Effective CISSP Questions

Which of the following is the best expression for an authentication service to access a directory? (Wentz QOTD)
A. Distinguished Name
B. Common Name
C. Domain Name
D. Alias Name

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Distinguished Name.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Distinguished Names and Relative Distinguished Names
Distinguished Names and Relative Distinguished Names (Source:

Directory Names

A directory is the repository of entities. Instances of entities are called objects. X.500 is a standard that provides an overview of concepts, models, and services of a directory based on the ISO OSI model. It introduces the concept of the Distinguished Name as the notation of a directory object. Common names and relative distinguished names are parts of a distinguished name.

LDAP is a lightweight version of X.500 based on TCP/IP; it is commonly implemented to access (connect, add, modify, delete, and retrieve) a directory.

DNS Names

Domain Names are used to locate and connect to a directory service that manages a directory. Alias names (Amazon Route 53 specific) and canonical names are used for DNS resource records.

The following is an example of a DNS zone file with resource records, excerpted from Wikipedia:

$ORIGIN     ; designates the start of this zone file in the namespace
$TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value  IN  SOA ( 2020091025 7200 3600 1209600 3600 )  IN  NS    ns                    ; is a nameserver for  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for  IN  MX    10  ; is the mailserver for
@             IN  MX    20 ; equivalent to above line, "@" represents zone origin
@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name  IN  A             ; IPv4 address for
              IN  AAAA  2001:db8:10::1        ; IPv6 address for
ns            IN  A             ; IPv4 address for
              IN  AAAA  2001:db8:10::2        ; IPv6 address for
www           IN  CNAME          ; is an alias for
wwwtest       IN  CNAME www                   ; is another alias for
mail          IN  A             ; IPv4 address for
mail2         IN  A             ; IPv4 address for
mail3         IN  A             ; IPv4 address for


以下哪一項是身份驗證服務訪問目錄的最佳表示式(expression)? (Wentz QOTD)
A. 專有名稱 (distinguished name)
B. 通用名稱 (common name)
C. 域名 (domain name)
D. 別名 (alias name)

Leave a Reply