Access Controls

Which of the following best describes the purpose of an extranet?

A) To allow employees to access internal company resources securely
B) To provide trusted partners and vendors with controlled access to internal systems
C) To give the general public unrestricted access to company data
D) To host applications directly on the global Internet backbone

Answer: B — Extranet.

• Extranet = allows partners, vendors, contractors to access specific internal resources externally.

• Intranet = employee-only private network (A).

• Internet = global public (C).

• D = nonsense.
  Exam tip: If question mentions partners or third parties → that’s an extranet.

What is user entitlement?

A) The privileges inherited by a user
B) The default level of access given to users by the operating system
C) The level of privilege assigned to administrative accounts
D) The rights and privileges assigned to a user

Answer: D — User entitlements are the rights and privileges assigned to a user account.
❌ A = group/role inheritance, not entitlements themselves.
❌ B = baseline OS defaults, not custom entitlements.
❌ C = admin rights, a narrower case.
Exam tip: Entitlements = who gets what access.

Network architecture with policy engine, policy admin, and enforcement point

A) Cloud
B) Hybrid
C) Secure Access Service Edge (SASE)
D) Zero-trust

Answer: D — Zero-trust.

• Core components: Policy engine, Policy administrator, Policy enforcement point (PEP).
  ❌ A/B = not policy models.
  ❌ C = SASE is about delivery of secure services, not those three roles.
  Exam tip: Policy engine/admin/enforcement = Zero Trust clue.

You need to incorporate SAML and SSO into a web application. Which would you use?

A) OpenID Connect
B) id_token
C) OAuth
D) Shibboleth

Answer: D — Shibboleth.

• SAML + SSO = Shibboleth (federated identity management).
  ❌ OIDC/OAuth are JSON + authorization, not SAML.
  Exam tip: If you see “SAML” explicitly, answer is usually Shibboleth.

API interface language for querying databases

Which interface language can be configured to allow applications to query any type of database?

A) JDBC
B) XML
C) OLE DB
D) ODBC

Answer: D — ODBC.

• ODBC = universal, cross-platform DB query interface.
  ❌ JDBC = Java-specific.
  ❌ XML = markup, not query language.
  ❌ OLE DB = Microsoft-specific.
  Exam tip: Any database / cross-platform = ODBC.

Private network restricted to an organization’s employees. “The office’s private neighborhood.” Key exam clue: Internal-only, employee access. Contrast with Extranet (partners) and Internet (public).

Intranet

Controlled access to internal systems for partners, vendors, or contractors. “Guest pass into part of the office.” Key exam clue: If you see third parties in the question, it’s Extranet. Contrast with Intranet (employees only).

Extranet

Public, global network accessible to anyone. “The world’s highway.” Key exam clue: If it says open/public access, that’s Internet. Contrast with Intranet/Extranet which are restricted.

Internet

The rights and privileges assigned directly to a user account. “What your ID badge lets you through.” Key exam clue: Entitlement = assignment. Contrast with inheritance (roles/groups) or defaults (OS).

User Entitlement

Security model with policy engine, policy administrator, and enforcement point. “Border guard checking ID every time.” Key exam clue: If question mentions ‘policy enforcement point’ → Zero Trust. Contrast with SASE (network delivery), Cloud/Hybrid (infrastructure).

Zero-trust Architecture

Open-source SSO system using SAML for federated identity. “The doorman who checks a single pass for multiple doors.” Key exam clue: If exam says SAML + SSO → Shibboleth. Contrast with OAuth (authorization), OpenID Connect (JSON identity).

Shibboleth

Universal API allowing applications to query any type of database. “Universal translator for databases.” Key exam clue: If it says cross-platform or any database → ODBC. Contrast with JDBC (Java-only), OLE DB (Microsoft-only), XML (not a query API).

ODBC (Open Database Connectivity)