Cyber Security Exam Questions and Answers Latest 2025
Access Control - Answers controlling access to resources on a computer or network system.
MAC - Answers Mandatory Access Control (MAC) models, the administrator manages access controls.
The administrator defines a policy, which users cannot modify. For highest confidentiality.
DAC - Answers Discretionary Access Control (DAC). A subject has complete control over the objects that
it owns and the programs that it executes. Programs executed by a user will have the same permissions
as the user who is executing it.
RBAC - Answers In Role Based Access Control models, an administrator defines a series of roles and
assigns them to subjects. Different roles can exist for system processes and ordinary users. Objects are
set to be a certain type, to which subjects with a certain role have access.
RB-RBAC - Answers Rule-Based Access Control. Dynamically assigns roles to subjects based on their
attributes and a set of rules defined by a security policy.
Identification - Answers Telling the system who you are
Authentication - Answers Process of proving to a system that you are who you say you are.
Something you know (i.e. a username and password).
Something you have (i.e. a smartcard)
Something you are (i.e. your finger print, hand writing, voice pattern)
Multi-factor authentication = two or more authentication methods used in conjunction
Password guessing/Brute-force attacks - Answers Password checker tries the password until it succeeds.
Password aging - Answers As a password gets older there's an increased chance of it getting disclosed.
Cognitive passwords - Answers Your mother's last name, 'matrix' or 'qwerty'. When a person or
password checker tries to guess the password, it will typically start with common words.
CHAP - Answers The Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol
that is primarily used for remote access PPP connections. Replaced the Plain Authentication Protocol
(PAP). CHAP uses a more secure method, when a client wants to logon, the server sends a challenge
request to the client, the client replies with a challenge response which is a hashed (one-way encrypted)
value based on the username/password-combination and a random number. Vulnerable to brute force
and dictionary attacks.
Certificate - Answers An electronic document that typically contains a public key and personal user
information. Offer better security against brute-force or dictionary attacks and password guessing than
username/password-based authentication methods.
, Certification Authority (CA) - Answers Issues certificates to entities such as users, organizations, web
sites and other CAs. As long as the CA can be considered a trustworthy authority, the certificates (and
the key and entity combination in it) issued by it can be trusted as well.
EAP-TLS (Enhanced Authentication Protocol - Transport Layer Security) - Answers A mutual
authentication method, which means that both the client and the server prove their identities to each
other. During the EAP-TLS authentication process, the remote access client sends its user certificate and
the remote access server sends its computer certificate.
Kerberos (Authentication) - Answers A fairly secure, but also complex and comprehensive,
authentication system, default in Windows, version 5.
There are three primary elements in a Kerberos system:
Client, which is the Kerberos client application representing a principal (computer or user or software
application).
Target server, provides the service the client wants to access.
Key Distribution Center (KDC), handles the distribution of keys and tickets.
Kerberos Process - Answers Authentication Service (AS) Exchange - When the client logs on, the KDC
issues a logon session key and a Ticket-Granting Ticket to the client, after the KDC has verified the
client's encrypted user credentials.
Ticket-Granting Service (TGS) Exchange - The client utilizes the TGT and the logon session key to request
a new session key and ticket to be used between the client and the target server.
Client-Server (CS) Exchange - The client sends the new ticket, including the new session key, to the
target server to authenticate itself and to provide the target server with the session key. Optionally, the
target server uses the new session key to authenticate itself to the client.
Single Sign On (SSO) - Answers Allows a user to logon only once and be able to access all different
resources in the network, such as e-mail, file servers, Intranet, etc. Attribute of Kerberos.
Mutual authentication - Answers A client authenticates to a service, and the service authenticates to the
client, before any application traffic is exchanged. Can be implemented using simple authentication
protocols or more advanced solutions such as Kerberos, commonly found in SSL (Secure Socket Layer)
connections.
Biometrics - Answers Very secure type of authentication that uses anatomical and physiological
characteristics to authenticate a user, "something you are." Requires a lot of storage, processing power,
and appropriate conditions.
Ex: Finger print, voice, palm, retina, iris, facial, etc.
Access Control - Answers controlling access to resources on a computer or network system.
MAC - Answers Mandatory Access Control (MAC) models, the administrator manages access controls.
The administrator defines a policy, which users cannot modify. For highest confidentiality.
DAC - Answers Discretionary Access Control (DAC). A subject has complete control over the objects that
it owns and the programs that it executes. Programs executed by a user will have the same permissions
as the user who is executing it.
RBAC - Answers In Role Based Access Control models, an administrator defines a series of roles and
assigns them to subjects. Different roles can exist for system processes and ordinary users. Objects are
set to be a certain type, to which subjects with a certain role have access.
RB-RBAC - Answers Rule-Based Access Control. Dynamically assigns roles to subjects based on their
attributes and a set of rules defined by a security policy.
Identification - Answers Telling the system who you are
Authentication - Answers Process of proving to a system that you are who you say you are.
Something you know (i.e. a username and password).
Something you have (i.e. a smartcard)
Something you are (i.e. your finger print, hand writing, voice pattern)
Multi-factor authentication = two or more authentication methods used in conjunction
Password guessing/Brute-force attacks - Answers Password checker tries the password until it succeeds.
Password aging - Answers As a password gets older there's an increased chance of it getting disclosed.
Cognitive passwords - Answers Your mother's last name, 'matrix' or 'qwerty'. When a person or
password checker tries to guess the password, it will typically start with common words.
CHAP - Answers The Challenge Handshake Authentication Protocol (CHAP) is an authentication protocol
that is primarily used for remote access PPP connections. Replaced the Plain Authentication Protocol
(PAP). CHAP uses a more secure method, when a client wants to logon, the server sends a challenge
request to the client, the client replies with a challenge response which is a hashed (one-way encrypted)
value based on the username/password-combination and a random number. Vulnerable to brute force
and dictionary attacks.
Certificate - Answers An electronic document that typically contains a public key and personal user
information. Offer better security against brute-force or dictionary attacks and password guessing than
username/password-based authentication methods.
, Certification Authority (CA) - Answers Issues certificates to entities such as users, organizations, web
sites and other CAs. As long as the CA can be considered a trustworthy authority, the certificates (and
the key and entity combination in it) issued by it can be trusted as well.
EAP-TLS (Enhanced Authentication Protocol - Transport Layer Security) - Answers A mutual
authentication method, which means that both the client and the server prove their identities to each
other. During the EAP-TLS authentication process, the remote access client sends its user certificate and
the remote access server sends its computer certificate.
Kerberos (Authentication) - Answers A fairly secure, but also complex and comprehensive,
authentication system, default in Windows, version 5.
There are three primary elements in a Kerberos system:
Client, which is the Kerberos client application representing a principal (computer or user or software
application).
Target server, provides the service the client wants to access.
Key Distribution Center (KDC), handles the distribution of keys and tickets.
Kerberos Process - Answers Authentication Service (AS) Exchange - When the client logs on, the KDC
issues a logon session key and a Ticket-Granting Ticket to the client, after the KDC has verified the
client's encrypted user credentials.
Ticket-Granting Service (TGS) Exchange - The client utilizes the TGT and the logon session key to request
a new session key and ticket to be used between the client and the target server.
Client-Server (CS) Exchange - The client sends the new ticket, including the new session key, to the
target server to authenticate itself and to provide the target server with the session key. Optionally, the
target server uses the new session key to authenticate itself to the client.
Single Sign On (SSO) - Answers Allows a user to logon only once and be able to access all different
resources in the network, such as e-mail, file servers, Intranet, etc. Attribute of Kerberos.
Mutual authentication - Answers A client authenticates to a service, and the service authenticates to the
client, before any application traffic is exchanged. Can be implemented using simple authentication
protocols or more advanced solutions such as Kerberos, commonly found in SSL (Secure Socket Layer)
connections.
Biometrics - Answers Very secure type of authentication that uses anatomical and physiological
characteristics to authenticate a user, "something you are." Requires a lot of storage, processing power,
and appropriate conditions.
Ex: Finger print, voice, palm, retina, iris, facial, etc.
