Security and system resilience
The Access Gate
Prove identity, then grant the least access: authentication uses factors, authorization uses roles, and termination triggers prompt deprovisioning.
How the exam words it
- -The stem lists credentials and asks whether multifactor authentication is present, or which authentication factor a control represents.
- -It grants access by job role and asks which model is used, pointing to role-based access control.
- -It describes a terminated or transferred employee and asks what access control should occur.
- -It describes hashing, a DMZ, or network segmentation and asks what security purpose it serves.
The playbook
- 1Test authentication by factor category: something you know (a password), something you have (a token), and something you are (a biometric); true MFA combines two different categories.
- 2Grant authorization on least privilege through role-based access control, assigning permissions to roles rather than to individuals.
- 3Deprovision promptly on termination or transfer, disabling access on the effective date, and review access rights periodically.
- 4Recognize supporting controls: hashing protects integrity (it is irreversible), a DMZ isolates public-facing servers, and segmentation limits lateral movement.
The trap
Counting two passwords as multifactor authentication, or thinking hashing provides confidentiality. MFA needs two different factor categories, and hashing is one-way integrity, not encryption.
How the exam varies it
The same pattern, re-skinned along these axes:
Authentication factor categories and what counts as MFAAuthorization by role (RBAC) and least privilegeTermination deprovisioning versus network segmentation and hashing
Drill this pattern
8 questions of The Access Gate from across the AUD topics. Clear it by getting 5 right with a streak of 3.