Exam (elaborations)
CNIT 242 Final Exam Questions with correct Answers
- Course
- Institution
Exam of 50 pages for the course CNIT at CNIT (CNIT 242 Final Exam)
[Show more]
Content preview
CNIT 242 Final ExamWhat does AAA stand for? - answer Authentication, Authorization, and Accounting
What question does Authentication answer? - answer Do you have the credentials
necessary to access this system?
What question does Authorization answer? - answer Once authenticated, what do you
have permission to do?
What question does Accounting answer? - answer Once authorized to access a
resource, how much of the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - answer What
you know, what you have, what you are, where you are
What is two-factor authentication? - answer Using two of the 4 authentication
qualifications to prove an identity.
What 2 steps does the authentication process involve? - answer Identification and proof
of identification
What are ways to provide identification? - answer User ID, physical object (such as
ATM card), biometrics, digital certificates
What are ways to provide proof of identification? - answer passwords, access codes,
one-time tokens, biometrics, digital certificates
What are strategic ways to develop user IDs? - answer computer generated (NEVER
simple names), sometimes created to some algorithm, NEVER use the same as email
address
True or False: UID / password combo can be a powerful method of authentication if
properly managed - answerTrue
What is the number one rule of password security? - answerDON'T WRITE
PASSWORDS DOWN
What is the security tradeoff with password? - answerThe more strict the password
rules, the higher the chances users will violate the first rule of secure passwords
,What are biometrics? - answerauthentication. functions as both ID and proof of ID,
separated into physiological and behavioral
What are digital certificates? - answera form of authentication. encrypted data files that
uses a Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - answerRemote Access Dial-In
User Service, both Authentication and Authorization
What does TACAS+ stand for? - answerTerminal Access Controller Access Control
Service Plus
Where does authentication across the network exist? - answeron the local computer by
default, but in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - answerthe domain, not the
local machine
How is authorization accomplished? - answerthrough rights and permissions
What level do group policies assign rights to? - answersystem
What level do access control lists assign permissions to? - answerobject
What is an access control list? - answersimplest method of providing authorization, but
requires a separate authentication method. they are attached to/located on the resource
What do ACLs contain? - answera list of authorized users and their authorization levels
When do "share" permissions apply? - answerwhen the resource is accessed over a
network
What 3 servers does Kerberos require? - answerone authentication server, one ticket
granting server, and at least one application server
What is the basic concept of Kerberos? - answerIf a secret is known by only two people,
either person can verify the identity of the other by confirming that the other person
knows the secret.
What is the purpose of a Kerberos Realm? - answeradmins create the realms which
encompass all that is available to access. a realm defines what Kerberos manages in
terms of who can access what.
What is within a Kerberos Realm? - answerWithin the realm is the Client and the
service/host machine to which they requested access. There is also the Key Distribution
Center which hold the Authentication S and TGS
,In Kerberos, when requesting access to a service or host, three interactions take place
between you and: - answerthe Authentication Server, the Ticket Granting Server, and
the Service or host machine that you're wanting access to
What will you receive with each interaction in Kerberos? - answerTwo messages. Each
message is one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate
directly with the KDC? - answerNo, they do not!
Where are all the secret keys for user machines and services stored in Kerberos? -
answerthe KDC
What are secret keys (in Kerberos)? - answerpasswords plus a salt that are hashed
True or False: There are passwords on the services/host machines that use Kerberos. -
answerFalse
What happens during the set up of Kerberos? - answerhash algorithm is chosen for
secret keys, admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - answersymmetric/private key, but can
be configured to use public key
How is the KDC protected? - answerit itself is encrypted with a master key
What are traits of TACAS? - answerCisco-proprietary, TCP, AAA are separate
processes
What are traits of RADIUS? - answerOpen standard, UDP, combines Authentication
and Authorization, only encrypts password
What are traits of Kerberos? - answerAuthentication only, no Authorization or
Accounting
What standard does naming in AD follow? - answerLDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain
forest? - answertrust relationships
Does creating AD groups as "Universal" maximize performance? - answerno, it does
not maximize
When is the Authoritative DNS server contacted? - answerWhen the configured DNS
server does not have the record in its database/cache
, Can users access their files when not connected to the network using Roaming User
Profiles? - answerNo, that's not what roaming profiles do
What is the order in which group policies are applied? - answerlocal, site, domain, OU
T/F: leaf objects can inherit attributes from its parent containers - answerT
T/F: X.500 is the original basis for Kerberos - answerF
What resource can provide centralized user authentication, and enables a general
"phone book" about network users? - answera directory
Does AD use LDAP to do Authentication and Authorization? - answerno...just
authorization
What is a directory? - answera centralized, hierarchical information repository about
objects in an IT system
What types of objects does a directory organize and centralize information about? -
answerusers, groups, devices, servers, external applications
What are directory services? - answerProtocols, functions, and APIs that allow access
to directory information, the benefit provided by the directory to the users
Can a directory be used as the basis for single sign on? - answeryeah boi it can
Tr/Fa: a directory provides for granularity of administration through its hierarchical
grouping structure - answerTr
What logical view is a directory organized into? What are the 3 main components? -
answera "tree". root, branch and leaf
What are the two ways a directory can be arranged/organized? - answergeographic or
functional
What is pruning and grafting? - answermoving items in the directory to new locations,
such as individual users, groups, computers, or even whole sections of the directory
What are attributes? - answerVariables with values that are relevant to items in that part
of the directory
Why do items inherit attributes based on their location in the directory? - answerEnsures
consistency across items within a directory location
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller julianah420. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $14.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80202 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now