Which of the following is NOT part of the Kerberos authentication protocol?
Correct Answer: D
There is no such component within kerberos environment. Kerberos uses only symmetric encryption and does not make use of any public key component. The other answers are incorrect because : Symmetric key cryptography is a part of Kerberos as the KDC holds all the users' and services' secret keys. Authentication service (AS) : KDC (Key Distribution Center) provides an authentication service Principals : Key Distribution Center provides services to principals , which can be users , applications or network services. References: Shon Harris , AIO v3 , Chapter - 4: Access Control , Pages : 152-155.
Question 92
What mechanism does a system use to compare the security labels of a subject and an object?
Correct Answer: B
Because the Reference Monitor is responsible for access control to the objects by the subjects it compares the security labels of a subject and an object. According to the OIG: The reference monitor is an access control concept referring to an abstract machine that mediates all accesses to objects by subjects based on information in an access control database. The reference monitor must mediate all access, be protected from modification, be verifiable as correct, and must always be invoked. The reference monitor, in accordance with the security policy, controls the checks that are made in the access control database. The following are incorrect: Validation Module. A Validation Module is typically found in application source code and is used to validate data being inputted. Clearance Check. Is a distractor, there is no such thing other than what someone would do when checking if someone is authorized to access a secure facility. Security Module. Is typically a general purpose module that prerforms a variety of security related functions. References: OIG CBK, Security Architecture and Design (page 324) AIO, 4th Edition, Security Architecture and Design, pp 328-328. Wikipedia - http://en.wikipedia.org/wiki/Reference_monitor
Question 93
Which of the following is not a DES mode of operation?
Correct Answer: C
Section: Cryptography Explanation Explanation/Reference: Output feedback (OFB) is a DES mode of operation, not input feedback. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 149).
Question 94
Which of the following access control models requires security clearance for subjects?
Correct Answer: D
Explanation/Reference: With mandatory access control (MAC), the authorization of a subject's access to an object is dependant upon labels, which indicate the subject's clearance. Identity-based access control is a type of discretionary access control. A role-based access control is a type of non-discretionary access control. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 2: Access control systems (page 33).
Question 95
What is the primary difference between FTP and TFTP?
Correct Answer: B
Section: Network and Telecommunications Explanation/Reference: TFTP (Trivial File Transfer Protocol) is sometimes used to transfer configuration files from equipments such as routers but the primary difference between FTP and TFTP is that TFTP does not require authentication. Speed and ability to automate are not important. Both of these protocols (FTP and TFTP) can be used for transferring files across the Internet. The differences between the two protocols are explained below: FTP is a complete, session-oriented, general purpose file transfer protocol. TFTP is used as a bare-bones special purpose file transfer protocol. FTP can be used interactively. TFTP allows only unidirectional transfer of files. FTP depends on TCP, is connection oriented, and provides reliable control. TFTP depends on UDP, requires less overhead, and provides virtually no control. FTP provides user authentication. TFTP does not. FTP uses well-known TCP port numbers: 20 for data and 21 for connection dialog. TFTP uses UDP port number 69 for its file transfer activity. The Windows NT FTP server service does not support TFTP because TFTP does not support authentication. Windows 95 and TCP/IP-32 for Windows for Workgroups do not include a TFTP client program. Ref: http://support.microsoft.com/kb/102737
