Chapter 12: Practice Test 4 451
- C. The client sends its existing valid TGT to the KDC and requests access to the resource.
- A. The KDC must verify that the TGT is valid and whether the user has the right
privileges to access the service it is requesting access to. If it does, it generates a service
ticket and sends it to the client (step B). - C. When a client connects to a service server (SS), it sends the following two messages:
■ (^) The client-to-server ticket, encrypted using the service’s secret key
■ (^) A new authenticator, including the client ID and time stamp that is encrypted using the
Client/Server session key.
The server or service that is being accessed receives all of the data it needs in the
service ticket. To do so, the client uses a client-to-server ticket received from the Ticket
Granting Service.
- B. The service ticket in Kerberos authentication provides proof that a subject is authorized
to access an object. Ticket granting services are provided by the TGS. Proof that a subject
has authenticated and can request tickets to other objects uses ticket-granting tickets, and
authentication host is a made-up term. - C. A series of questions that the user has previously provided the answer to or which the
user knows the answers to like the questions listed is known as a cognitive password. A
passphrase consists of a phrase or series of words, whereas multifactor authentication
consists of two or more authenticators, like a password and a biometric factor or a
onetime token-based code. - B. CDMA, GSM, and IDEN are all 2G technologies. EDGE, DECT, and UTMS are all
examples of 3G technologies, whereas 4G technologies include WiMax, LTE, and IEE
802.20 mobile broadband. - A. Dry pipe, deluge, and preaction systems all use pipes that remain empty until the
system detects signs of a fire. Closed-head systems use pipes filled with water that may
damage equipment if there is damage to a pipe. - A. Protected Health Information (PHI) is defined by HIPAA to include health information
used by healthcare providers, like medical treatment, history, and billing. Personally
Identifiable Information is information that can be used to identify an individual, which
may be included in the PHI but isn’t specifically this type of data. Protected Health
Insurance and Individual Protected Data are both made-up terms. - B. Manual testing uses human understanding of business logic to assess program flow
and responses. Mutation or generational fuzzing will help determine how the program
responds to expected inputs but does not test the business logic. Interface testing ensures
that data exchange between modules works properly but does not focus on the logic of the
program or application.
6 7. A. A Type 1 authentication factor is something you know. A Type 2 authentication factor
is something you have, like a smartcard or hardware token. A Type 3 authentication
factor is something you are, like a biometric identifier. There is no such thing as a Type 4
authentication factor.