CNIT 242 Final Exam
What does AAA stand for? - answer Authentication, Authorization, and Accounting
What question does Authentication answer? - answer Do you have the credentials
necessary to access this system?
What question does Authorization answer? - answer Once authenticated, what do you
have permission to do?
What question does Accounting answer? - answer Once authorized to access a
resource, how much of the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - answer What
you know, what you have, what you are, where you are
What is two-factor authentication? - answer Using two of the 4 authentication
qualifications to prove an identity.
What 2 steps does the authentication process involve? - answer Identification and proof
of identification
What are ways to provide identification? - answer User ID, physical object (such as
ATM card), biometrics, digital certificates
What are ways to provide proof of identification? - answer passwords, access codes,
one-time tokens, biometrics, digital certificates
What are strategic ways to develop user IDs? - answer computer generated (NEVER
simple names), sometimes created to some algorithm, NEVER use the same as email
address
True or False: UID / password combo can be a powerful method of authentication if
properly managed - answerTrue
What is the number one rule of password security? - answerDON'T WRITE
PASSWORDS DOWN
What is the security tradeoff with password? - answerThe more strict the password
rules, the higher the chances users will violate the first rule of secure passwords
,What are biometrics? - answerauthentication. functions as both ID and proof of ID,
separated into physiological and behavioral
What are digital certificates? - answera form of authentication. encrypted data files that
uses a Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - answerRemote Access Dial-In
User Service, both Authentication and Authorization
What does TACAS+ stand for? - answerTerminal Access Controller Access Control
Service Plus
Where does authentication across the network exist? - answeron the local computer by
default, but in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - answerthe domain, not the
local machine
How is authorization accomplished? - answerthrough rights and permissions
What level do group policies assign rights to? - answersystem
What level do access control lists assign permissions to? - answerobject
What is an access control list? - answersimplest method of providing authorization, but
requires a separate authentication method. they are attached to/located on the resource
What do ACLs contain? - answera list of authorized users and their authorization levels
When do "share" permissions apply? - answerwhen the resource is accessed over a
network
What 3 servers does Kerberos require? - answerone authentication server, one ticket
granting server, and at least one application server
What is the basic concept of Kerberos? - answerIf a secret is known by only two people,
either person can verify the identity of the other by confirming that the other person
knows the secret.
What is the purpose of a Kerberos Realm? - answeradmins create the realms which
encompass all that is available to access. a realm defines what Kerberos manages in
terms of who can access what.
What is within a Kerberos Realm? - answerWithin the realm is the Client and the
service/host machine to which they requested access. There is also the Key Distribution
Center which hold the Authentication S and TGS
,In Kerberos, when requesting access to a service or host, three interactions take place
between you and: - answerthe Authentication Server, the Ticket Granting Server, and
the Service or host machine that you're wanting access to
What will you receive with each interaction in Kerberos? - answerTwo messages. Each
message is one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate
directly with the KDC? - answerNo, they do not!
Where are all the secret keys for user machines and services stored in Kerberos? -
answerthe KDC
What are secret keys (in Kerberos)? - answerpasswords plus a salt that are hashed
True or False: There are passwords on the services/host machines that use Kerberos. -
answerFalse
What happens during the set up of Kerberos? - answerhash algorithm is chosen for
secret keys, admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - answersymmetric/private key, but can
be configured to use public key
How is the KDC protected? - answerit itself is encrypted with a master key
What are traits of TACAS? - answerCisco-proprietary, TCP, AAA are separate
processes
What are traits of RADIUS? - answerOpen standard, UDP, combines Authentication
and Authorization, only encrypts password
What are traits of Kerberos? - answerAuthentication only, no Authorization or
Accounting
What standard does naming in AD follow? - answerLDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain
forest? - answertrust relationships
Does creating AD groups as "Universal" maximize performance? - answerno, it does
not maximize
When is the Authoritative DNS server contacted? - answerWhen the configured DNS
server does not have the record in its database/cache
, Can users access their files when not connected to the network using Roaming User
Profiles? - answerNo, that's not what roaming profiles do
What is the order in which group policies are applied? - answerlocal, site, domain, OU
T/F: leaf objects can inherit attributes from its parent containers - answerT
T/F: X.500 is the original basis for Kerberos - answerF
What resource can provide centralized user authentication, and enables a general
"phone book" about network users? - answera directory
Does AD use LDAP to do Authentication and Authorization? - answerno...just
authorization
What is a directory? - answera centralized, hierarchical information repository about
objects in an IT system
What types of objects does a directory organize and centralize information about? -
answerusers, groups, devices, servers, external applications
What are directory services? - answerProtocols, functions, and APIs that allow access
to directory information, the benefit provided by the directory to the users
Can a directory be used as the basis for single sign on? - answeryeah boi it can
Tr/Fa: a directory provides for granularity of administration through its hierarchical
grouping structure - answerTr
What logical view is a directory organized into? What are the 3 main components? -
answera "tree". root, branch and leaf
What are the two ways a directory can be arranged/organized? - answergeographic or
functional
What is pruning and grafting? - answermoving items in the directory to new locations,
such as individual users, groups, computers, or even whole sections of the directory
What are attributes? - answerVariables with values that are relevant to items in that part
of the directory
Why do items inherit attributes based on their location in the directory? - answerEnsures
consistency across items within a directory location
What does AAA stand for? - answer Authentication, Authorization, and Accounting
What question does Authentication answer? - answer Do you have the credentials
necessary to access this system?
What question does Authorization answer? - answer Once authenticated, what do you
have permission to do?
What question does Accounting answer? - answer Once authorized to access a
resource, how much of the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - answer What
you know, what you have, what you are, where you are
What is two-factor authentication? - answer Using two of the 4 authentication
qualifications to prove an identity.
What 2 steps does the authentication process involve? - answer Identification and proof
of identification
What are ways to provide identification? - answer User ID, physical object (such as
ATM card), biometrics, digital certificates
What are ways to provide proof of identification? - answer passwords, access codes,
one-time tokens, biometrics, digital certificates
What are strategic ways to develop user IDs? - answer computer generated (NEVER
simple names), sometimes created to some algorithm, NEVER use the same as email
address
True or False: UID / password combo can be a powerful method of authentication if
properly managed - answerTrue
What is the number one rule of password security? - answerDON'T WRITE
PASSWORDS DOWN
What is the security tradeoff with password? - answerThe more strict the password
rules, the higher the chances users will violate the first rule of secure passwords
,What are biometrics? - answerauthentication. functions as both ID and proof of ID,
separated into physiological and behavioral
What are digital certificates? - answera form of authentication. encrypted data files that
uses a Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - answerRemote Access Dial-In
User Service, both Authentication and Authorization
What does TACAS+ stand for? - answerTerminal Access Controller Access Control
Service Plus
Where does authentication across the network exist? - answeron the local computer by
default, but in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - answerthe domain, not the
local machine
How is authorization accomplished? - answerthrough rights and permissions
What level do group policies assign rights to? - answersystem
What level do access control lists assign permissions to? - answerobject
What is an access control list? - answersimplest method of providing authorization, but
requires a separate authentication method. they are attached to/located on the resource
What do ACLs contain? - answera list of authorized users and their authorization levels
When do "share" permissions apply? - answerwhen the resource is accessed over a
network
What 3 servers does Kerberos require? - answerone authentication server, one ticket
granting server, and at least one application server
What is the basic concept of Kerberos? - answerIf a secret is known by only two people,
either person can verify the identity of the other by confirming that the other person
knows the secret.
What is the purpose of a Kerberos Realm? - answeradmins create the realms which
encompass all that is available to access. a realm defines what Kerberos manages in
terms of who can access what.
What is within a Kerberos Realm? - answerWithin the realm is the Client and the
service/host machine to which they requested access. There is also the Key Distribution
Center which hold the Authentication S and TGS
,In Kerberos, when requesting access to a service or host, three interactions take place
between you and: - answerthe Authentication Server, the Ticket Granting Server, and
the Service or host machine that you're wanting access to
What will you receive with each interaction in Kerberos? - answerTwo messages. Each
message is one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate
directly with the KDC? - answerNo, they do not!
Where are all the secret keys for user machines and services stored in Kerberos? -
answerthe KDC
What are secret keys (in Kerberos)? - answerpasswords plus a salt that are hashed
True or False: There are passwords on the services/host machines that use Kerberos. -
answerFalse
What happens during the set up of Kerberos? - answerhash algorithm is chosen for
secret keys, admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - answersymmetric/private key, but can
be configured to use public key
How is the KDC protected? - answerit itself is encrypted with a master key
What are traits of TACAS? - answerCisco-proprietary, TCP, AAA are separate
processes
What are traits of RADIUS? - answerOpen standard, UDP, combines Authentication
and Authorization, only encrypts password
What are traits of Kerberos? - answerAuthentication only, no Authorization or
Accounting
What standard does naming in AD follow? - answerLDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain
forest? - answertrust relationships
Does creating AD groups as "Universal" maximize performance? - answerno, it does
not maximize
When is the Authoritative DNS server contacted? - answerWhen the configured DNS
server does not have the record in its database/cache
, Can users access their files when not connected to the network using Roaming User
Profiles? - answerNo, that's not what roaming profiles do
What is the order in which group policies are applied? - answerlocal, site, domain, OU
T/F: leaf objects can inherit attributes from its parent containers - answerT
T/F: X.500 is the original basis for Kerberos - answerF
What resource can provide centralized user authentication, and enables a general
"phone book" about network users? - answera directory
Does AD use LDAP to do Authentication and Authorization? - answerno...just
authorization
What is a directory? - answera centralized, hierarchical information repository about
objects in an IT system
What types of objects does a directory organize and centralize information about? -
answerusers, groups, devices, servers, external applications
What are directory services? - answerProtocols, functions, and APIs that allow access
to directory information, the benefit provided by the directory to the users
Can a directory be used as the basis for single sign on? - answeryeah boi it can
Tr/Fa: a directory provides for granularity of administration through its hierarchical
grouping structure - answerTr
What logical view is a directory organized into? What are the 3 main components? -
answera "tree". root, branch and leaf
What are the two ways a directory can be arranged/organized? - answergeographic or
functional
What is pruning and grafting? - answermoving items in the directory to new locations,
such as individual users, groups, computers, or even whole sections of the directory
What are attributes? - answerVariables with values that are relevant to items in that part
of the directory
Why do items inherit attributes based on their location in the directory? - answerEnsures
consistency across items within a directory location
