C. RBAC is best suited for environments with a high rate of employee turnover because access is defined against static job descriptions rather than transitive user accounts (DAC and ACL) or assigned clearances (MAC).

B. Two-factor is always more secure than any single factor of authentication.

A. Kerberos is a third-party authentication service; thus it provides authentication protection. Kerberos can't be used to encrypt files, secure nonauthentication communications, or protect data transfer.

D. CHAP periodically reauthenticates the client during a logon session. Kerberos, certificates, and multi-factor authentication mechanisms don't perform reauthentication.

B. A one-time password is always the strongest form of password. A static password is always the weakest form of password. A password with more than eight characters and using different types of keyboard characters is usually strong, but these factors alone are unable to indicate their strength.

B. RADIUS is a centralized authentication solution that adds an additional layer of security between a network and remote clients. SMTP is the e-mail forwarding protocol used on the Internet and intranets. PGP is a security solution for e-mail. VLANs are created by switches to logically divide a network into subnets.

A. LDAP operates over TCP ports 636 and 389. POP3 and SMTP operate over TCP ports 110 and 25, respectively. TLS operates over TCP ports 443 and 80 (SSL operates only over TCP port 443; HTTP operates over TCP port 80). FTP operates over TCP ports 20 and 21.

C. A security guard can be considered a physical barrier. Strong passwords, firewalls, and AES are all technology barriers.

B. Need to know is the MAC environment's granular access control method. The principle of least privilege is the DAC environment's concept of granular access control. Privacy and SLAs aren't forms of access control.

C. Single sign-on doesn't address access control and therefore doesn't provide granular or nongranular access control. Single sign-on provides the benefits of browsing multiple systems, fewer credentials to memorize, and the use of stronger passwords.