Part A β Multiple Choice
Q1
Which AAA component is responsible for tracking login time, logout time, and data transferred?
β
Correct: C β Accounting. Accounting records session information for audit and investigation purposes. It is NOT financial accounting β it is IT audit logging.
Q2
A user enters their username into a login form. Which step of the AAA process is this?
β
Correct: D β Identification. Entering a username is claiming an identity. Authentication (proving it) occurs when the password or second factor is verified.
Q3
An organization needs to authenticate 500 remote IoT sensors that cannot use passwords. What is the BEST solution?
β
Correct: B β Digital certificates. Certificate-based authentication allows devices to authenticate automatically using a CA-signed certificate. No passwords needed, no human interaction required, and each device has a unique certificate.
Q4
What problem does a role-based authorization model solve that a direct user-to-resource model cannot?
β
Correct: B β Scalability. Direct user-to-resource mapping becomes unmanageable at scale. RBAC allows administrators to manage groups/roles, and adding a user to a role instantly grants all associated permissions.
Q5
In a VPN authentication scenario, which device passes user credentials to the RADIUS server?
β
Correct: D β VPN Concentrator. The concentrator receives login requests from users but doesn't validate them internally. It passes the credentials to the RADIUS server, which checks them against its database and returns approve/deny.
Part B β Matching
Match each AAA component to its description.
COMPONENT
Identification
Authentication
Authorization
Accounting
FUNCTION
Claiming who you are
Proving who you are
What you can access
Recording what you did
Part C β Analysis
Q6 β Analyze
An organization has strong authentication (MFA) but no authorization model β all authenticated users have access to all resources. What is the primary risk, and what control would address it?
β
Correct: B. Without authorization controls, every authenticated user has full access β violating the principle of least privilege. A single compromised account could access all organizational data. RBAC limits blast radius by ensuring users only access what their role requires.
Part D β Evaluation
Q7 β Evaluate
Should Identification be considered a distinct step from Authentication? Some argue that since they often happen simultaneously (username + password on one form), they should be treated as one step. Evaluate this position.
β
Correct: B. Separating identification from authentication enables clearer security design: you can have strong authentication (MFA) but weak identification (username guessing). Separating them also maps directly to logs β who claimed to be who, vs. who was actually verified. The conceptual separation is foundational to zero-trust architectures.
0/7
Questions Answered Correctly