Week 10-11

Question 1

is a security technique that regulates who or what can view or use resources.

Answer 1

Access Control

Question 2

4 Core components of Access control

Answer 2

Identification
Authentication
Authorization
Accountability

Question 3

Declaring an identity, such as with a username or ID card.

Answer 3

Identification

Question 4

Proving the declared identity, for example, with a password or biometrics.

Answer 4

Authentication

Question 5

Determining what actions a user is permitted to perform.

Answer 5

Authorization

Question 6

Tracking user actions for auditing purposes.

Answer 6

Accountability

Question 7

define how access rights are assigned and enforced.

Answer 7

Access Control Models

Question 8

Access control models 4 main types:

Answer 8

Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)

Question 9

A permission system where the data owner decides who can access resources and what they can do.

Answer 9

Discretionary Access Control (DAC)

Question 10

A strict system where access is based on security policies and classification levels, which users cannot change.

Answer 10

Mandatory Access Control (MAC)

Question 11

A method where permissions are assigned based on a user’s role within an organization. Permissions are assigned to roles, and users are then assigned to those roles.

Answer 11

Role-Based Access Control (RBAC)

Question 12

is a flexible and dynamic access control model where access decisions are made based on multiple attributes

Answer 12

Attribute-Based Access Control (ABAC)

Question 13

the tools and components that enforce the rules and models (like DAC, MAC, RBAC, ABAC) we use to manage who can access what in a system.

Answer 13

Access Control Mechanisms

Question 14

is attached to a resource (like a file or folder) and lists which users or groups are allowed to do specific actions (read, write, execute, delete).

Answer 14

Access Control Lists

Question 15

is tied to a user or process and shows what resources they are allowed to access and with what
permissions.

Answer 15

Capability List

Question 16

is the part of a system that physically enforces access control. It intercepts requests and either blocks or
forwards them for a decision.

Answer 16

Policy Enforcement Point (PEP)

Question 17

is the component that makes the decision based on the policies: “Should access be allowed or not?”
It works behind the scenes, often in coordination with the PEP.

Answer 17

Policy Decision Point (PDP)

Question 18

is the science of protecting information by converting it into an unreadable format, so that only
authorized parties can understand it when it’s decrypted.

Answer 18

Cryptography

Question 19

Principles of Access Control