Identity and Access Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Security+ premium course — no separate purchase.
Included in this chapter:
- The identity lifecycle and access-control models
- Authentication factors, MFA, and password concepts
- Federation, SSO protocols, and interoperability
- Privileged Access Management (PAM) and exam-pattern recognition
Access-control models: who sets the policy
| Model | Who controls permissions | Decision basis | Canonical use / exam tell |
|---|---|---|---|
| MAC (Mandatory) | The system, by policy; owner cannot override | Subject clearance vs object security label | Classified/military data; SELinux enforcing |
| DAC (Discretionary) | The resource owner, at their discretion | Owner-set ACL / permissions on the object | File-system ACLs; 'owner can share the file' |
| RBAC (Role-Based) | Admins, via role definitions | User's assigned role(s) → role's permissions | Access follows job function; group/role membership |
| ABAC (Attribute-Based) | Policy author, via attribute rules | Attributes of subject, object, action, environment | Fine-grained, context-aware (device, location, time) |
| Rule-based | Admins, via global conditions | Condition rules (e.g., source IP, time-of-day) | ACL conditions applied uniformly to all subjects |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
- AZ-900 Microsoft Azure Fundamentals
- SC-300 Microsoft Certified: Identity and Access Administrator Associate
- SC-300 Microsoft Certified: Identity and Access Administrator Associate
- CISSP Certified Information Systems Security Professional
- CISSP Certified Information Systems Security Professional
- CISSP Certified Information Systems Security Professional
- CISSP Certified Information Systems Security Professional
- CISSP Certified Information Systems Security Professional
References
- CompTIA Security+ (SY0-701) certification and exam objectives
- Digital Identity Guidelines: Enrollment and Identity Proofing (SP 800-63A)
- Role-Based Access Control (RBAC) project (INCITS 359-2012 model)
- Guide to Attribute Based Access Control (ABAC) Definition and Considerations (SP 800-162)
- Digital Identity Guidelines: Authentication and Lifecycle Management (SP 800-63B)
- The OAuth 2.0 Authorization Framework (RFC 6749)