3.11. Answers to Review Questions
C. RBAC is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather than transitive user accounts (DAC and ACL) or assigned clearances (MAC).
B. Two-factor is always more secure than any single factor of authentication.
A. Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can't be used to encrypt files, secure nonauthentication communications, or protect data transfer.
D. CHAP periodically reauthenticates the client during a logon session. Kerberos, certificates, and multi-factor authentication mechanisms don't perform reauthentication.
B. A one-time password is always the strongest form ...
Get CompTIA Security+™: Review Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.