B. Device authentication allows the venue to restrict network access to authorized scanners but does not require individual ushers to sign in to the device. This seems an acceptable level of security for this environment, as the scanners are carefully controlled. Moving to any authentication scheme that requires user authentication would be unwieldy.

D. The purpose of an extranet is to allow outside organizations that are business partners to access limited resources on the corporate network. That describes the situation in this scenario, so Norma is building an extranet.

B. A mandatory access control (MAC) scheme is an example of a nondiscretionary approach ...