CNIT 242 Final Exam Review UPDATED
ACTUAL QUESTIONS AND CORRECT
ANSWERS
What is authentication? - CORRECT ANSWER "Do you have the credentials necessary to
access this system?"
What is authorization? - CORRECT ANSWER "What do you have permission to do once
authenticated?"
What is accounting? - CORRECT ANSWER "Once authorized to access a resource, how much
of the resource are you using?"
How can authentication be accomplished? - CORRECT ANSWER - what you know
- what you have
- what you are
What is two-factor authentication? - CORRECT ANSWER uses two of the authentication
methods to prove an identify
What are some types of identification? - CORRECT ANSWER - user ID (UID)
- physical object (ie. ATM card)
- biometrics
- digital certificates
What are some examples of proofs of identification? - CORRECT ANSWER - passwords
- access code (ie. PIN number)
- one-time tokens
- biometrics
- digital certificates
,How are user IDs typically created? - CORRECT ANSWER typically created according to
some algorithm
True/False: Ideally, a user ID should be an email address - CORRECT ANSWER false
What are some ways to ensure the proper application of user IDs and passwords? - CORRECT
ANSWER - don't write passwords down!!
- avoid easy to guess passwords (names of family members/pets, birthdates, etc)
- use at least EIGHT characters!
How often should passwords be changed? - CORRECT ANSWER - minimum 30 days
- 90 days is OPTIMAL
What are some password security recommendations? - CORRECT ANSWER - force periodic
password changes
- disallow the last x passwords
- mix case
- use non-alpha characters
- disallow plain English passwords
What is the password security tradeoff? - CORRECT ANSWER "The more strict the password
rules, the higher the chances users will violate the first rule of secure passwords."
What is the recommended minimum length for web passwords? - CORRECT ANSWER 10
characters
How do biometrics work? - CORRECT ANSWER - functions as both ID and proof of ID
- physiological
- behavioral
- issues with FALSE POSITIVES and FALSE NEGATIVES
, What is a digital certificate? - CORRECT ANSWER - encrypted data file that uses a Certificate
Authority to guarantee the identity of the holder (trust CA = trust certificate used by CA)
- also includes an ENCRYPTION KEY for secure transmissions
What is authentication compared against? - CORRECT ANSWER a known-good object
What is a domain logon? - CORRECT ANSWER - users in a domain environment will
authenticate against domain controller(s)
- login credentials stored in AD as an account object
- provided credentials are compared against those stored in AD
- each account object is assigned a Security Identifier (SID)
What is a security identifier (SID)? - CORRECT ANSWER - unique identifier that includes an
ID for the user, groups the user is a member of, and the domain to which the user is authenticating
What is remote authentication dial in user server (RADIUS)? - CORRECT ANSWER - usually
uses a network access server as RADIUS client
- uses RADIUS server as central authentication point
- server can point to other external sources such as a database, Kerberos, LDAP, AD server (separate
protocols used to remotely check credentials)
- can authenticate users of MULTIPLE device types
- uses UDP
What is terminal access controller access-control system (TACACS+)? - CORRECT
ANSWER - operationally SIMILAR to RADIUS
- uses TCP instead of UDP
- breaks each of AAA functions into SEPARATE process
- typically only used to access DEVICES, NOT workstations/servers
What is Diameter? - CORRECT ANSWER - successor to RADIUS
- uses TCP
- adds security (IPsec or TLS)
ACTUAL QUESTIONS AND CORRECT
ANSWERS
What is authentication? - CORRECT ANSWER "Do you have the credentials necessary to
access this system?"
What is authorization? - CORRECT ANSWER "What do you have permission to do once
authenticated?"
What is accounting? - CORRECT ANSWER "Once authorized to access a resource, how much
of the resource are you using?"
How can authentication be accomplished? - CORRECT ANSWER - what you know
- what you have
- what you are
What is two-factor authentication? - CORRECT ANSWER uses two of the authentication
methods to prove an identify
What are some types of identification? - CORRECT ANSWER - user ID (UID)
- physical object (ie. ATM card)
- biometrics
- digital certificates
What are some examples of proofs of identification? - CORRECT ANSWER - passwords
- access code (ie. PIN number)
- one-time tokens
- biometrics
- digital certificates
,How are user IDs typically created? - CORRECT ANSWER typically created according to
some algorithm
True/False: Ideally, a user ID should be an email address - CORRECT ANSWER false
What are some ways to ensure the proper application of user IDs and passwords? - CORRECT
ANSWER - don't write passwords down!!
- avoid easy to guess passwords (names of family members/pets, birthdates, etc)
- use at least EIGHT characters!
How often should passwords be changed? - CORRECT ANSWER - minimum 30 days
- 90 days is OPTIMAL
What are some password security recommendations? - CORRECT ANSWER - force periodic
password changes
- disallow the last x passwords
- mix case
- use non-alpha characters
- disallow plain English passwords
What is the password security tradeoff? - CORRECT ANSWER "The more strict the password
rules, the higher the chances users will violate the first rule of secure passwords."
What is the recommended minimum length for web passwords? - CORRECT ANSWER 10
characters
How do biometrics work? - CORRECT ANSWER - functions as both ID and proof of ID
- physiological
- behavioral
- issues with FALSE POSITIVES and FALSE NEGATIVES
, What is a digital certificate? - CORRECT ANSWER - encrypted data file that uses a Certificate
Authority to guarantee the identity of the holder (trust CA = trust certificate used by CA)
- also includes an ENCRYPTION KEY for secure transmissions
What is authentication compared against? - CORRECT ANSWER a known-good object
What is a domain logon? - CORRECT ANSWER - users in a domain environment will
authenticate against domain controller(s)
- login credentials stored in AD as an account object
- provided credentials are compared against those stored in AD
- each account object is assigned a Security Identifier (SID)
What is a security identifier (SID)? - CORRECT ANSWER - unique identifier that includes an
ID for the user, groups the user is a member of, and the domain to which the user is authenticating
What is remote authentication dial in user server (RADIUS)? - CORRECT ANSWER - usually
uses a network access server as RADIUS client
- uses RADIUS server as central authentication point
- server can point to other external sources such as a database, Kerberos, LDAP, AD server (separate
protocols used to remotely check credentials)
- can authenticate users of MULTIPLE device types
- uses UDP
What is terminal access controller access-control system (TACACS+)? - CORRECT
ANSWER - operationally SIMILAR to RADIUS
- uses TCP instead of UDP
- breaks each of AAA functions into SEPARATE process
- typically only used to access DEVICES, NOT workstations/servers
What is Diameter? - CORRECT ANSWER - successor to RADIUS
- uses TCP
- adds security (IPsec or TLS)
