MCQs on Security and Authentication in HDFS | Hadoop HDFS
Explore key concepts of Security and Authentication in HDFS, including Kerberos Authentication, setup in Hadoop, file access control, and HDFS ACLs. Test your knowledge with these 30 multiple-choice questions to master Hadoop security.
Introduction to Kerberos Authentication
- Which of the following is a primary purpose of Kerberos in Hadoop?
- A) File storage
- B) Data compression
- C) Authentication and Authorization
- D) Distributed data processing
- Kerberos is based on which type of encryption?
- A) Symmetric encryption
- B) Asymmetric encryption
- C) Hash encryption
- D) None of the above
- In Kerberos, the entity that issues the Ticket Granting Ticket (TGT) is known as:
- A) Key Distribution Center (KDC)
- B) Authentication Server (AS)
- C) Ticket Granting Server (TGS)
- D) Client
- What is the function of the Authentication Server (AS) in Kerberos?
- A) To issue the TGT to clients
- B) To distribute data between nodes
- C) To manage HDFS file access
- D) To store password hashes
- The Ticket Granting Ticket (TGT) is used to:
- A) Validate users without re-entering credentials
- B) Authenticate network traffic
- C) Store encryption keys
- D) Log user activities
- Which file stores the Kerberos configuration on a client node?
- A) krb5.conf
- B) kerberos.keytab
- C) hdfs-site.xml
- D) core-site.xml
- What is the role of the Key Distribution Center (KDC) in Kerberos authentication?
- A) Encrypt data
- B) Store credentials
- C) Issue TGTs and service tickets
- D) Monitor network traffic
- Which of the following is required to configure Kerberos for Hadoop?
- A) SSL certificate
- B) Kerberos server
- C) HDFS configuration files
- D) Java Runtime Environment
- Which Hadoop component requires Kerberos authentication to access HDFS securely?
- A) MapReduce
- B) YARN
- C) HDFS
- D) Hive
- What happens if a client loses its Ticket Granting Ticket (TGT)?
- A) The client can still access Hadoop services
- B) The client needs to request a new TGT
- C) The client’s session expires permanently
- D) The client can access data without authentication
Setting Up Kerberos in Hadoop
- Which configuration file in Hadoop defines the Kerberos principal and keytab file?
- A) hdfs-site.xml
- B) core-site.xml
- C) mapred-site.xml
- D) krb5.conf
- Which command is used to generate a Kerberos keytab file for a service principal in Hadoop?
- A) kinit
- B) ktutil
- C) hadoop-kerberos
- D) klist
- What is the purpose of the
kinitcommand in Kerberos authentication?- A) Generate Kerberos keytab
- B) Obtain a TGT
- C) Refresh the TGT
- D) Check the status of Kerberos tickets
- Which command can you use to verify Kerberos authentication in a Hadoop cluster?
- A) klist
- B) kinit
- C) kerberos-status
- D) hdfs kerberos-check
- To configure Kerberos authentication, which Hadoop file must include the KDC address?
- A) krb5.conf
- B) hdfs-site.xml
- C) core-site.xml
- D) yarn-site.xml
- What should be done after setting up Kerberos for Hadoop to ensure secure authentication?
- A) Disable all security protocols
- B) Restart Hadoop daemons
- C) Rebuild the Hadoop cluster
- D) Remove all keytab files
- How can a Hadoop service access Kerberos without manual authentication?
- A) By using a shared keytab file
- B) By using a public key infrastructure
- C) By requiring manual password input
- D) By relying on an SSL certificate
- Which component requires its own Kerberos principal for authentication in Hadoop?
- A) HDFS NameNode
- B) ResourceManager
- C) MapReduce JobTracker
- D) All of the above
- What is a keytab file in Kerberos?
- A) A list of all Kerberos users
- B) A cache for encrypted data
- C) A file storing Kerberos credentials for automated authentication
- D) A backup file for user passwords
- After setting up Kerberos, which Hadoop component needs to be restarted to apply changes?
- A) HDFS DataNode
- B) HDFS NameNode
- C) YARN ResourceManager
- D) All of the above
HDFS Permissions and File Access Control
- In HDFS, who can set file permissions?
- A) Only the HDFS administrator
- B) Any user with write access
- C) The file owner and superusers
- D) Any user with read access
- What are the default file permissions in HDFS when a file is created?
- A) rw-r–r–
- B) rwxrwxrwx
- C) rw-rw-rw-
- D) rwx——
- Which of the following can HDFS permissions be applied to?
- A) Files only
- B) Directories only
- C) Both files and directories
- D) None of the above
- Which command would you use to change file permissions in HDFS?
- A) chmod
- B) hdfs-permission
- C) hdfs-chmod
- D) setfacl
- In HDFS, who is the default owner of a file?
- A) The administrator
- B) The user who created the file
- C) The Hadoop service account
- D) The superuser
- Which of the following is true about HDFS file permissions?
- A) It only supports read and write access
- B) It uses the Linux file permission model
- C) It ignores user and group ownership
- D) Permissions cannot be modified after file creation
- HDFS permissions are based on which of the following models?
- A) ACLs
- B) User, group, and others
- C) File encryption
- D) Role-based access control
- What happens if you try to access a file in HDFS without sufficient permissions?
- A) Access is granted with limited features
- B) Access is denied and an error is returned
- C) The file is automatically decrypted
- D) The system logs the attempt and proceeds
- Who can change the ownership of a file in HDFS?
- A) Only the file owner
- B) The Hadoop administrator
- C) Anyone with read access
- D) Anyone with write access
- Which command in HDFS shows the file permissions of a directory or file?
- A) hdfs ls
- B) hdfs permissions
- C) hdfs stat
- D) hdfs view
HDFS ACLs (Access Control Lists)
- What is the purpose of Access Control Lists (ACLs) in HDFS?
- A) Encrypt file data
- B) Grant more granular permissions than traditional HDFS permissions
- C) Compress file storage
- D) Monitor file access logs
- Which command would you use to modify an ACL for a file in HDFS?
- A) hdfs setacl
- B) hdfs acl modify
- C) hdfs acl add
- D) setfacl
- Which of the following does HDFS ACLs allow that traditional permissions do not?
- A) The ability to set permissions for a specific user, group, or other
- B) The ability to track file usage
- C) The ability to encrypt files
- D) The ability to change the file owner
- How are ACLs applied to a file in HDFS?
- A) By modifying the file metadata
- B) Through the file’s encryption settings
- C) By adding entries for each user and group
- D) Through a background service
- What does the “default” ACL in HDFS control?
- A) Permissions on a file after it is created
- B) The encryption of the file contents
- C) The storage location of the file
- D) The network access to the file
Answer Key
| Qno | Answer (Option with the text) |
|---|---|
| 1 | C) Authentication and Authorization |
| 2 | A) Symmetric encryption |
| 3 | A) Key Distribution Center (KDC) |
| 4 | A) To issue the TGT to clients |
| 5 | A) Validate users without re-entering credentials |
| 6 | A) krb5.conf |
| 7 | C) Issue TGTs and service tickets |
| 8 | B) Kerberos server |
| 9 | C) HDFS |
| 10 | B) The client needs to request a new TGT |
| 11 | B) core-site.xml |
| 12 | B) ktutil |
| 13 | B) Obtain a TGT |
| 14 | A) klist |
| 15 | A) krb5.conf |
| 16 | B) Restart Hadoop daemons |
| 17 | A) By using a shared keytab file |
| 18 | D) All of the above |
| 19 | C) A file storing Kerberos credentials for automated authentication |
| 20 | D) All of the above |
| 21 | C) The file owner and superusers |
| 22 | A) rw-r–r– |
| 23 | C) Both files and directories |
| 24 | A) chmod |
| 25 | B) The user who created the file |
| 26 | B) It uses the Linux file permission model |
| 27 | B) User, group, and others |
| 28 | B) Access is denied and an error is returned |
| 29 | B) The Hadoop administrator |
| 30 | A) hdfs ls |
| 31 | B) Grant more granular permissions than traditional HDFS permissions |
| 32 | A) hdfs setacl |
| 33 | A) The ability to set permissions for a specific user, group, or other |
| 34 | A) By modifying the file metadata |
| 35 | A) Permissions on a file after it is created |