Access Controls Concepts

Question 1

zero trust

Answer 1

means access to a computing, network, or data resource will not be given to any person or subject unless that access is explicitly
authorized.

Question 2

Least Privilege

Answer 2

concept that a user should only have access to the resources that they need in order to do their job but no more than that.

Question 3

Segregation of Duties

Answer 3

internal control that organizations use to prevent fraud or the
likelihood of errors.

Question 4

Two-Person Rule

Answer 4

requires certain functions to be performed by two authorized users or employees working in tandem.

Question 5

subject

Answer 5

entity that is capable of accessing an object, usually by first requesting such access.

Question 6

object

Answer 6

entity, or resource, that is accessed by a subject. (files, folders, apps)

Question 7

Access

Answer 7

right that is granted to the subject to perform a function
with the object

Question 8

Identification

Answer 8

act of the subject providing identifying information

Question 9

Authentication

Answer 9

method by which systems verify that a user really is who they claim
to be.

Question 10

Centralized

Answer 10

where one department or entity is responsible for governing, managing, and configuring tools for access administration. For example, in a centralized model the IT department would manage access control for all resources (e.g., physical and all information systems)

Question 11

Decentralized

Answer 11

access administration is managed by different departments or people for different systems throughout the organization.

Question 12

Hybrid

Answer 12

utilizes a combination of centralized and decentralized access control. For example, the IT department may manage access control for critical resources such as Active Directory (centralized administration), while systems belonging to individual departments, such as the sales team customer relationship management (CRM), may be managed by individual departments (decentralized administration).

Question 13

Provisioning

Answer 13

creation and maintenance of user accounts as well as maintaining the correct access rights for the user.

Question 14

Review

Answer 14

Accounts are regularly reviewed and monitored to ensure that
there is still a need for access over time.

Question 15

Revocation

Answer 15

After an employee has separated from the organization or when the employee no longer has a need for an account or access to a
system, their access(es) is/are revoked

Question 16

Privileged Access Management

Answer 16

type of access management that focuses on managing privileged accounts, usually using dedicated PAM systems and solutions.

Question 17

Discretionary Access Control (DAC)

Answer 17

provides the owner of the resource, typically the creator, full control
to configure which subjects (e.g., users, groups) can access the object (e.g., file, folder) permissions given on the admin or object owners discretion

Question 18

Mandatory access control (MAC)

Answer 18

leverages a central authority, typically a security administrator, that
regulates access based on security labels, such as the clearance level that a subject (user) has been approved for, as well as the
classification of the object (file, database, etc.). uses tags to label both subject and objects(secret, confidential and unclassified

Question 19

Role-based access control (RBAC)

Answer 19

enforces access based on roles that define permissions and the level
of access provided to any subjects assigned to that role

Question 20

Rule based Access Control(RAC)

Answer 20

a framework that restricts access to devices, databases, and locations based on a set of predetermined permissions and rules. TIME OF DAY RESTRICTION

Question 21

Directories

Answer 21

stores information about users, resources, and access permissions and allows administrators to centrally configure rules to control who gets access to what in the organization’s systems and network.

Question 22

Single sign-on

Answer 22

technology that allows users to seamlessly access a range of resources after authenticating just one time.

Question 23

Federated identity management (FIM)

Answer 23

variant of single sign-on that allows organizations to establish arrangements to utilize the same identification and authentication information to authenticate users across multiple different organizations.

Question 24

Physical access controls

Answer 24

type of physical security control that regulates and
monitors access to physical resources (such as a datacenter facility)