SSCP - Access Controls Flashcards
ISC2 Systems Security Certified Practitioner (SSCP) Flashcards
| Front | Back |
| Define identification in access control systems | The process of claiming an identity to a system |
| Define the difference between identification and authentication | Identification claims an identity, authentication verifies it |
| Name a key feature of mandatory access control (MAC) | Access decisions are based on classifications and policies, not user discretion |
| Name three common authentication factors | Something you know, something you have, something you are |
| What distinguishes discretionary access control (DAC) | Access is determined by resource owners |
| What does an audit trail provide in access control systems | A record of all access attempts and actions performed |
| What does role-based access control (RBAC) manage | Access rights based on a user's job role |
| What is a token in access control systems | A physical or digital object used for authentication |
| What is an access control matrix | A table specifying permissions for objects and users |
| What is authentication in the context of access controls | Verifying the claimed identity using credentials |
| What is authorization | The process of determining if an authenticated user has permission to access resources |
| What is biometric authentication | Verification using physical characteristics like fingerprints or retina scans |
| What is federation in access control | Linking identities across different organizations or systems |
| What is implicit deny in access control | A default rule to deny access when no explicit permissions are defined |
| What is multi-factor authentication (MFA) | Using two or more authentication factors to verify a user's identity |
| What is single sign-on (SSO) | An authentication process allowing a user to access multiple systems with one set of credentials |
| What is the function of a password policy | Define rules for creating and managing strong passwords |
| What is the primary purpose of access controls | To ensure only authorized users gain access to specific resources |
| What is the principle of least privilege | Grant users only the access rights they need to perform their job |
About the Flashcards
Flashcards for the ISC2 Systems Security Certified Practitioner (SSCP) exam give you a quick-study way to reinforce the fundamentals of access control, a core security domain often tested on the certification. Each card breaks down essential terminology so you can recall definitions, compare concepts, and recognize how secure systems restrict resources to authorized users.
The deck reviews identification, authentication, and authorization processes, highlights multi-factor techniques, and explains policy principles like least privilege and implicit deny. You'll also practice distinguishing access control models, evaluating password and token protections, and interpreting audit trails or access matrices that prove compliance in real-world scenarios.
Topics covered in this flashcard deck:
- Identification vs authentication
- Authorization models (RBAC, DAC, MAC)
- Multi-factor and biometric methods
- Least privilege & implicit deny
- Password, token, and SSO controls
- Audit trails & access matrices