Appendix






                            SECURITY+ 2e








                            Self Test Appendix











                          Chapter 1: General Security

                          Concepts: Access Control,

                          Authentication, and Auditing


                           1.  You are acting as a security consultant for a company wanting to decrease
                               their security risks.As part of your role, they have asked that you develop a
                               security policy that they can publish to their employees.This security policy
                               is intended to explain the new security rules and define what is and is not
                               acceptable from a security standpoint as well as defining the method by
                               which users can gain access to IT resources.What element of AAA is this
                               policy a part of?
                               A. Authentication
                               B. Authorization
                               C. Access Control
                               D. Auditing
                           C.Access control is defined as a policy, software component, or hardware com-
                              ponent that is used to grant or deny access to a resource. Since this policy is
                              defining how to access resources, it is considered part of access control.
                           Answer A is incorrect because this type of written policy is not part of the
                              authentication process although they may explain the authentication as part of
                              the policy.Answer B is incorrect because this type of written policy is not part
                                                                                          761