Access Control Models
Authentication
Authorization
Window User Management
Active Directory
100

Validating a subject's (user's) identity

What is Authentication

100

Used by Microsoft Active Directory

What is Single Sign-On

100

An implementation of DAC

What is DACL

100

Windows system functions independently.

What is standalone

100

A group of related domains

What is a Tree

200

Maintaining a record of a subject’s activity

What is Accounting or Auditing

200

Used to prove software can be trusted

What is Attestation

200

Used by Microsoft for auditing

What is SACL

200

Peer to peer network

What is Workgroup

200

Copying changes to AD on the Domain Controller

What is Replication
300

Access controls deter intrusion or attacks

What is Preventive

300

Used when app is installed and you want to use Facebook to log in.

What is OAuth and OpenID Connect

300

Is issued when logging into a system.

What is SID (SecurityID)

300

Either provides or consumes services but not both

What is domain or Client-Server

300

Giving access to part of AD without giving full access

What is delegation

400

Restriction of data that is highly sensitive

What is Need to Know

400

Biometric is an example of what type of MFA

What is something you are

400

Cumulative. Combination of inherited permissions and explicit permissions.

What is Effective Permissions

400

User, Group and computer are examples of this

What is objects

400

What actions a given user can do

What is local policies/user rights

500

Identifies users or groups who are not allowed access.

What is Explicit Deny

500

Developed by MIT

What is Kerberos

500

Deny will always win

What is deny permissions

500

Cloud based

What is Azure Active Directory

500

Allows for enabling and configuring Bitlocker, offline files and parental controls.

What is Administrative Templates