30 Questions and Answers – Full Coverage

1. Define Authentication in AAA.
   Answer: Authentication is the process of verifying the identity of a user, system, or entity before granting access. It answers "Who are you?"
   Example: Logging into your Gmail using a username and password.
2. Define Authorization in AAA.
   Answer: Authorization determines what an authenticated user is allowed to do. It answers "What can you access?"
   Example: A student can view grades but cannot modify them.
3. Define Accounting in AAA.
   Answer: Accounting tracks and logs user activities after access is granted. Helps in auditing and reporting.
   Example: Firewall logs recording the IP and time of each access.
4. Give a real-life example of AAA combined.
   Answer: ATM system – Authentication: Card+PIN; Authorization: Withdraw money limit; Accounting: Bank logs transaction amount and time.
5. Compare RBAC and DAC.
   Answer: RBAC (Role-Based Access Control) assigns permissions based on user roles. DAC (Discretionary Access Control) lets resource owners decide access.
   Example RBAC: Teacher vs Student roles.
   Example DAC: File owner shares file with friends.
6. Compare MAC and ABAC.
   Answer: MAC (Mandatory Access Control) enforces system-defined permissions; ABAC (Attribute-Based Access Control) uses attributes like time, location, device.
   Example MAC: Military document clearance.
   Example ABAC: Employee can access system only during office hours from company device.
7. Give practical command to check user login attempts in Linux.
   Answer: sudo cat /var/log/auth.log
   Shows successful and failed logins.
8. What is an IDS?
   Answer: Intrusion Detection System monitors networks or systems for suspicious activity.
   Example: Snort, Suricata detecting port scans.
9. What is an IPS?
   Answer: Intrusion Prevention System detects and actively blocks malicious activity.
   Example: Blocking suspicious IP automatically.
10. Name two common IDS/IPS tools.
    Answer: Snort (network-based), OSSEC (host-based).
11. Differentiate HIDS and NIDS.
    Answer: HIDS = Host-based IDS (monitors single system), NIDS = Network-based IDS (monitors entire network traffic).
12. What are the phases of penetration testing?
    Answer: 1. Reconnaissance, 2. Scanning, 3. Gaining Access, 4. Maintaining Access, 5. Reporting
13. Give practical command for scanning phase.
    Answer: nmap -sS 192.168.1.1
    Performs a TCP SYN scan on target IP.
14. Give command to check open ports in Linux.
    Answer: netstat -tulpn
15. Describe ethical hacking.
    Answer: Authorized practice of probing systems to find vulnerabilities without causing harm.
16. Give an example of ethical hacking in real life.
    Answer: Penetration testing a company website to fix SQL injection vulnerabilities.
17. What is rules-of-engagement (RoE) in ethical hacking?
    Answer: A document specifying scope, legal limits, tools allowed, and reporting procedure for testing.
18. Name 3 key elements of RoE.
    Answer: 1. Scope of testing, 2. Authorized systems, 3. Reporting and disclosure rules.
19. Give a real-life scenario of AAA usage.
    Answer: Office WiFi – Authentication: username/password, Authorization: access internal servers, Accounting: logs network usage.
20. Give a Linux command to monitor system logs in real-time.
    Answer: sudo tail -f /var/log/syslog
21. Example of ABAC rule in practice.
    Answer: HR system allows payroll access only from office IP and during 8AM-5PM.
22. Describe how RBAC prevents privilege escalation.
    Answer: Users can only access resources allowed by role; cannot gain admin rights unless assigned.
23. How does DAC fail sometimes?
    Answer: If owner gives wrong permissions, unauthorized users may access files.
24. Command to add user in Linux (practical).
    Answer: sudo adduser student1
25. Command to assign user to group (RBAC example).
    Answer: sudo usermod -aG students student1
26. Practical example of IDS alert.
    Answer: Snort detects repeated login attempts → triggers alert in console/log.
27. Practical example of IPS in blocking attack.
    Answer: IPS blocks IP 192.168.100.50 after detecting repeated port scan.
28. Give example of penetration testing report.
    Answer: Document lists vulnerabilities found, proof-of-concept, risk rating, and remediation recommendations.
29. Define Reconnaissance in pentesting with command.
    Answer: Phase to gather information about target.
    Command: whois example.com for domain info.
30. Define Exploitation/Gaining Access phase.
    Answer: Phase where tester uses vulnerabilities to access the system.
    Command: msfconsole for Metasploit exploitation.
31. Explain Maintaining Access phase.
    Answer: Tester ensures persistent access to demonstrate risk.
    Command: Setting up backdoor: nc -lvp 4444 -e /bin/bash

Practical Examples & Real-Life Analogies

• AAA in WiFi, ATM, corporate systems
• RBAC = workplace roles, school system
• DAC = personal file sharing (Dropbox, Google Drive)
• MAC = government/military clearance
• ABAC = time/location/device restrictions
• IDS = burglar alarm, IPS = auto-locking door
• Pen testing phases = test house security step-by-step: gather info → probe locks → attempt break-in → secure entry → report

Commands Summary (Linux)

• sudo adduser username – Create user
• sudo usermod -aG group username – Assign user to role/group
• sudo cat /var/log/auth.log – Check authentication logs
• sudo tail -f /var/log/syslog – Monitor system logs live
• nmap -sS IP – Port scanning during pentesting
• msfconsole – Launch Metasploit for exploitation
• netstat -tulpn – Check open ports
• sudo ausearch -x command – Audit specific commands

THE END

Prepared by: Mwala-Learn