CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
What does AAA stand for? - (ANSWER)Authentication, Authorization, and Accounting
What question does Authentication answer? - (ANSWER)Do you have the credentials necessary to
access this system?
What question does Authorization answer? - (ANSWER)Once authenticated, what do you have
permission to do?
What question does Accounting answer? - (ANSWER)Once authorized to access a resource, how much of
the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - (ANSWER)What you know,
what you have, what you are, where you are
What is two-factor authentication? - (ANSWER)Using two of the 4 authentication qualifications to prove
an identity.
What 2 steps does the authentication process involve? - (ANSWER)Identification and proof of
identification
What are ways to provide identification? - (ANSWER)User ID, physical object (such as ATM card),
biometrics, digital certificates
What are ways to provide proof of identification? - (ANSWER)passwords, access codes, one-time tokens,
biometrics, digital certificates
What are strategic ways to develop user IDs? - (ANSWER)computer generated (NEVER simple names),
sometimes created to some algorithm, NEVER use the same as email address
True or False: UID / password combo can be a powerful method of authentication if properly managed -
(ANSWER)True
,CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
What is the number one rule of password security? - (ANSWER)DON'T WRITE PASSWORDS DOWN
What is the security tradeoff with password? - (ANSWER)The more strict the password rules, the higher
the chances users will violate the first rule of secure passwords
What are biometrics? - (ANSWER)authentication. functions as both ID and proof of ID, separated into
physiological and behavioral
What are digital certificates? - (ANSWER)a form of authentication. encrypted data files that uses a
Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - (ANSWER)Remote Access Dial-In User Service,
both Authentication and Authorization
What does TACAS+ stand for? - (ANSWER)Terminal Access Controller Access Control Service Plus
Where does authentication across the network exist? - (ANSWER)on the local computer by default, but
in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - (ANSWER)the domain, not the local machine
How is authorization accomplished? - (ANSWER)through rights and permissions
What level do group policies assign rights to? - (ANSWER)system
What level do access control lists assign permissions to? - (ANSWER)object
What is an access control list? - (ANSWER)simplest method of providing authorization, but requires a
separate authentication method. they are attached to/located on the resource
,CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
What do ACLs contain? - (ANSWER)a list of authorized users and their authorization levels
When do "share" permissions apply? - (ANSWER)when the resource is accessed over a network
What 3 servers does Kerberos require? - (ANSWER)one authentication server, one ticket granting server,
and at least one application server
What is the basic concept of Kerberos? - (ANSWER)If a secret is known by only two people, either person
can verify the identity of the other by confirming that the other person knows the secret.
What is the purpose of a Kerberos Realm? - (ANSWER)admins create the realms which encompass all
that is available to access. a realm defines what Kerberos manages in terms of who can access what.
What is within a Kerberos Realm? - (ANSWER)Within the realm is the Client and the service/host
machine to which they requested access. There is also the Key Distribution Center which hold the
Authentication S and TGS
In Kerberos, when requesting access to a service or host, three interactions take place between you and:
- (ANSWER)the Authentication Server, the Ticket Granting Server, and the Service or host machine that
you're wanting access to
What will you receive with each interaction in Kerberos? - (ANSWER)Two messages. Each message is
one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate directly with the KDC?
- (ANSWER)No, they do not!
Where are all the secret keys for user machines and services stored in Kerberos? - (ANSWER)the KDC
What are secret keys (in Kerberos)? - (ANSWER)passwords plus a salt that are hashed
, CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
True or False: There are passwords on the services/host machines that use Kerberos. - (ANSWER)False
What happens during the set up of Kerberos? - (ANSWER)hash algorithm is chosen for secret keys,
admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - (ANSWER)symmetric/private key, but can be
configured to use public key
How is the KDC protected? - (ANSWER)it itself is encrypted with a master key
What are traits of TACAS? - (ANSWER)Cisco-proprietary, TCP, AAA are separate processes
What are traits of RADIUS? - (ANSWER)Open standard, UDP, combines Authentication and
Authorization, only encrypts password
What are traits of Kerberos? - (ANSWER)Authentication only, no Authorization or Accounting
What standard does naming in AD follow? - (ANSWER)LDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain forest? -
(ANSWER)trust relationships
Does creating AD groups as "Universal" maximize performance? - (ANSWER)no, it does not maximize
When is the Authoritative DNS server contacted? - (ANSWER)When the configured DNS server does not
have the record in its database/cache
Can users access their files when not connected to the network using Roaming User Profiles? -
(ANSWER)No, that's not what roaming profiles do
What does AAA stand for? - (ANSWER)Authentication, Authorization, and Accounting
What question does Authentication answer? - (ANSWER)Do you have the credentials necessary to
access this system?
What question does Authorization answer? - (ANSWER)Once authenticated, what do you have
permission to do?
What question does Accounting answer? - (ANSWER)Once authorized to access a resource, how much of
the resource are you using?
Authentication can be accomplished using any of what 4 qualifications? - (ANSWER)What you know,
what you have, what you are, where you are
What is two-factor authentication? - (ANSWER)Using two of the 4 authentication qualifications to prove
an identity.
What 2 steps does the authentication process involve? - (ANSWER)Identification and proof of
identification
What are ways to provide identification? - (ANSWER)User ID, physical object (such as ATM card),
biometrics, digital certificates
What are ways to provide proof of identification? - (ANSWER)passwords, access codes, one-time tokens,
biometrics, digital certificates
What are strategic ways to develop user IDs? - (ANSWER)computer generated (NEVER simple names),
sometimes created to some algorithm, NEVER use the same as email address
True or False: UID / password combo can be a powerful method of authentication if properly managed -
(ANSWER)True
,CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
What is the number one rule of password security? - (ANSWER)DON'T WRITE PASSWORDS DOWN
What is the security tradeoff with password? - (ANSWER)The more strict the password rules, the higher
the chances users will violate the first rule of secure passwords
What are biometrics? - (ANSWER)authentication. functions as both ID and proof of ID, separated into
physiological and behavioral
What are digital certificates? - (ANSWER)a form of authentication. encrypted data files that uses a
Certificate Authority to guarantee the identity of the holder
What does RADIUS stand for and what does it provide? - (ANSWER)Remote Access Dial-In User Service,
both Authentication and Authorization
What does TACAS+ stand for? - (ANSWER)Terminal Access Controller Access Control Service Plus
Where does authentication across the network exist? - (ANSWER)on the local computer by default, but
in an enterprise environment, it will be on a different server
In a domain environment, what is authenticated against? - (ANSWER)the domain, not the local machine
How is authorization accomplished? - (ANSWER)through rights and permissions
What level do group policies assign rights to? - (ANSWER)system
What level do access control lists assign permissions to? - (ANSWER)object
What is an access control list? - (ANSWER)simplest method of providing authorization, but requires a
separate authentication method. they are attached to/located on the resource
,CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
What do ACLs contain? - (ANSWER)a list of authorized users and their authorization levels
When do "share" permissions apply? - (ANSWER)when the resource is accessed over a network
What 3 servers does Kerberos require? - (ANSWER)one authentication server, one ticket granting server,
and at least one application server
What is the basic concept of Kerberos? - (ANSWER)If a secret is known by only two people, either person
can verify the identity of the other by confirming that the other person knows the secret.
What is the purpose of a Kerberos Realm? - (ANSWER)admins create the realms which encompass all
that is available to access. a realm defines what Kerberos manages in terms of who can access what.
What is within a Kerberos Realm? - (ANSWER)Within the realm is the Client and the service/host
machine to which they requested access. There is also the Key Distribution Center which hold the
Authentication S and TGS
In Kerberos, when requesting access to a service or host, three interactions take place between you and:
- (ANSWER)the Authentication Server, the Ticket Granting Server, and the Service or host machine that
you're wanting access to
What will you receive with each interaction in Kerberos? - (ANSWER)Two messages. Each message is
one that you can decrypt, and one that you can not.
In Kerberos, does the service/machine you are requesting access to communicate directly with the KDC?
- (ANSWER)No, they do not!
Where are all the secret keys for user machines and services stored in Kerberos? - (ANSWER)the KDC
What are secret keys (in Kerberos)? - (ANSWER)passwords plus a salt that are hashed
, CNIT 242 FINAL EXAM QUESTIONS AND ANSWERS 2025
True or False: There are passwords on the services/host machines that use Kerberos. - (ANSWER)False
What happens during the set up of Kerberos? - (ANSWER)hash algorithm is chosen for secret keys,
admin choses a key for the service/host machine to memorize
What type of cryptography does Kerberos use? - (ANSWER)symmetric/private key, but can be
configured to use public key
How is the KDC protected? - (ANSWER)it itself is encrypted with a master key
What are traits of TACAS? - (ANSWER)Cisco-proprietary, TCP, AAA are separate processes
What are traits of RADIUS? - (ANSWER)Open standard, UDP, combines Authentication and
Authorization, only encrypts password
What are traits of Kerberos? - (ANSWER)Authentication only, no Authorization or Accounting
What standard does naming in AD follow? - (ANSWER)LDAP standard
What needs to be formed among domain trees (explicitly or implicitly) to build a domain forest? -
(ANSWER)trust relationships
Does creating AD groups as "Universal" maximize performance? - (ANSWER)no, it does not maximize
When is the Authoritative DNS server contacted? - (ANSWER)When the configured DNS server does not
have the record in its database/cache
Can users access their files when not connected to the network using Roaming User Profiles? -
(ANSWER)No, that's not what roaming profiles do
