adam's notes

Domain 2 - Access Controls
Identity and Access Management
Identification
Authentication
Identity Management Lifecycle
Authorization

❯

❯

Domain 2 Access Controls

Domain 2 - Access Controls

Identity and Access Management

Identity and Access Management (IAM)
Identification
Authentication
Authorization
Authentication, Authorization, & Accounting (AAA)

Identification

Biometric Authentication
Identity Proofing

Authentication

Authentication Factors
Authentication Metrics
Biometric Authentication
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
Federation
- Trust characteristics
Single Sign-On (SSO)
Zero Trust Architecture (ZTA)
Security Assertion Markup Language (SAML)
Open Authorization (OAuth)
OpenID Connect (OIDC)
Device Authentication
- uses digital certificates to authenticate between systems (network)
- key-based authentication
- is authenticating a device to a network

Identity Management Lifecycle

Account management
- least privilege
- separation of duties
- job rotation
- mandatory vacation
- standard naming conventions
Account Management Lifecycle
- New user (provisioning)
- Job change (modify roles and permissions)
- Terminated user (Deprovisioning)
Group Policy Object (GPO)
Password Policy
Role-Based Access Control (RBAC)
Account provisioning and deprovisioning

Authorization

Principle of Least Privilege
Separation of Duties
privilege creep
account reviews
- review privileges and manage privilege creep
Entitlement
Mandatory Access Control (MAC)
Discretionary Access Control (DAC)
Access Control Lists (ACL)
Implicit Deny
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Multilevel Access Control

Graph View

Backlinks

C845 - Information Systems Security (SSCP)

Created with Quartz v4.5.2 © 2026

CC BY-NC-SA
adamfurman.me