PrepAway - Latest Free Exam Questions & Answers

The steps of an access control model should follow whic…

The steps of an access control model should follow which logical flow:

PrepAway - Latest Free Exam Questions & Answers

A.
Authorization, Identification, authentication

B.
Identification, accountability, authorization

C.
Identification, authentication, authorization

D.
Authentication, Authorization, Identification

Explanation:
For a user to be able to access a resource, he first must prove he is who he claims to be, has the necessary
credentials, and has been given the necessary rights or privileges to perform the actions he is requesting.
Identification describes a method of ensuring that a subject (user, program, or process) is the entity it claims to
be. Identification can be provided with the use of a username or account number. To be properly authenticated,
the subject is usually required to provide a second piece to the credential set. This piece could be a password,
passphrase, cryptographic key, personal identification number (PIN), anatomical attribute, or token. These two
credential items are compared to information that has been previously stored for this subject. If these
credentials match the stored information, the subject is authenticated. But we are not done yet.
Once the subject provides its credentials and is properly identified, the system it is trying to access needs to
determine if this subject has been given the necessary rights and privileges to carry out the requested actions.
The system will look at some type of access control matrix or compare security labels to verify that this subject
may indeed access the requested resource and perform the actions it is attempting. If the system determines
that the subject may access the resource, it authorizes the subject.Incorrect Answers:
A: A user (or other entity) must be must be identified and authentication before he can be authorized.
B: This answer does not include authentication which is key to access control.
D: A user (or other entity) must be must be identified before he can be authenticated and then authorized.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 160


Leave a Reply