CISSP PRACTICE QUESTIONS – 20211123

Effective CISSP Questions

Which of the following is the best expression for an authentication service to access a directory? (Wentz QOTD)
A. Distinguished Name
B. Common Name
C. Domain Name
D. Alias Name

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Distinguished Name.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Distinguished Names and Relative Distinguished Names
Distinguished Names and Relative Distinguished Names (Source: https://slideplayer.com/slide/9398663/)

Directory Names

A directory is the repository of entities. Instances of entities are called objects. X.500 is a standard that provides an overview of concepts, models, and services of a directory based on the ISO OSI model. It introduces the concept of the Distinguished Name as the notation of a directory object. Common names and relative distinguished names are parts of a distinguished name.

LDAP is a lightweight version of X.500 based on TCP/IP; it is commonly implemented to access (connect, add, modify, delete, and retrieve) a directory.

DNS Names

Domain Names are used to locate and connect to a directory service that manages a directory. Alias names (Amazon Route 53 specific) and canonical names are used for DNS resource records.

The following is an example of a DNS zone file with resource records, excerpted from Wikipedia:

$ORIGIN example.com.     ; designates the start of this zone file in the namespace
$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name
example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com

Reference


以下哪一項是身份驗證服務訪問目錄的最佳表示式(expression)? (Wentz QOTD)
A. 專有名稱 (distinguished name)
B. 通用名稱 (common name)
C. 域名 (domain name)
D. 別名 (alias name)



Leave a Reply