Back to Security

Access Control

5 minutes 5 Questions

Access control is a security technique that determines and enforces who can access specific resources to protect sensitive information and systems. It manages access permissions, ensuring that users and devices get the appropriate level of access required to perform their tasks. Access control models are broadly classified into three types: Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC). MAC enforces access based on security classifications, DAC allows users to set permissions for other users, and RBAC assigns permissions to roles and users indirectly through membership in these roles.

Guide to Access Control for CompTIA A+ Security

Access Control is a crucial concept in CompTIA A+ Security. It refers to the selective restriction of access to a place or other resource. In an IT context, it effectively manages and restricts who or what can view and use resources in a computer environment.

Importance of Access Control: Access Control is imperative to ensure security in a system. It prevents unauthorized access, protects personal data, and enables efficient work by giving people the access they need to do their jobs.

How Access Control Works: Access control works based on Identification, Authentication, Authorization, and Accountability (IAAA). The user must identify themselves, authenticate their identity, receive the authorization for specific resources, and then finally, accountability ensures all actions on the system are traceable.

Exam Tips:

When answering questions regarding Access Control in an exam:

  • Always remember the IAAA model.
  • Understand and distinguish between different access control models, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC).
  • Know how access control lists (ACLs), group policies and other control mechanisms are implemented.
In general, thorough understanding of the functionalities and mechanisms behind Access Control is crucial for passing the CompTIA A+ Security exam.

Test mode:
Start practice test
CompTIA A+ - Security Example Questions

Test your knowledge of Amazon Simple Storage Service (S3)

Question 1

A company needs to provide temporary access to an Amazon S3 bucket for 30 minutes to an external contractor. How to grant this temporary access?

Correct Answer: AWS Security Token Service (STS) temporary credentials

AWS Security Token Service (STS) temporary credentials can be configured for 30 minutes and provide temporary access. IAM users with time-based policies cannot precisely revoke after 30 minutes. Transfer Acceleration, Cross-Region Replication, and AWS KMS are not related to temporary access. Pre-signed URLs are for S3 object access, not the entire bucket.

Question 2

A company wants to implement an access control system that grants permissions based on a combination of user attributes, environmental conditions, and resource properties. Which access control model is most appropriate?

Correct Answer: Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC) is the most appropriate access control model for this scenario. Here's why: ABAC allows for fine-grained access control based on a combination of attributes, including: 1. User attributes (e.g., role, department, clearance level) 2. Environmental conditions (e.g., time of day, location, device type) 3. Resource properties (e.g., sensitivity level, project association) This model provides the flexibility to create complex access policies that can consider multiple factors simultaneously, making it ideal for the company's requirements. Other options are less suitable: Role-Based Access Control (RBAC) with time-based restrictions is limited to roles and time factors, lacking the ability to consider resource properties and other environmental conditions. Discretionary Access Control (DAC) with conditional statements primarily focuses on object owners granting access rights, which doesn't align with the company's need for a comprehensive attribute-based approach. Mandatory Access Control (MAC) with dynamic policy adjustments is typically used in highly secure environments with strict hierarchical access levels, and doesn't offer the flexibility required for considering various attributes and conditions.

Question 3

A company wants to limit access to their AWS Management Console to specific IP addresses during working hours. How to accomplish this?

Correct Answer: Create an IAM policy with an IP address and time-based condition

Creating an IAM policy with IP address and time-based conditions will allow you to limit access to the AWS Management Console. AWS WAF, Security Groups, and NACLs do not control access to the AWS Management Console. AWS Direct Connect is mainly for network connectivity, and Trusted Advisor helps optimize resources, not access control.

image/svg+xml
Go Premium

CompTIA A+ Preparation Package (2024)

  • 3756 Superior-grade CompTIA A+ practice questions.
  • Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
  • Unlock Effortless CompTIA A+ preparation: 5 full exams.
  • 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
  • Bonus: If you upgrade now you get upgraded access to all courses
  • Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!
More Access Control questions
23 questions (total)
Start 23 question test