MCQs on HDFS Advanced Security | Hadoop HDFS
Unlock the secrets of HDFS Advanced Security with this collection of MCQs, covering Kerberos Authentication, LDAP Integration, Encryption in HDFS, and Auditing and Compliance. Learn how to safeguard your Hadoop ecosystem with the latest security practices and configurations.
Topic 1: Advanced Kerberos Authentication Configuration
- What is the primary role of Kerberos authentication in HDFS security?
a) To provide encryption for data at rest
b) To authenticate users and services securely
c) To enable multi-node communication
d) To manage HDFS block replication - Which protocol does Kerberos use for authenticating HDFS clients?
a) LDAP
b) Kerberos ticket-granting protocol
c) RPC
d) SSL/TLS - In Kerberos, what is a principal?
a) A data block
b) A key for encryption
c) An identity for authentication
d) A user’s password - What command is used to create a Kerberos principal for HDFS?
a)kadmin
b)create-principal
c)kinit
d)hdfs-kerberos - How does Kerberos prevent unauthorized access in HDFS?
a) By allowing anonymous access
b) By using a shared password for all users
c) By issuing time-limited tickets for service access
d) By replicating access logs - What is the role of the Key Distribution Center (KDC) in Kerberos authentication?
a) To manage service data storage
b) To store encrypted files
c) To issue and verify Kerberos tickets
d) To monitor DataNode activity - Which component of HDFS needs to be Kerberos-enabled for secure authentication?
a) DataNodes
b) ResourceManager
c) NameNode
d) All of the above - What happens if a Kerberos ticket expires in HDFS?
a) The client gets automatically logged out
b) The client can access HDFS without restrictions
c) A new ticket is issued automatically
d) The client is denied access and must reauthenticate - What is the purpose of a Service Principal Name (SPN) in Kerberos?
a) To identify the user
b) To map the service to the Kerberos realm
c) To manage HDFS block replication
d) To store user passwords - How is Kerberos authentication integrated into HDFS when configuring it for high availability?
a) By using shared storage
b) By enabling cross-realm authentication
c) By setting up Kerberos for the active and standby NameNodes
d) By increasing the replication factor
Topic 2: Managing HDFS with LDAP Integration
- What is the purpose of integrating LDAP with HDFS?
a) To enhance performance
b) To manage user authentication and authorization
c) To reduce replication overhead
d) To compress data during storage - Which service does HDFS use for LDAP authentication?
a) OpenLDAP
b) Microsoft Active Directory
c) Both OpenLDAP and Active Directory
d) Apache Kafka - How does HDFS authenticate users with LDAP integration?
a) By checking against the local user database
b) By querying the LDAP directory for user credentials
c) By using Kerberos tickets
d) By issuing one-time passwords - What configuration file in HDFS is modified to enable LDAP authentication?
a)core-site.xml
b)hdfs-site.xml
c)ldap-site.xml
d)krb5.conf - Which LDAP attribute is typically used to store user credentials in an LDAP server?
a)uid
b)userPassword
c)cn
d)login - How does LDAP help in managing user permissions in HDFS?
a) By storing the file system hierarchy
b) By creating and managing access control lists (ACLs)
c) By performing regular backups
d) By automatically configuring replication - What is one advantage of using LDAP for user management in HDFS?
a) Faster data replication
b) Centralized user management across multiple services
c) Better fault tolerance
d) Automatic block size adjustments - Can HDFS use LDAP for both authentication and authorization?
a) Yes
b) No, only for authentication
c) No, only for authorization
d) No, LDAP is not compatible with HDFS - What does HDFS do after successfully authenticating a user via LDAP?
a) The user is granted unlimited access
b) A Kerberos ticket is generated
c) The user’s permissions are fetched from the LDAP server
d) The user is assigned a unique HDFS password - What LDAP protocol is used for securely accessing user data?
a) LDAPv2
b) LDAPS (LDAP over SSL)
c) SAML
d) OpenID
Topic 3: Encryption in HDFS (Data-at-Rest and Data-in-Transit)
- What does “data-at-rest” refer to in HDFS encryption?
a) Data that is currently being processed
b) Data that is stored on disk but not being accessed
c) Data that is being transferred over the network
d) Data that is deleted from the system - Which encryption method is used for encrypting data-at-rest in HDFS?
a) Symmetric encryption
b) Asymmetric encryption
c) Block-level encryption
d) End-to-end encryption - What is the default encryption algorithm used in HDFS for data-at-rest?
a) AES-128
b) AES-256
c) RSA
d) Triple DES - How does HDFS handle data-in-transit encryption?
a) By using SSL/TLS for communication between clients and servers
b) By compressing the data before sending it
c) By encrypting the metadata
d) By encrypting only large files - What component is responsible for managing encryption keys in HDFS?
a) NameNode
b) Key Management Server (KMS)
c) ResourceManager
d) DataNode - What must be configured to enable encryption in HDFS?
a) HDFS replication
b) Key management and encryption zones
c) LDAP authentication
d) Block report interval - Which tool in HDFS allows for managing encryption keys?
a)hdfs encryption
b)hdfs kms
c)hdfs keymanager
d)hdfs encrypt - Which of the following is true about HDFS encryption for data-at-rest?
a) It uses a unique key for every file
b) It encrypts both file data and metadata
c) It only encrypts large files
d) It does not require any additional configuration - What is a key advantage of encrypting data in transit in HDFS?
a) Reduces storage space usage
b) Protects data from eavesdropping and tampering
c) Speeds up data transfer
d) Minimizes replication - Which protocol is commonly used for data-in-transit encryption in HDFS?
a) SSL/TLS
b) Kerberos
c) IPsec
d) SSH
Answers Table
| QNo | Answer |
|---|---|
| 1 | b) To authenticate users and services securely |
| 2 | b) Kerberos ticket-granting protocol |
| 3 | c) An identity for authentication |
| 4 | a) kadmin |
| 5 | c) By issuing time-limited tickets for service access |
| 6 | c) To issue and verify Kerberos tickets |
| 7 | d) All of the above |
| 8 | d) The client is denied access and must reauthenticate |
| 9 | b) To map the service to the Kerberos realm |
| 10 | c) By setting up Kerberos for the active and standby NameNodes |
| 11 | b) To manage user authentication and authorization |
| 12 | c) Both OpenLDAP and Active Directory |
| 13 | b) By querying the LDAP directory for user credentials |
| 14 | a) core-site.xml |
| 15 | b) userPassword |
| 16 | b) By creating and managing access control lists (ACLs) |
| 17 | b) Centralized user management across multiple services |
| 18 | a) Yes |
| 19 | c) The user’s permissions are fetched from the LDAP server |
| 20 | b) LDAPS (LDAP over SSL) |
| 21 | b) Data that is stored on disk but not being accessed |
| 22 | a) Symmetric encryption |
| 23 | b) AES-256 |
| 24 | a) By using SSL/TLS for communication between clients and servers |
| 25 | b) Key Management Server (KMS) |
| 26 | b) Key management and encryption zones |
| 27 | b) hdfs kms |
| 28 | b) It encrypts both file data and metadata |
| 29 | b) Protects data from eavesdropping and tampering |
| 30 | a) SSL/TLS |