Topic: Security+ — Identity & Access Management (IAM)

Essential Question:

How do organizations verify identity, grant the correct level of access, and prevent unauthorized use of accounts and systems?

———————————————————————————

STUDENT NOTES (COPY ALL OF THIS)

———————————————————————————

1. Authentication vs Authorization (Must Know the Difference)

Authentication — proving who you are

Examples: password, MFA, biometrics.

Authorization — what you can access after login

Examples: file permissions, admin rights, access to apps.

Exam trap:

Many questions reverse the terms — always check if the question is about “who you are” or “what you can do.”

2. Authentication Factors (Know All 5)

1. Something You Know

Passwords, PINs, passphrases.

2. Something You Have

Phone, smart card, hardware token, key fob.