(ISC)2 Certified in Cybersecurity Practice Exam

Which of the following terms refers to an action taken to prevent unauthorized access to a system?

• A. Authentication
• B. Authorization
• C. Access Restriction
• D. Access Control

The correct answer is: Access Control

Access Control is the term that encompasses the strategies and mechanisms put in place to prevent unauthorized access to a system, network, or resource. It is a foundational practice within cybersecurity, where the primary goal is to ensure that only authorized users can access specific data or functionalities. This covers a range of actions, including identifying users, verifying their identity, and implementing rules that determine what resources they can access and what actions they can perform. Access Control systems can include various techniques, such as role-based access control (RBAC), where permissions are based on user roles, and mandatory access control (MAC), which enforces access policies across the organization. These systems also often involve authentication methods, such as passwords, biometrics, or tokens, to verify identities before granting access. While authentication and authorization are related concepts, they serve different purposes within the context of access to systems. Authentication is the process of verifying the identity of a user or system, whereas authorization determines what an authenticated user is allowed to do. Access Restriction could be seen as a more general term that also implies limiting access, but it does not specifically cover the structured policies and mechanisms that Access Control signifies, making Access Control the most precise term for the action of preventing unauthorized access.