Module 3 challenge: Authentication, Authorization, Accounting:IT Security: Defense against the digital dark arts(Google IT Support Professional Certificate) Answers:2025
Question 1
Fill in the blank: In the world of AAA security, “authz” is short for _____.
✅ authorization
❌ authentication
❌ authored
❌ authoritarian
Explanation:
In the AAA (Authentication, Authorization, and Accounting) model,
-
Authn = Authentication → Verifies who you are.
-
Authz = Authorization → Decides what you’re allowed to do.
Question 2
Authorization is concerned with determining _____ to resources.
✅ access
❌ eligibility
❌ validity
❌ identity
Explanation:
Authorization defines access permissions — what files, systems, or data a user can use after being authenticated.
Question 3
Which of the following are types of one-time-password tokens?
✅ Counter-based
✅ Time-based
❌ Password-based
❌ Identity-based
Explanation:
-
HOTP (Counter-based): Changes after each use.
-
TOTP (Time-based): Changes after a time interval (e.g., 30 seconds).
These are the two main OTP methods used in multi-factor authentication (MFA).
Question 4
Security Keys are more ideal than OTP generators because they are resistant to _____ attacks.
✅ phishing
❌ DDoS
❌ password
❌ brute force
Explanation:
Hardware security keys (like YubiKey) use public-key cryptography, ensuring authentication only with legitimate websites — making them phishing-resistant.
Question 5
What is a client certificate used for?
✅ To authenticate the client
❌ To authenticate the server
❌ To authenticate the CA
❌ To authenticate the subordinate CA
Explanation:
In mutual TLS (mTLS), a client certificate verifies the identity of the client (e.g., user or device) to the server.
Question 6
How might a user protect the data on their mobile device if it is lost or stolen?
✅ Remote wipes
❌ Refrain from updating apps
❌ Reporting the loss
❌ Keeping a spare device
Explanation:
A remote wipe lets you erase all data from a lost or stolen phone — preventing unauthorized access to company or personal data.
Question 7
The authentication server is to authentication as the ticket granting service is to _____.
✅ authorization
❌ identification
❌ verification
❌ integrity
Explanation:
In Kerberos, the authentication server (AS) verifies your identity.
Then, the ticket granting service (TGS) issues tickets that determine authorization — which resources you can access.
Question 8
What are the benefits of using a Single Sign-On (SSO) authentication service?
✅ Reduce time spent on re-authenticating to services
✅ One set of credentials for the user
✅ Reduce overhead of password assistance
❌ The need for multiple passwords
Explanation:
SSO allows users to log in once and access multiple systems securely. It simplifies user management and reduces password fatigue.
Question 9
The TACACS+ system logs admin activity. This “logging” satisfies which part of the three A’s of security?
✅ Accounting
❌ Authorization
❌ Authentication
❌ Administration
Explanation:
Accounting in the AAA model refers to tracking and logging user actions — e.g., recording admin access and changes to network devices.
Question 10
Which of the following is a way to define permissions or authorizations for objects?
✅ Access Control Lists (ACL)
❌ NAS
❌ Extensible authentication protocols
❌ Access control entries
Explanation:
ACLs specify who can access a resource and what actions (read, write, execute) they can perform — critical for authorization management.
🧾 Summary Table
| Q# | ✅ Correct Answer | Concept |
|---|---|---|
| 1 | Authorization | Authz = authorization |
| 2 | Access | Determines access rights |
| 3 | Counter-based, Time-based | OTP types |
| 4 | Phishing | Security key protection |
| 5 | Authenticate the client | Client certificate use |
| 6 | Remote wipes | Protect lost/stolen data |
| 7 | Authorization | Kerberos TGS role |
| 8 | One login, less re-auth, reduced overhead | SSO benefits |
| 9 | Accounting | Logs and auditing |
| 10 | Access Control List (ACL) | Defines permissions |