Module 3: Access Control - Course Content and Answers Table

Topic Description Example/Answer

Username/password login, Two-

Verifying the identity of a user,
Authentication Factor Authentication (2FA),
system, or application.
Biometrics (e.g., fingerprint).

Determining what resources or Employees can view but not edit

Authorization actions a user is allowed to customer data; HR staff can access
access based on identity. salary information.

Systems managing user An IAM system handles password

Identity and Access
identities, roles, and resets, role assignments, and
Management (IAM)
permissions. automated deactivation.

Permissions are assigned based IT Admin role allows server

Role-Based Access
on predefined roles (e.g., admin, management; Sales role allows CRM
Control (RBAC)
user). access.

Attribute-Based Access decisions are based on Doctors access only assigned patient
Access Control user attributes (e.g., records; employees access financial
(ABAC) department, time of day). data from office IPs.

A user logs in once and gains Logging into an SSO portal grants
Single Sign-On
access to multiple applications seamless access to email, HR
(SSO)
without re-entering credentials. systems, and project management.

Users are granted only the
Principle of Least
minimum permissions
Privilege
necessary to perform their job.
A marketing intern is given access only
to the social media accounts they
manage.

Includes Cloud-Based, On- Cloud-Based: Okta; On-Premises:

IAM System Types Premises, Hybrid, and Open- Oracle Identity Manager; Open-
Source IAM systems. Source: Keycloak.

Enhances user experience and Employees remember fewer

Advantages of SSO simplifies access management credentials and gain faster access to
by reducing password fatigue. tools, improving productivity.

RBAC is role-specific; ABAC ABAC: Allows time-restricted access

RBAC vs. ABAC considers dynamic attributes to sensitive data; RBAC: Access is
for granular access control. fixed based on job roles.

Designed to prevent security Examples include multi-factor

Preventive Controls
incidents before they occur. authentication and firewalls.

Designed to identify and alert on Examples include intrusion detection

Detective Controls
security incidents. systems (IDS) and security event logs.
Topic Description Example/Answer

Designed to restore normal Examples include data restoration

Corrective Controls
operations after an incident. from backups after a cyberattack.

Scalable, vendor-managed IAM

Examples: Okta, Azure Active
Cloud-Based IAM systems that are ideal for
Directory.
remote access.

Customizable IAM solutions

Examples: Keycloak, WSO2 Identity
Open-Source IAM with lower upfront costs but
Server.
requiring technical expertise.

While convenient, SSO creates

SSO Security Implement SSO with multi-factor
a single point of failure if not
Considerations authentication for enhanced security.
implemented securely.

ABAC provides fine-grained

Policies can allow project-specific
access control but can be
ABAC Flexibility access during business hours and
complex to manage in large
restrict outside these times.
organizations.

IAM systems support regulatory Ensures adherence to GDPR by

IAM and Regulatory
compliance by enforcing strict controlling and monitoring access to
Compliance
access controls and auditing. personal data.

Regularly reviewing logs and

Analyzing access logs to identify
Auditing and user activities to ensure
unauthorized activities or over-
Monitoring compliance and detect
permissioned accounts.
anomalies.