GCGA Ch. 2 Comparing Access Control Schemes (ST)

Question 1

Role-BAC

Answer 1

role-based access control - uses roles to grant access by placing users into roles based on their assigned jobs, functions, or tasks.

Question 2

Group-based privileges

Answer 2

a form of role-BAC. Administrators create groups, add users to the groups, and then assign permissions to the groups.

Question 3

Rule-BAC

Answer 3

rule-based access control - based on a set of approved instructions, such as ACL rules in a firewall. Some rule-BAC implementations use rules that trigger in response to an event, such as modifying ACLs after detecting an attack.

Question 4

DAC

Answer 4

Discretionary access control - every object has an owner. The owner has explicit access and establishes access for any other user. Microsoft NTFS uses the DAC scheme, with every object having a discretionary access control list (DACL). The DACL identifies who has access and what access they are granted.

Question 5

MAC

Answer 5

Mandatory access control - uses security or sensitivity labels to identify objects (what you’ll secure) and subjects (users). It is often used when access needs to be restricted based on a need to know. The administrator establishes access based on predefined security labels. These labels are often defined with a lattice to specify the upper and lower security boundaries.

Question 6

ABAC

Answer 6

Attribute-based access control - evaluates attributes and grants access based on these attributes’ values. It is used in many software-defined networks (SDNs).