Access Control Quiz

Understanding Access Control: Four-Part System, Categories, Policies, and Authentication

• Access control is used to restrict and allow access to resources like computers, homes, and smartphones.
• The four parts of access control are identification, authentication, authorization, and accountability.
• Identification asks "who" is requesting access, authentication verifies the requester's identity, authorization determines what the requester can access, and accountability tracks actions to individuals.
• Access control has two phases: policy definition and policy enforcement.
• Physical access controls restrict access to physical resources like buildings and parking lots, while logical access controls restrict access to computer systems and networks.
• Access control policies are a set of rules that allow a specific group of users to perform a particular set of actions on a particular set of resources.
• The four central components of access control policies are users, resources, actions, and relationships.
• There are five types of authentication: knowledge, ownership, characteristics, location, and action.
• Brute-force and dictionary attacks are common methods used by attackers to crack passwords.
• A brute-force attack involves trying every possible combination of characters, while a dictionary attack hashes words in a dictionary and compares them to the system password file.
• Examples of logical access controls for a human resources system include deciding which users can access sensitive information, monitoring user actions, and restraining or influencing user behavior.
• Access control is important for protecting resources from unauthorized use and ensuring that actions can be traced back to individuals.