MongoDB Questions and Answers – Kerberos Authentication

This set of MongoDB Multiple Choice Questions & Answers (MCQs) focuses on “Kerberos Authentication”.

1. For each _______ the Kerberos Key Distribution Center (KDC) maintains a database of the realm’s principal and the principal’s associated “secret keys”.
a) key
b) realm
c) document
d) none of the mentioned
View Answer

Answer: b
Explanation: Principals belong to administrative units called realms.

2. Point out the correct statement.
a) MongoDB Enterprise provides support for Kerberos authentication of MongoDB clients to mongod and mongos
b) Kerberos is an industry standard authentication protocol for large client/server systems
c) Kerberos allows MongoDB and applications to take advantage of existing authentication infrastructure and processes
d) All of the mentioned
View Answer

Answer: d
Explanation: In a Kerberos-based system, every participant in the authenticated communication is known as a “principal”, and every principal must have a unique name.

3. For a client-server authentication, the client requests from the KDC a ________ for access to a specific asset.
a) ticket
b) local
c) token
d) user
View Answer

Answer: a
Explanation: KDC uses the client’s secret and the server’s secret to construct the ticket which allows the client and server to mutually authenticate each other, while keeping the secrets hidden.

4. To authenticate using Kerberos, you must add the Kerberos user principals to MongoDB to the _________ database.
a) $internal
b) $external
c) $extern
d) None of the mentioned
View Answer

Answer: b
Explanation: For every user you want to authenticate using Kerberos, you must create a corresponding user in MongoDB in the $external database.

advertisement
advertisement

5. To specify a different value for <service>, use ________ during the start up of mongod.
a) servicepwd
b) serviceName
c) servicelogin
d) none of the mentioned
View Answer

Answer: b
Explanation: mongo shell or other clients may also specify a different service principal name using serviceName.

6. Linux systems can store Kerberos authentication keys for a service principal in ______ files.
a) Client
b) Server
c) keytab
d) All of the mentioned
View Answer

Answer: c
Explanation: To keep keytab files secure, use file permissions that restrict access to only the user that runs the mongod or mongos process.

Sanfoundry Certification Contest of the Month is Live. 100+ Subjects. Participate Now!

7. On Linux, MongoDB clients can use Kerberos’s _______ program to initialize a credential cache for authenticating the user principal to servers.
a) knight
b) kinit
c) Knite
d) None of the mentioned
View Answer

Answer: b
Explanation: Unlike on Linux systems, mongod and mongos instances running on Windows do not require access to keytab files.

8. The MongoDB _________ Console interface does not support Kerberos authentication.
a) TCP
b) HTTP
c) HTTPS
d) None of the mentioned
View Answer

Answer: b
Explanation: Each host that runs a mongod or mongos instance must have both A and PTR DNS records to provide forward and reverse lookup.

advertisement

Sanfoundry Global Education & Learning Series – MongoDB.

Here’s the list of Best Books in MongoDB.

advertisement

If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]

advertisement
advertisement
Subscribe to our Newsletters (Subject-wise). Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!

Youtube | Telegram | LinkedIn | Instagram | Facebook | Twitter | Pinterest
Manish Bhojasia - Founder & CTO at Sanfoundry
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He lives in Bangalore, and focuses on development of Linux Kernel, SAN Technologies, Advanced C, Data Structures & Alogrithms. Stay connected with him at LinkedIn.

Subscribe to his free Masterclasses at Youtube & discussions at Telegram SanfoundryClasses.