Access Control

Question 1

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

Answer 1

Authorization

Question 2

What is the biggest issue with local implementation of AAA?

Answer 2

Local implementation does not scale well.

Question 3

A company is experiencing overwhelming visits to a main web server. The IT department is developing a plan to add a couple more web servers for load balancing and redundancy. Which requirement of information security is addressed by implementing the plan?

Answer 3

Availability

Question 4

What is an example of privilege escalation attack?

Answer 4

A threat actor performs an access attack and gains the administrator password.

Question 5

What is the principle of least privilege access control model?

Answer 5

Users are granted rights on an as-needed approach.

Question 6

A server log includes this entry: User student accessed host server ABC using Telnet yesterday for 10 minutes. What type of log entry is this?

Answer 6

Accounting

Question 7

Which objective of secure communications is achieved by encrypting data?

Answer 7

Confidentiality

Question 8

What are three access control security services?

Answer 8

Authentication, Accounting, and Authorization

Question 9

Which access control model allows users to control access to data as an owner of that data?

Answer 9

TACACS+ and RADIUS

Question 10

Which two protocols are used to provide server-based AAA authentication?

Answer 10

Confidentiality, Availability, and Integrity

Question 11

Which type of access control applies the strictest access control and is commonly used in military or mission critical applications?

Answer 11

Mandatory Access Control (MAC)