CNIT 242 EXAM 1 QUESTIONS AND ANSWERS
3 A's - Answer -Authorization, Accounting, Authentication
What can you use to accomplish authentication? - Answer -What you know, what you
have, what you are, where you are
What are the two basic parts of authentication? - Answer -Who you are, and proof that
you are who you say you are (ID & Proof of ID)
Examples of Identification - Answer -User ID, physical object (ATM card), biometrics,
digital certificates
Examples of Proof of Identification - Answer -Password, access code, one-time token,
biometrics, digital certificates
T/F: It is good practice for user ID to be the same as email address. - Answer -False
Rules of passwords - Answer -1. Don't write them down!
Avoid easy to guess passwords, do not let them contain account name or display name,
force periodic password changes between 30 days-1 year, disallow last x passwords,
use non-alpha characters, disallow plain English passwords.
protocols to enable communication for authentication - Answer -Domain logon, RADIAS
(Remote Authentication Dial In User Service), TACACS+ (Terminal Access Controller
Access Control System)
Define authorization - Answer -Users should only be allowed to access resources that
they are supposed to be able to access.
T/F: it is best to assign rights and permissions to groups rather than to individual users.
- Answer -True
What is an ACL? - Answer -Access control list, simplest method of providing
authorization. Contain a list of authorized users and their authorization level, are
attached to individual resources. Used in Windows.
T/F: Kerberos, by default, uses public-key cryptography. - Answer -False. Kerberos can
be configured to use public-key cryptography, but is typically reliant on symmetric key
cryptography.
In Kerberos, what is a KDC? - Answer -Key Distribution Center: stores all of the secret
keys for user machines and services in its database.
, T/F: In Kerberos, the KDC and the machine you request access to communicate
directly. - Answer -False
What is Accounting? - Answer -Once authorized to access a resource, how much of the
resource are you using?
Define directory - Answer -A directory is a centralized, hierarchical information
repository about objects in an IT system. Functions to organize and centralize info and
objects.
What is Directory Services? - Answer -Protocols, functions, and APIs that allow access
to directory information
What is DAP? What is LDAP? - Answer -DAP: Directory Access Protocol; LDAP:
Lightweight Directory Access Protocol
What are some functions of a directory? - Answer -Provides centralized authentication;
enables a generic "phone book" about network users; provides granularity of
administration
How is a directory structured? - Answer -Uses a hierarchical grouping structure:
arranged in a tree fashion with root, branch, leaf.
How are resources distinguished in the directory structure? - Answer -Via their position
in the directory tree. Uniqueness of name is limited to a single location.
How are directories typically arranged? - Answer -Either geographically or functionally
(both are fine, some use both)
What does pruning and grafting refer to? - Answer -Items in a directory can be moved
to new locations in the directory. Any item can be moved except the root (users, groups,
computers, whole sections of the directory)
T/F: if an item in a directory is moved from one location to another, it loses its old
inherited attributes and gains new ones. - Answer -True
What is a leaf in directory structure? - Answer -Any object that cannot contain other
objects in the directory (e.g., person, computer, printer)
What is a directory enabled application? - Answer -Core application that relies on the
directory for information (like user logon, VPN authentication, etc)
What is a distinguished name? - Answer -DN is used to refer to individual entries in a
directory.
3 A's - Answer -Authorization, Accounting, Authentication
What can you use to accomplish authentication? - Answer -What you know, what you
have, what you are, where you are
What are the two basic parts of authentication? - Answer -Who you are, and proof that
you are who you say you are (ID & Proof of ID)
Examples of Identification - Answer -User ID, physical object (ATM card), biometrics,
digital certificates
Examples of Proof of Identification - Answer -Password, access code, one-time token,
biometrics, digital certificates
T/F: It is good practice for user ID to be the same as email address. - Answer -False
Rules of passwords - Answer -1. Don't write them down!
Avoid easy to guess passwords, do not let them contain account name or display name,
force periodic password changes between 30 days-1 year, disallow last x passwords,
use non-alpha characters, disallow plain English passwords.
protocols to enable communication for authentication - Answer -Domain logon, RADIAS
(Remote Authentication Dial In User Service), TACACS+ (Terminal Access Controller
Access Control System)
Define authorization - Answer -Users should only be allowed to access resources that
they are supposed to be able to access.
T/F: it is best to assign rights and permissions to groups rather than to individual users.
- Answer -True
What is an ACL? - Answer -Access control list, simplest method of providing
authorization. Contain a list of authorized users and their authorization level, are
attached to individual resources. Used in Windows.
T/F: Kerberos, by default, uses public-key cryptography. - Answer -False. Kerberos can
be configured to use public-key cryptography, but is typically reliant on symmetric key
cryptography.
In Kerberos, what is a KDC? - Answer -Key Distribution Center: stores all of the secret
keys for user machines and services in its database.
, T/F: In Kerberos, the KDC and the machine you request access to communicate
directly. - Answer -False
What is Accounting? - Answer -Once authorized to access a resource, how much of the
resource are you using?
Define directory - Answer -A directory is a centralized, hierarchical information
repository about objects in an IT system. Functions to organize and centralize info and
objects.
What is Directory Services? - Answer -Protocols, functions, and APIs that allow access
to directory information
What is DAP? What is LDAP? - Answer -DAP: Directory Access Protocol; LDAP:
Lightweight Directory Access Protocol
What are some functions of a directory? - Answer -Provides centralized authentication;
enables a generic "phone book" about network users; provides granularity of
administration
How is a directory structured? - Answer -Uses a hierarchical grouping structure:
arranged in a tree fashion with root, branch, leaf.
How are resources distinguished in the directory structure? - Answer -Via their position
in the directory tree. Uniqueness of name is limited to a single location.
How are directories typically arranged? - Answer -Either geographically or functionally
(both are fine, some use both)
What does pruning and grafting refer to? - Answer -Items in a directory can be moved
to new locations in the directory. Any item can be moved except the root (users, groups,
computers, whole sections of the directory)
T/F: if an item in a directory is moved from one location to another, it loses its old
inherited attributes and gains new ones. - Answer -True
What is a leaf in directory structure? - Answer -Any object that cannot contain other
objects in the directory (e.g., person, computer, printer)
What is a directory enabled application? - Answer -Core application that relies on the
directory for information (like user logon, VPN authentication, etc)
What is a distinguished name? - Answer -DN is used to refer to individual entries in a
directory.
