AAA vs CIA Challenge

Authentication

Authorization

Accounting

CIA Basics

Real-World Scenarios

100

Authentication

What AAA component verifies user identity?

100

Authorization rules / permissions

What determines what a user is allowed to access?

100

Accounting

Which AAA component keeps logs of user activity?

100

Confidentiality

What does the “C” in CIA stand for?

100

Confidentiality

MFA mainly protects which CIA pillar?

300

Password + OTP, Password + fingerprint, Smart card + PIN

Name one example of multi-factor authentication

300

Role-Based Access Control (RBAC)

What authorization method assigns access based on job role?

300

They help track actions, detect misuse, and investigate incidents.

Why are logs important for security investigations?

300

Integrity

Which CIA pillar ensures data is not altered?

300

Availability

A system crash affects which CIA pillar most?

500

Because they can be guessed, stolen, reused, or phished.

Why are passwords alone considered weak authentication?

500

Users may get too much access or unauthorized access to resources.

What happens if authorization is misconfigured?

500

Integrity

Which CIA pillar is most affected if accounting is missing?

500

Denial of Service (DoS), DDoS attack, System crash, Server outage

Give one example of an availability attack.

500

AAA: Accounting, CIA: Integrity

Logs show unauthorized changes, which AAA and CIA elements are involved?