Week 3: AAA Security (Not Roadside Assistance)

 


1. How is authentication different from authorization?

  • Authentication is identifying a resource; authorization is verifying access to an identity.
  • Authentication is verifying access to a resource; authorization is verifying an identity.
  • Authentication is verifying an identity; authorization is verifying access to a resource. 
  • They’re the same thing.

2. What are some characteristics of a strong password? Check all that apply,

  • Contains dictionary words
  • Includes numbers and special characters 
  • Is at least eight characters long 
  • Is used across accounts and systems

3. In a multi-factor authentication scheme, a password can be thought of as:

  • something you are.
  • something you know. 
  • something you have.
  • something you use.

4. What are some drawbacks to using biometrics for authentication? Check all that apply.

  • There are potential privacy concerns. 
  • Biometric authentication is much slower than alternatives.
  • Biometric authentication is difficult or impossible to change if compromised.
  • Biometrics are easy to share.

5. In what way are U2F tokens more secure than OTP generators?

  • They can’t be cloned.
  • They’re password-protected.
  • They’re cheaper.
  • They’re resistant to phishing attacks.

6. What elements of a certificate are inspected when a certificate is verified? Check all that apply.

  • Trust of the signatory CA 
  • Certificate key size
  • “Not valid after” date 
  • “Not valid before” date 

7. What is a CRL?

  • Caramel Raspberry Lemon
  • Certificate Recording Language
  • Certificate Revocation List 
  • Certified Recursive Listener

Explanation: In the realm of digital certificates, a Certificate Revocation List (CRL) is a compilation of digital certificates that have been revoked by the issuing Certificate Authority (CA) prior to the expiry date that was originally set for them. In order to determine whether or not a given certificate is still deemed valid, relying parties, such as browsers or other systems that use digital certificates, may use the CRL to verify the validity of the certificate.

8. What are the names of similar entities that a Directory server organizes entities into?

  • Organizational Units 
  • Clusters
  • Groups
  • Trees

Explanation: When using a directory server, entities are arranged into containers or other similar entities that are referred to as "Organizational Units" (OUs respectively). Organizational Units provide a method for organizing and managing directory information in a hierarchical fashion. This makes it possible to organize the directory in a logical manner and makes it simpler to administer entities that are included inside the directory.

Therefore, in the context of a directory server, you have entries or entities, and these may be grouped and structured into Organizational Units for the purpose of facilitating effective administration and navigation within the directory hierarchy.

9. True or false: The Network Access Server handles the actual authentication in a RADIUS scheme.

  • True
  • False 

Explanation: Refuted. In a system known as RADIUS, which stands for Remote Authentication Dial-In User Service, the Network Access Server (NAS) is the entity that is accountable for transmitting authentication and permission requests to the RADIUS server. The RADIUS server is the entity that is responsible for managing the actual security procedures, including authentication and authorization. For the purpose of validating user credentials and determining access rights, the network attached storage (NAS) functions as a client to the RADIUS server and talks with it.

10. True or false: Clients authenticate directly against the RADIUS server.

  • True
  • False 

Explanation: Indeed. RADIUS stands for Remote Authentication Dial-In User Service. In this kind of authentication system, clients (which might include people or network devices) authenticate themselves directly against the RADIUS server. Authentication requests are sent from the client to the RADIUS server, which then evaluates these requests, verifies the user credentials, and decides which authentication method is appropriate.

11. What does a Kerberos authentication server issue to a client that successfully authenticates?

  • A ticket-granting ticket 
  • An encryption key
  • A digital certificate
  • A master password

Explanation: When a client successfully authenticates themselves inside a Kerberos authentication system, the Kerberos Authentication Server will send the client a "Ticket-Granting Ticket" (TGT) to acknowledge their successful authentication. Within the Kerberos realm, the TGT is a unique token that it is possible for the client to utilize in order to make a request for service tickets for certain services.

The TGT is encrypted with the client's secret key, and it may be provided to the Ticket-Granting Server (TGS) in order to get service tickets for accessing a variety of network services. This eliminates the need to re-enter credentials for each individual service. Within the Kerberos authentication framework, this approach makes the authentication procedure easier to understand and significantly improves the level of security.

12. What advantages does single sign-on offer? Check all that apply.

  • It enforces multifactor authentication.
  • It reduces the total number of credentials
  • It provides encrypted authentication.
  • It reduces time spent authenticating. 

13. What does OpenID provide?

  • Digital signatures
  • Cryptographic hashing
  • Certificate signing
  • Authentication delegation 

 

14. What role does authorization play?

  • It determines whether or not an entity has access to a resource. 
  • It verifies an entity’s identity.
  • It verifies passwords.
  • It provides strong encryption.

Explanation: When it comes to defining which activities or resources a fully authorized user is permitted to access inside a system or application, authorization is an extremely important factor to consider. Authorization is the process of defining and enforcing the rights and privileges that are associated with a user's identification once initial authentication of that user has been completed.

15. What does OAuth provide?

  • Confidentiality
  • Integrity
  • Access delegation 
  • Secure communications

16. How is auditing related to accounting?

  • They’re not related.
  • They’re the same thing.
  • Accounting is reviewing records, while auditing is recording access and usage.
  • Accounting is recording access and usage, while auditing is reviewing these records. 

Explanation: In the same way that peanut butter and jelly go together, auditing and accounting go hand in hand. Consider accounting to be the time-consuming process of documenting, summarizing, and evaluating the transactions that occur in the financial sector. The role of the suspicious investigator is now played by auditing, which is responsible for verifying that the financial statements that accountants have created are accurate and dependable.

In basic words, accounting is concerned with the day-to-day financial operations, while auditing is concerned with ensuring that everything is in order and doing a second check to ensure that everything is in order. It is the same as having a reliable buddy go over your homework to ensure that you did not inadvertently add an additional zero to that significant number.

You may like these posts

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.