Week 3

Question 1

Three A’s of security

Answer 1

Authentication, authorization, accounting

Question 2

Identification

Answer 2

Idea of describing an entity uniquely

Example: your email address

Question 3

What must an org do to issue client certificates?

Answer 3

Must set up and maintain CA infrastructure to issue and sign certificates

Question 4

Certificate revocation list

Answer 4

A signed list published by the CA which defines certificates that have been explicitly revoked

Question 5

RADIUS

Answer 5

A protocol that provides AAA services for users on a network

Question 6

Kerberos

Answer 6

A network authentication protocol that uses “tickets” to allow entities to prove their identity over potentially insecure channels to provide mutual authentication

Question 7

TACACS+

Answer 7

Primarily used for device administration, authentication, authorization, and accounting

Question 8

What is an example of a service that uses single sign on authentication?

Answer 8

Kerberos

Question 9

Authorization

Answer 9

Pertains to what the user accountants access to, or doesn’t have access to

Question 10

OAuth

Answer 10

An open standard that allows users to grant third party websites and applications access to their information without sharing account credentials

Question 11

Access Control List

Answer 11

A way of defining permissions or authorizations for objects

Question 12

Accounting

Answer 12

Keeping records of what resources and services your users accessed, or what they did when they were using your systems