StudyXY
RegisterLog in
Information Technology /CompTIA Security+ (SY0-601): Access Control

CompTIA Security+ (SY0-601): Access Control

Information Technology9 CardsCreated about 2 months ago

This section outlines different access control models including Discretionary (DAC), Mandatory (MAC), Rule-Based, and Lattice-Based systems. It emphasizes how permissions are assigned—either by object owners or enforced system-wide through security labels—and the role of structured models in securing sensitive environments.

PrintEmbedImportReport

DAC

Discretionary Access Control:
The access control policy is determined by the owner
DAC is used commonly

  1. Every object in a system must have an owner

  2. Each owner determines access rights and permissions for each object

Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/9

Key Terms

Term
Definition

DAC

Discretionary Access Control:
The access control policy is determined by the owner
DAC is used commonly

  1. Every object in a syste...

MAC

Mandatory Access Control:
An access control policy where the computer system determines the access control for an object

Rule-Based Access Control

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Lattice-Based Access Control

Utilizes complex mathematics to create sets of objects and subjects to define how they interact

Mandatory Access Con...

RBAC

Role-Based Access Control:
An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single dat...

ABAC

Attribute-Based Access Control:
An access model that is dynamic and context-aware using IF-THEN statements

Most s...

Log in to view all terms

Related Flashcard Decks

Information Technology

Security+ (SY0-701): Additional Knowledge

This flashcard set explores various cybersecurity topics including credential-stuffing attacks, data classification (e.g., private data), and key disaster recovery metrics like RTO. It also highlights protective measures such as hashing for data integrity, automation support challenges, and the use of URL scanning in web filtering to prevent malware infections.

10 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 5.0 Security Program Management and Oversight

This flashcard set covers key concepts in cybersecurity governance frameworks, including centralized governance, data stewardship roles, and compliance laws like SOX. It also addresses environments supporting development and change management, as well as recovery strategies like Recovery Point Objective (RPO) to minimize data loss during system failures.

8 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice: 4.0 Security Operations

This flashcard set explores advanced cybersecurity practices including refining SIEM alert handling, email security protocols (DKIM, DMARC), secure authentication methods, and strategic threat-hunting. It emphasizes how to enhance incident response efficiency and leverage proactive defense techniques like maneuvering to counteract potential threats.

11 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 2.0 Threats, Vulnerabilities, and Mitigations

This deck covers key concepts related to threats, vulnerabilities, and mitigations in cybersecurity, focusing on virtual machine security.

1 cards
View Deck
Information Technology

Security+ (SY0-701): Cert Master Practice; 1.0 General Security Concepts

This flashcard deck covers key concepts from the Security+ (SY0-701) exam, focusing on general security concepts such as technical and operational controls, policy enforcement, and tokenization.

6 cards
View Deck
Information Technology

Security+ (SY0-701): Lesson 16: Summarize Data Protection Part 2

This flashcard deck covers key concepts from the Security+ (SY0-701) Lesson 16, focusing on data protection methods, DLP components, and security awareness training.

25 cards
View Deck

Study Tips

  • Press F to enter focus mode for distraction-free studying
  • Review cards regularly to improve retention
  • Try to recall the answer before flipping the card
  • Share this deck with friends to study together
CompTIA Security+ (SY0-601): Access Control
TermDefinition

DAC

Discretionary Access Control:
The access control policy is determined by the owner
DAC is used commonly

  1. Every object in a system must have an owner

  2. Each owner determines access rights and permissions for each object

MAC

Mandatory Access Control:
An access control policy where the computer system determines the access control for an object

MAC relies on security labels being assigned to every user (called a subject) and every file/folder/device or network connection (called an object)

Data labels create trust levels for all subjects and objects

MAC is implemented through the Rule-based and the Latticebased access control methods

Rule-Based Access Control

Label-based access control that defines whether access should be granted or denied to objects by comparing the object label and the subject label

Lattice-Based Access Control

Utilizes complex mathematics to create sets of objects and subjects to define how they interact

Mandatory Access Control is a feature in FreeBSD & SELinux

Only in high security systems due to its complex configuration

RBAC

Role-Based Access Control:
An access model that is controlled by the system (like MAC) but utilizes a set of permissions instead of a single data label to define the permission level

Power Users is a role-based permission

ABAC

Attribute-Based Access Control:
An access model that is dynamic and context-aware using IF-THEN statements

Most specific/detailed access control

If Jason is in HR, then give him access to \fileserver\HR

chmod

Bash command used to change file permissions

R (Read) = 4
W (Write) = 2
X (Execute) = 1

# chmod 760 filename
7 = Owner can RWX
6 = Group can RW
0 = All Users (no access)

Privilege Creep

Occurs when a user gets additional permission over time as they rotate through different positions or roles

Privilege creep violates the principles of least privilege

Permissions

Permissions are inherited by default from the parent when a new folder is created

Any permissions added/removed from the parent folder will pass to the child by default too!

Use Groups for roles and do not assign users directly to a folder’s permissions

If you copy a folder, then permissions are inherited from the parent folder it is copied into
If you move a folder, then permissions are retained from its original permissions