|
|
ITS 4210 -Access Control, Authentication, and PKI
Review for Second Test
The following questions are provided to help you study for
the second test. Do not expect to see these exact questions on the test.
- The text starts out with the idea that access requires a
subject and an object. What do those words mean, with regard to network
resources?
- What does perimeter security mean?
- How does landscaping affect intruders? How does it affect
surveillance cameras?
- Name a case in which we care more about when someone leaves
a location than when they enter it.
- What is an appropriate use of a series of bollards?
- What are the two major divisions of biometrics?
- With regard to biometrics, what is enrollment? What is
identification?
- How do most fingerprint scanners work that do not rely on a
photograph?
- There are two kinds of eye scans. Name them and and tell me
which is more prone to errors caused by surgery, glasses, or contact
lenses.
- What are false acceptance and false rejection?
- What is a crossover error rate?
- What is the difference between an ACL and an ACE? What does
each contain?
- Where are we likely to find Kerberos being used?
- What feature of a device does a Layer 2 control usually
depend on?
- What are two features of a packet that are typically used
for filtering on routers and firewalls?
- Why does it make sense to establish guidelines after you
establish policies, standards, and procedures?
- Why should standards follow the selection or creation of
policies?
- How does the use of roles and groups make assigning and
removing rights more manageable and uniform?
- What is the difference between the methods used in
symmetric key cryptography and asymmetric key cryptography?
- What is the difference between public key cryptography and
public key infrastructure?
- When you make a purchase across the Internet do you use
the vendor's public or private key?
- If we decide to create key pairs inside our own
organization, what would we need a certificate authority for?
- What are algorithms use for regarding keys and encryption?
- If we have a symmetric key system for 10 users who need to
all send and receive securely to each of the others, how may keys do we
need?
- What is secure about my encrypting a message with your
public key in a public key system?
- What is the point of encrypting a message with your private
key and sending it to me?
- What are some of the fields we expect to see in a digital
certificate? What standard must it follow?
- What is done with private keys when they are compromised?
What is done with digital certificates when they are compromised?
- What does the text mean when it says that PKI does not
prove that the holder of a key pair is trustworthy?
|