Bash, the Crucial Exams Chat Bot
AI Bot
SSCP - Access Controls Flashcards
ISC2 Systems Security Certified Practitioner (SSCP) Flashcards
| Front | Back |
| Define identification in access control systems | The process of claiming an identity to a system |
| Define the difference between identification and authentication | Identification claims an identity, authentication verifies it |
| Name a key feature of mandatory access control (MAC) | Access decisions are based on classifications and policies, not user discretion |
| Name three common authentication factors | Something you know, something you have, something you are |
| What distinguishes discretionary access control (DAC) | Access is determined by resource owners |
| What does an audit trail provide in access control systems | A record of all access attempts and actions performed |
| What does role-based access control (RBAC) manage | Access rights based on a user's job role |
| What is a token in access control systems | A physical or digital object used for authentication |
| What is an access control matrix | A table specifying permissions for objects and users |
| What is authentication in the context of access controls | Verifying the claimed identity using credentials |
| What is authorization | The process of determining if an authenticated user has permission to access resources |
| What is biometric authentication | Verification using physical characteristics like fingerprints or retina scans |
| What is federation in access control | Linking identities across different organizations or systems |
| What is implicit deny in access control | A default rule to deny access when no explicit permissions are defined |
| What is multi-factor authentication (MFA) | Using two or more authentication factors to verify a user's identity |
| What is single sign-on (SSO) | An authentication process allowing a user to access multiple systems with one set of credentials |
| What is the function of a password policy | Define rules for creating and managing strong passwords |
| What is the primary purpose of access controls | To ensure only authorized users gain access to specific resources |
| What is the principle of least privilege | Grant users only the access rights they need to perform their job |
This deck covers the principles, mechanisms, and methods for implementing and managing access controls, including identification, authentication, and authorization techniques.