Module 3 challenge: Authentication, Authorization, Accounting:IT Security: Defense against the digital dark arts(Google IT Support Professional Certificate) Answers:2025

Question 1

Fill in the blank: In the world of AAA security, “authz” is short for _____.

✅ authorization
❌ authentication
❌ authored
❌ authoritarian

Explanation:
In the AAA (Authentication, Authorization, and Accounting) model,

• Authn = Authentication → Verifies who you are.

• Authz = Authorization → Decides what you’re allowed to do.

---

Question 2

Authorization is concerned with determining _____ to resources.

✅ access
❌ eligibility
❌ validity
❌ identity

Explanation:
Authorization defines access permissions — what files, systems, or data a user can use after being authenticated.

---

Question 3

Which of the following are types of one-time-password tokens?

✅ Counter-based
✅ Time-based
❌ Password-based
❌ Identity-based

Explanation:

• HOTP (Counter-based): Changes after each use.

• TOTP (Time-based): Changes after a time interval (e.g., 30 seconds).
  These are the two main OTP methods used in multi-factor authentication (MFA).

---

Question 4

Security Keys are more ideal than OTP generators because they are resistant to _____ attacks.

✅ phishing
❌ DDoS
❌ password
❌ brute force

Explanation:
Hardware security keys (like YubiKey) use public-key cryptography, ensuring authentication only with legitimate websites — making them phishing-resistant.

---

Question 5

What is a client certificate used for?

✅ To authenticate the client
❌ To authenticate the server
❌ To authenticate the CA
❌ To authenticate the subordinate CA

Explanation:
In mutual TLS (mTLS), a client certificate verifies the identity of the client (e.g., user or device) to the server.

---

Question 6

How might a user protect the data on their mobile device if it is lost or stolen?

✅ Remote wipes
❌ Refrain from updating apps
❌ Reporting the loss
❌ Keeping a spare device

Explanation:
A remote wipe lets you erase all data from a lost or stolen phone — preventing unauthorized access to company or personal data.

---

Question 7

The authentication server is to authentication as the ticket granting service is to _____.

✅ authorization
❌ identification
❌ verification
❌ integrity

Explanation:
In Kerberos, the authentication server (AS) verifies your identity.
Then, the ticket granting service (TGS) issues tickets that determine authorization — which resources you can access.

---

Question 8

What are the benefits of using a Single Sign-On (SSO) authentication service?

✅ Reduce time spent on re-authenticating to services
✅ One set of credentials for the user
✅ Reduce overhead of password assistance
❌ The need for multiple passwords

Explanation:
SSO allows users to log in once and access multiple systems securely. It simplifies user management and reduces password fatigue.

---

Question 9

The TACACS+ system logs admin activity. This “logging” satisfies which part of the three A’s of security?

✅ Accounting
❌ Authorization
❌ Authentication
❌ Administration

Explanation:
Accounting in the AAA model refers to tracking and logging user actions — e.g., recording admin access and changes to network devices.

---

Question 10

Which of the following is a way to define permissions or authorizations for objects?

✅ Access Control Lists (ACL)
❌ NAS
❌ Extensible authentication protocols
❌ Access control entries

Explanation:
ACLs specify who can access a resource and what actions (read, write, execute) they can perform — critical for authorization management.

---

🧾 Summary Table