206. Which situation is Kerberos not used in?
a. Managing distributed access rights
b. Managing encryption keys
c. Managing centralized access rights
d. Managing access permissions
207. Which of the following security control mechanisms is simplest to administer?
a. Discretionary access control
b. Mandatory access control
c. Access control list
d. Logical access control
Discretionary access controls are not simple to use due to their finer level of granularity in the access control process. Both the access control list and logical access control require a significant amount of administrative work because they are based on the details of each individual user.
208. What implementation is an example of an access control policy for a bank teller?
a. Role-based policy
b. Identity-based policy
c. User-directed policy
d. Rule-based policy
Identity-based and user-directed policies are incorrect because they are examples of discretionary access control. Identity-based access control is based only on the identity of the subject and object. In user-directed access controls, a subject can alter the access rights with certain restrictions. Rule-based policy is incorrect because it is an example of a mandatory type of access control and is based on specific rules relating to the nature of the subject and object.
209. Which of the following access mechanisms creates a potential security problem?
a. Location-based access mechanism
b. IP address-based access mechanism
c. Token-based access mechanism
d. Web-based access mechanism
Location-based access mechanism is incorrect because it deals with a physical address, not IP address. Token-based access mechanism is incorrect because it uses tokens as a means of identification and authentication. Web-based access mechanism is incorrect because it uses secure protocols to accomplish authentication. The other three choices accomplish both identification and authentication and do not create a security problem as does the IP address-based access mechanism.
210. Rank the following authentication mechanisms providing most to least protection against replay attacks?
a. Password only, password and PIN, challenge response, and one-time password
b. Password and PIN, challenge response, one-time password, and password only
c. Challenge response, one-time password, password and PIN, and password only
d. Challenge-response, password and PIN, one-time password, and password only