In the Kerberos network authentication system, clients, the KDC, and application servers are the well-known three-headed architectural components. Which of the following best describes the operations of Kerberos? (Source: Wentz QOTD)
A. The KDC manages all the keys and is resistant to denial-of-service attacks.
B. Clients on the network interact with the KDC and servers asynchronously.
C. Realms must be organized hierarchically to support cross-realm authentication.
D. Initial ticket requests from clients are handled by the authentication service (AS).
You’re implementing a VPN solution to connect a branch office to the headquarters through gateways with a T1 connection to the internet and ISDN BRI service as redundancy. Which of the following is least likely employed to authenticate VPN connections? (Source: Wentz QOTD)
You’re implementing IPsec to protect data in transit. Which of the following is the least feasible through IPsec? (Source: Wentz QOTD)
A. Build a virtual data link over frame relay to connect two remote offices
B. Secure TFTP traffic that updates the firmware of network devices
C. Protect traffic between browsers and the enterprise information portal over LAN
D. Authenticate security gateways that establish the tunnel between two remote offices
You’re implementing an L2TP/IPsec VPN solution to support remote employees. Which of the following is not true? (Source: Wentz QOTD)
A. AH may not be available in IPsec
B. AH ensures integrity only, but not confidentiality through encryption
C. Implementation of ESP is a mandatory requirement of IPsec
D. ESP ensures both confidentiality and the same level of integrity as AH does
I added more information about the confusing C&A process into the post, Jargons: V&V and C&A. The newly added materials are included as follows.
Added on 2020/07/30:
There were various information system certification and accreditation processes across the US federal agencies, such as DITSCAP, DIACAP, NIACAP, NISCAP, and DCID 6/3. Those legacy C&A processes can be confusing because of the diversity and inconsistency across agencies. For example, the obsolete DITSCAP C&A process treated V&V as phases in its C&A process. Thanks to the NIST RMF (SP 800-37 R2), it becomes the latest and unified version of C&A.
The NIST RMF is integrated with the SDLC detailed in NIST SP 800-160 v1, which is aligned with the SDLC introduced in ISO 15288. In other words, terminologies certification and accreditation are not used in the NIST RMF any more. C&A (Certification and Accreditation) is replaced by A&A (Assessment and Authorization) in RMF and V&V (Verification and Validation) in ISO 15288.