Page 64 - StudyBook.pdf
P. 64
48 Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing
A: A good place to start learning the process of hardening is by looking at the
guidelines published by the NSA.These can currently be found at
www.nsa.gov/snac/downloads_os.cfm?MenuID=scg10.3.1.1 or through a
search on the http://www.nsa.gov Web site.
Self Test
A Quick Answer Key follows the Self Test questions. For complete questions,
answers, and explanations to the Self Test questions in this chapter as well as
the other chapters in this book, see the Self Test Appendix.
1. You are acting as a security consultant for a company wanting to decrease their
security risks.As part of your role, they have asked that you develop a security
policy that they can publish to their employees.This security policy is intended
to explain the new security rules and define what is and is not acceptable from
a security standpoint as well as defining the method by which users can gain
access to IT resources.What element of AAA is this policy a part of?
A. Authentication
B. Authorization
C. Access Control
D. Auditing
2. One of the goals of AAA is to provide CIA.A valid user has entered their ID
and password and has been authenticated to access network resources.When
they attempt to access a resource on the network, the attempt returns a message
stating,“The server you are attempting to access has reached its maximum
number of connections.”Which part of CIA is being violated in this situation?
A. Confidentiality
B. Integrity
C. Availability
D. Authentication
www.syngress.com
