CNIT 242 Final Exam UPDATED
QUESTIONS AND CORRECT ANSWERS
What does AAA stand for? - CORRECT ANSWER Authentication, Authorization, and
Accounting
What question does Authentication answer? - CORRECT ANSWER Do you have the
credentials necessary to access this system?
What question does Authorization answer? - CORRECT ANSWER Once authenticated, what
do you have permission to do?
What question does Accounting answer? - CORRECT ANSWER Once authorized to access a
resource, how much of the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - CORRECT
ANSWER What you know, what you have, what you are, where you are
What is two-factor authentication? - CORRECT ANSWER Using two of the 4 authentication
qualifications to prove an identity.
What 2 steps does the authentication process involve? - CORRECT ANSWER Identification
and proof of identification
What are ways to provide identification? - CORRECT ANSWER User ID, physical object (such
as ATM card), biometrics, digital certificates
What are ways to provide proof of identification? - CORRECT ANSWER passwords, access
codes, one-time tokens, biometrics, digital certificates
What are strategic ways to develop user IDs? - CORRECT ANSWER computer generated
(NEVER simple names), sometimes created to some algorithm, NEVER use the same as email
address
,True or False: UID / password combo can be a powerful method of authentication if properly
managed - CORRECT ANSWER True
What is the number one rule of password security? - CORRECT ANSWER DON'T WRITE
PASSWORDS DOWN
What is the security tradeoff with password? - CORRECT ANSWER The more strict the
password rules, the higher the chances users will violate the first rule of secure passwords
What are biometrics? - CORRECT ANSWER authentication. functions as both ID and proof of
ID, separated into physiological and behavioral
What are digital certificates? - CORRECT ANSWER a form of authentication. encrypted data
files that uses a Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - CORRECT ANSWER Remote
Access Dial-In User Service, both Authentication and Authorization
What does TACAS+ stand for? - CORRECT ANSWER Terminal Access Controller Access
Control Service Plus
Where does authentication across the network exist? - CORRECT ANSWER on the local
computer by default, but in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - CORRECT ANSWER the domain,
not the local machine
How is authorization accomplished? - CORRECT ANSWER through rights and permissions
What level do group policies assign rights to? - CORRECT ANSWER system
What level do access control lists assign permissions to? - CORRECT ANSWER object
,What is an access control list? - CORRECT ANSWER simplest method of providing
authorization, but requires a separate authentication method. they are attached to/located on the
resource
What do ACLs contain? - CORRECT ANSWER a list of authorized users and their
authorization levels
When do "share" permissions apply? - CORRECT ANSWER when the resource is accessed
over a network
What 3 servers does Kerberos require? - CORRECT ANSWER one authentication server, one
ticket granting server, and at least one application server
What is the basic concept of Kerberos? - CORRECT ANSWER If a secret is known by only
two people, either person can verify the identity of the other by confirming that the other person
knows the secret.
What is the purpose of a Kerberos Realm? - CORRECT ANSWER admins create the realms
which encompass all that is available to access. a realm defines what Kerberos manages in terms of
who can access what.
What is within a Kerberos Realm? - CORRECT ANSWER Within the realm is the Client and
the service/host machine to which they requested access. There is also the Key Distribution Center
which hold the Authentication S and TGS
In Kerberos, when requesting access to a service or host, three interactions take place between you
and: - CORRECT ANSWER the Authentication Server, the Ticket Granting Server, and the
Service or host machine that you're wanting access to
What will you receive with each interaction in Kerberos? - CORRECT ANSWER Two
messages. Each message is one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate directly with the
KDC? - CORRECT ANSWER No, they do not!
, Where are all the secret keys for user machines and services stored in Kerberos? - CORRECT
ANSWER the KDC
What are secret keys (in Kerberos)? - CORRECT ANSWER passwords plus a salt that are
hashed
True or False: There are passwords on the services/host machines that use Kerberos. - CORRECT
ANSWER False
What happens during the set up of Kerberos? - CORRECT ANSWER hash algorithm is chosen
for secret keys, admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - CORRECT ANSWER symmetric/private key,
but can be configured to use public key
How is the KDC protected? - CORRECT ANSWER it itself is encrypted with a master key
What are traits of TACAS? - CORRECT ANSWER Cisco-proprietary, TCP, AAA are separate
processes
What are traits of RADIUS? - CORRECT ANSWER Open standard, UDP, combines
Authentication and Authorization, only encrypts password
What are traits of Kerberos? - CORRECT ANSWER Authentication only, no Authorization or
Accounting
What standard does naming in AD follow? - CORRECT ANSWER LDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain forest? -
CORRECT ANSWER trust relationships
QUESTIONS AND CORRECT ANSWERS
What does AAA stand for? - CORRECT ANSWER Authentication, Authorization, and
Accounting
What question does Authentication answer? - CORRECT ANSWER Do you have the
credentials necessary to access this system?
What question does Authorization answer? - CORRECT ANSWER Once authenticated, what
do you have permission to do?
What question does Accounting answer? - CORRECT ANSWER Once authorized to access a
resource, how much of the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - CORRECT
ANSWER What you know, what you have, what you are, where you are
What is two-factor authentication? - CORRECT ANSWER Using two of the 4 authentication
qualifications to prove an identity.
What 2 steps does the authentication process involve? - CORRECT ANSWER Identification
and proof of identification
What are ways to provide identification? - CORRECT ANSWER User ID, physical object (such
as ATM card), biometrics, digital certificates
What are ways to provide proof of identification? - CORRECT ANSWER passwords, access
codes, one-time tokens, biometrics, digital certificates
What are strategic ways to develop user IDs? - CORRECT ANSWER computer generated
(NEVER simple names), sometimes created to some algorithm, NEVER use the same as email
address
,True or False: UID / password combo can be a powerful method of authentication if properly
managed - CORRECT ANSWER True
What is the number one rule of password security? - CORRECT ANSWER DON'T WRITE
PASSWORDS DOWN
What is the security tradeoff with password? - CORRECT ANSWER The more strict the
password rules, the higher the chances users will violate the first rule of secure passwords
What are biometrics? - CORRECT ANSWER authentication. functions as both ID and proof of
ID, separated into physiological and behavioral
What are digital certificates? - CORRECT ANSWER a form of authentication. encrypted data
files that uses a Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - CORRECT ANSWER Remote
Access Dial-In User Service, both Authentication and Authorization
What does TACAS+ stand for? - CORRECT ANSWER Terminal Access Controller Access
Control Service Plus
Where does authentication across the network exist? - CORRECT ANSWER on the local
computer by default, but in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - CORRECT ANSWER the domain,
not the local machine
How is authorization accomplished? - CORRECT ANSWER through rights and permissions
What level do group policies assign rights to? - CORRECT ANSWER system
What level do access control lists assign permissions to? - CORRECT ANSWER object
,What is an access control list? - CORRECT ANSWER simplest method of providing
authorization, but requires a separate authentication method. they are attached to/located on the
resource
What do ACLs contain? - CORRECT ANSWER a list of authorized users and their
authorization levels
When do "share" permissions apply? - CORRECT ANSWER when the resource is accessed
over a network
What 3 servers does Kerberos require? - CORRECT ANSWER one authentication server, one
ticket granting server, and at least one application server
What is the basic concept of Kerberos? - CORRECT ANSWER If a secret is known by only
two people, either person can verify the identity of the other by confirming that the other person
knows the secret.
What is the purpose of a Kerberos Realm? - CORRECT ANSWER admins create the realms
which encompass all that is available to access. a realm defines what Kerberos manages in terms of
who can access what.
What is within a Kerberos Realm? - CORRECT ANSWER Within the realm is the Client and
the service/host machine to which they requested access. There is also the Key Distribution Center
which hold the Authentication S and TGS
In Kerberos, when requesting access to a service or host, three interactions take place between you
and: - CORRECT ANSWER the Authentication Server, the Ticket Granting Server, and the
Service or host machine that you're wanting access to
What will you receive with each interaction in Kerberos? - CORRECT ANSWER Two
messages. Each message is one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate directly with the
KDC? - CORRECT ANSWER No, they do not!
, Where are all the secret keys for user machines and services stored in Kerberos? - CORRECT
ANSWER the KDC
What are secret keys (in Kerberos)? - CORRECT ANSWER passwords plus a salt that are
hashed
True or False: There are passwords on the services/host machines that use Kerberos. - CORRECT
ANSWER False
What happens during the set up of Kerberos? - CORRECT ANSWER hash algorithm is chosen
for secret keys, admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - CORRECT ANSWER symmetric/private key,
but can be configured to use public key
How is the KDC protected? - CORRECT ANSWER it itself is encrypted with a master key
What are traits of TACAS? - CORRECT ANSWER Cisco-proprietary, TCP, AAA are separate
processes
What are traits of RADIUS? - CORRECT ANSWER Open standard, UDP, combines
Authentication and Authorization, only encrypts password
What are traits of Kerberos? - CORRECT ANSWER Authentication only, no Authorization or
Accounting
What standard does naming in AD follow? - CORRECT ANSWER LDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain forest? -
CORRECT ANSWER trust relationships
