Join Mike Chapple for an in-depth discussion in this video Advanced authorization concepts, part of CompTIA Security+ (SY0-501) Cert Prep: 4 Identity and Access Management.
- [Instructor] As we wrap up or discussion…of authorization concepts, let's talk about a few…advanced issues related to authorization…in an access control system.…We need to discuss the implicit deny principle,…rule-based authorization, role-based authorization,…and time of day restrictions.…The implicit deny principle, otherwise known as default deny…is one of the foundational principles…of access control systems.…It says that anything that is not explicitly allowed…should be denied.…
If a computer system doesn't have explicit instructions…on how to handle a situation,…it should default to denying access.…Firewalls are a common example…of the default deny principle in action.…When a firewall receives a connection request,…it first consults its rules to determine whether a rule…explicitly addresses the situation.…If the firewall finds a matching rile, it carries out…the action specified by that rule.…If the firewall does not have explicit guidance…on handling a request, it blocks the connection.…
The default deny principle is a very important…
Instructor Mike Chapple has designed the training around the most recent version of CompTIA Security+, SY0-501, which expands coverage of mobile and cloud technologies. By learning about the topics in this course, you'll be prepared to answer questions from the latest exam—and strengthen your own organization's systems and defenses. To join one of Mike's free study groups, visit certmike.com.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Identification methods
- Authentication factors
- Multifactor authentication
- Single sign-on
- Authorization and access controls
- Account management