only the access rights they need to perform their job |
Front
What distinguishes discretionary access control (DAC)
Click the card to flip
Back
Access is determined by resource owners
Front
What is federation in access control
Back
Linking identities across different organizations or systems
Front
What is the principle of least privilege
Back
Grant users only the access rights they need to perform their job
Front
What is a token in access control systems
Back
A physical or digital object used for authentication
Front
What does an audit trail provide in access control systems
Back
A record of all access attempts and actions performed
Front
Name a key feature of mandatory access control (MAC)
Back
Access decisions are based on classifications and policies, not user discretion
Front
What is the primary purpose of access controls
Back
To ensure only authorized users gain access to specific resources
Front
What is single sign-on (SSO)
Back
An authentication process allowing a user to access multiple systems with one set of credentials
Front
What is the function of a password policy
Back
Define rules for creating and managing strong passwords
Front
Define the difference between identification and authentication
Back
Identification claims an identity, authentication verifies it
Front
Define identification in access control systems
Back
The process of claiming an identity to a system
Front
What is an access control matrix
Back
A table specifying permissions for objects and users
Front
What is authorization
Back
The process of determining if an authenticated user has permission to access resources
Front
Name three common authentication factors
Back
Something you know, something you have, something you are
Front
What does role-based access control (RBAC) manage
Back
Access rights based on a user's job role
Front
What is multi-factor authentication (MFA)
Back
Using two or more authentication factors to verify a user's identity
Front
What is implicit deny in access control
Back
A default rule to deny access when no explicit permissions are defined
Front
What is authentication in the context of access controls
Back
Verifying the claimed identity using credentials
Front
What is biometric authentication
Back
Verification using physical characteristics like fingerprints or retina scans
1/19
This deck covers the principles, mechanisms, and methods for implementing and managing access controls, including identification, authentication, and authorization techniques.