Module 03 Challenge Authentication Authorization & Accounting Quiz Answers

Get IT Security: Defense Against The Digital Dark Arts Graded Quiz Answers

Q1. Fill in the blank: In the world of AAA security, “authn” is short for _____.

Answer: authentication

Explanation: In AAA security (Authentication, Authorization, and Accounting), “authn” refers to authentication, the process of verifying a user’s identity.

Q2. Fill in the blank: Authorization is concerned with determining _____ to resources.

Answer: access

Explanation: Authorization is the process of determining what actions or resources a user is allowed to access after their identity has been authenticated.

Q3. Fill in the blank: Security Keys utilize a secure challenge-and-response authentication system, which is based on _____.

Answer: public key cryptography

Explanation: Security keys use public key cryptography to perform a challenge-response authentication, ensuring secure and tamper-resistant verification.

Q4. Which of the following are examples of “something you have” for multifactor authentication? Select all that apply.

Answer:

One-Time-Password (OTP)
RSA SecureID token
Explanation:
“Something you have” refers to physical or digital items such as OTP generators or secure tokens used as a second authentication factor. PING and passwords fall into other categories.

Q5. What is a client certificate used for?

Answer: To authenticate the client

Explanation: A client certificate is used in mutual TLS to verify the identity of a client during a secure connection.

Q6. How might a user protect the data on their mobile device if it is lost or stolen?

Answer: Remote wipes

Explanation: Remote wiping allows users to erase all data from their device remotely, protecting sensitive information if the device is lost or stolen.

Q7. Fill in the blank: The authentication server is to authentication as the ticket granting service is to _____.

Answer: authorization

Explanation: In systems like Kerberos, the Ticket Granting Service (TGS) issues tickets that allow access to resources, which is part of the authorization process.

Q8. Consider the following scenario: A network admin wants to use a Remote Authentication Dial-In User Service (RADIUS) protocol to allow 5 user accounts to connect company laptops to an access point in the office. These are generic users and will not be updated often. Which of these internal sources would be appropriate to store these accounts in?

Answer: Flat file

Explanation: For a small and static set of users, a flat file is a simple and efficient option to store user accounts, especially when updates are infrequent.

Q9. Consider the following scenario: A network admin deployed a Terminal Access Controller Access Control System Plus (TACACS+) system so other admins can properly manage multiple switches and routers on the Local Area Network (LAN). The system will keep track and log admin access to each device and the changes made. This “logging” satisfies which part of the three A’s of security?

Answer: Accounting

Explanation: Accounting refers to the tracking and logging of user activities, such as access and changes made to devices or systems.

Q10: Access control entries can be created for what types of file system objects? Select all that apply.

Answer:

Files
Folders
Programs
Explanation:
Access control entries (ACEs) can define permissions for files, folders, and programs, determining which users or groups have access to them. APIs are not file system objects