Week 10-11

Question 1

is a security technique that regulates who or
what can view or use resources.

Answer 1

Access Control

Question 2

4 Core components

Answer 2

Identification
Authentication
Authorization
Accountability

Question 3

Declaring identity (e.g., username, ID card)

Answer 3

Identification

Question 4

Proving identity (e.g., password, biometrics)

Answer 4

Authentication

Question 5

Determining what the user is allowed to do

Answer 5

Authorization

Question 6

Tracking user actions for auditing

Answer 6

Accountability

Question 7

define how access rights are assigned and enforced.

Answer 7

Access models

Question 8

Access control models 4 main types:

Answer 8

Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)

Question 9

Is a permission system where the owner of the data (usually the person who created it) decides who can access it and what they can do with it (read, write, delete, etc.).

Answer 9

Discretionary Access Control (DAC)

Question 10

is a strict access control system where access to data is based on security policies and classification levels, not user preferences. The system enforces the rules, and users cannot change them.

Answer 10

Mandatory Access Control (MAC)

Question 11

is a method of managing access where permissions are assigned based on a user’s role in an organization.
Instead of assigning permissions to each user individually, you assign them to roles, and then assign users to those roles.

Answer 11

Role-Based Access Control (RBAC)

Question 12

is a flexible and dynamic access control model where access decisions are made
based on multiple attributes

Answer 12

Attribute-Based Access Control (ABAC)

Question 13

the tools and components that enforce the rules and models (like DAC, MAC, RBAC, ABAC) we use to manage who can access what in a system.

Answer 13

Access Control Mechanisms

Question 14

is attached to a resource (like a file or folder) and lists which users or groups are allowed to do specific actions (read, write, execute, delete).

Answer 14

Access Control Lists

Question 15

is tied to a user or process and shows what resources they are allowed to access and with what
permissions.

Answer 15

Capability List

Question 16

is the part of a system that physically enforces access control. It intercepts requests and either blocks or
forwards them for a decision.

Answer 16

Policy Enforcement Point (PEP)

Question 17

is the component that makes the decision based on the policies: “Should access be allowed or not?”
It works behind the scenes, often in coordination with the PEP.

Answer 17

Policy Decision Point (PDP)

Question 18

is the science of protecting information by converting it into an unreadable format, so that only
authorized parties can understand it when it’s decrypted.

Answer 18

Cryptography