CNIT 242 Final Exam Questions and Answers Already Passed

CNIT 242 Final Exam Questions and Answers Already Passed What does AAA stand for? Authentication, Authorization, and Accounting What question does Authentication answer? Do you have the credentials necessary to access this system? What question does Authorization answer? Once authenticated, what do you have permission to do? What question does Accounting answer? Once authorized to access a resource, how much of the resource are you using? Authentication can be accomplished using any of what 4 qualifications? What you know, what you have, what you are, where you are What is two-factor authentication? Using two of the 4 authentication qualifications to prove an identity. What 2 steps does the authentication process involve? Identification and proof of identification What are ways to provide identification? User ID, physical object (such as ATM card), biometrics, digital certificates What are ways to provide proof of identification? passwords, access codes, one-time tokens, biometrics, digital certificates What are strategic ways to develop user IDs? computer generated (NEVER simple names), sometimes created to some algorithm, NEVER use the same as email address True or False: UID / password combo can be a powerful method of authentication if properly managed True What is the number one rule of password security? DON'T WRITE PASSWORDS DOWN What is the security tradeoff with password? The more strict the password rules, the higher the chances users will violate the first rule of secure passwords What are biometrics? authentication. functions as both ID and proof of ID, separated into physiological and behavioral What are digital certificates? a form of authentication. encrypted data files that uses a Certificate Authority to guarantee the identity of the holder What does RADIUS stand for and what does it provide? Remote Access Dial-In User Service, both Authentication and Authorization What does TACAS+ stand for? Terminal Access Controller Access Control Service Plus Where does authentication across the network exist? on the local computer by default, but in an enterprise environment, it will be on a different server In a domain environment, what is authenticated against? the domain, not the local machine How is authorization accomplished? through rights and permissions What level do group policies assign rights to? system What level do access control lists assign permissions to? object What is an access control list? simplest method of providing authorization, but requires a separate authentication method. they are attached to/located on the resource What do ACLs contain? a list of authorized users and their authorization levels When do "share" permissions apply? when the resource is accessed over a network What 3 servers does Kerberos