ITS 4210 -Access Control, Authentication, and PKI

Review for Second Test

The following questions are provided to help you study for the second test. Do not expect to see these exact questions on the test.


  1. The text starts out with the idea that access requires a subject and an object. What do those words mean, with regard to network resources?

  2. What does perimeter security mean?

  3. How does landscaping affect intruders? How does it affect surveillance cameras?

  4. Name a case in which we care more about when someone leaves a location than when they enter it.

  5. What is an appropriate use of a series of bollards?

  6. What are the two major divisions of biometrics?

  7. With regard to biometrics, what is enrollment? What is identification?

  8. How do most fingerprint scanners work that do not rely on a photograph?

  9. There are two kinds of eye scans. Name them and and tell me which is more prone to errors caused by surgery, glasses, or contact lenses.

  10. What are false acceptance and false rejection?

  11. What is a crossover error rate?

  12. What is the difference between an ACL and an ACE? What does each contain?

  13. Where are we likely to find Kerberos being used?

  14. What feature of a device does a Layer 2 control usually depend on?

  15. What are two features of a packet that are typically used for filtering on routers and firewalls?

  16. Why does it make sense to establish guidelines after you establish policies, standards, and procedures?

  17. Why should standards follow the selection or creation of policies?

  18. How does the use of roles and groups make assigning and removing rights more manageable and uniform?

  19. What is the difference between the methods used in symmetric key cryptography and asymmetric key cryptography?

  20. What is the difference between public key cryptography and public key infrastructure?

  21. When you make a purchase across the Internet do you use the vendor's public or private key?

  22. If we decide to create key pairs inside our own organization, what would we need a certificate authority for?

  23. What are algorithms use for regarding keys and encryption?

  24. If we have a symmetric key system for 10 users who need to all send and receive securely to each of the others, how may keys do we need?

  25. What is secure about my encrypting a message with your public key in a public key system?

  26. What is the point of encrypting a message with your private key and sending it to me?

  27. What are some of the fields we expect to see in a digital certificate? What standard must it follow?

  28. What is done with private keys when they are compromised? What is done with digital certificates when they are compromised?

  29. What does the text mean when it says that PKI does not prove that the holder of a key pair is trustworthy?