This set of MongoDB Multiple Choice Questions & Answers (MCQs) focuses on “Kerberos Authentication”.
1. For each _______ the Kerberos Key Distribution Center (KDC) maintains a database of the realm’s principal and the principals’ associated “secret keys”.
a) key
b) realm
c) document
d) none of the mentioned
View Answer
Explanation: Principals belong to administrative units called realms.
2. Point out the correct statement :
a) MongoDB Enterprise provides support for Kerberos authentication of MongoDB clients to mongod and mongos
b) Kerberos is an industry standard authentication protocol for large client/server systems
c) Kerberos allows MongoDB and applications to take advantage of existing authentication infrastructure and processes
d) All of the mentioned
View Answer
Explanation: In a Kerberos-based system, every participant in the authenticated communication is known as a “principal”, and every principal must have a unique name.
3. For a client-server authentication, the client requests from the KDC a ________ for access to a specific asset.
a) ticket
b) local
c) token
d) user
View Answer
Explanation: KDC uses the client’s secret and the server’s secret to construct the ticket which allows the client and server to mutually authenticate each other, while keeping the secrets hidden.
4. To authenticate using Kerberos, you must add the Kerberos user principals to MongoDB to the _________ database.
a) $internal
b) $external
c) $extern
d) None of the mentioned
View Answer
Explanation: For every user you want to authenticate using Kerberos, you must create a corresponding user in MongoDB in the $external database.
5. Point out the wrong statement :
a) Authorization determines the verified user’s access to resources and operations
b) MongoDB does not support authentication mechanisms
c) To authenticate a client in MongoDB, you must add a corresponding user to MongoDB
d) None of the mentioned
View Answer
Explanation: In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to authenticate their membership.
6. To specify a different value for
a) servicepwd
b) serviceName
c) servicelogin
d) none of the mentioned
View Answer
Explanation: mongo shell or other clients may also specify a different service principal name using serviceName.
7. Linux systems can store Kerberos authentication keys for a service principal in ______ files.
a) Client
b) Server
c) keytab
d) All of the mentioned
View Answer
Explanation: To keep keytab files secure, use file permissions that restrict access to only the user that runs the mongod or mongos process.
8. MongoDB __________ supports authentication using a Kerberos service.
a) Standard
b) Express
c) Enterprise
d) None of the mentioned
View Answer
Explanation: Kerberos is an industry standard authentication protocol for large client/server systems.
9. On Linux, MongoDB clients can use Kerberos’s _______ program to initialize a credential cache for authenticating the user principal to servers.
a) knight
b) kinit
c) Knite
d) None of the mentioned
View Answer
Explanation: Unlike on Linux systems, mongod and mongos instances running on Windows do not require access to keytab files.
10. The MongoDB _________ Console interface does not support Kerberos authentication.
a) TCP
b) HTTP
c) HTTPS
d) None of the mentioned
View Answer
Explanation: Each host that runs a mongod or mongos instance must have both A and PTR DNS records to provide forward and reverse lookup.
Sanfoundry Global Education & Learning Series – MongoDB.
Here’s the list of Best Reference Books in MongoDB.
