Explore key concepts in Cassandra security with a focus on authentication and authorization. This quiz covers user management, permissions, and access controls to help reinforce foundational knowledge in securing distributed databases.
Which setting must be changed to 'PasswordAuthenticator' in the configuration file to require users to authenticate before accessing Cassandra?
Explanation: The 'authenticator' setting controls whether authentication is required in Cassandra. Setting it to 'PasswordAuthenticator' enforces user login with credentials. 'authorization' controls permissions and is not used for authentication. 'permituser' and 'userauth' are not valid configuration options, making them incorrect. Only 'authenticator' enables the authentication mechanism.
After enabling authentication, which default user account is available for the initial login?
Explanation: The default user account provided after enabling authentication is 'cassandra'. While 'admin', 'root', and 'superuser' may sound like plausible options, they are not the predefined user account. Only 'cassandra' is created by default to allow administrative access initially.
What is the primary purpose of Cassandra’s authorization feature in a production environment?
Explanation: Authorization is specifically used to determine what users or roles can do within Cassandra, such as reading certain tables or performing write operations. Encryption of data in transit is related to network security, not authorization. Improving query performance and managing backups are unrelated to authorization. Therefore, the main function is controlling user access.
What should be done with the 'cassandra' default user account after creating your own administrator user?
Explanation: Disabling or removing the default 'cassandra' user improves security by reducing the risk of brute-force or default password attacks. Leaving it as a primary account or requiring all users to use it poses unnecessary risk. There is no automatic conversion of this account to a standard user. The recommended action is to limit its use or remove it entirely.
What is the correct command to grant SELECT permission on a table named 'users' to a role named 'analyst'?
Explanation: 'GRANT SELECT ON TABLE users TO analyst;' is the valid syntax to grant SELECT permissions. 'PERMIT' and 'ALLOW' are not keywords for granting permissions in Cassandra, and 'GIVE SELECT TO users ON analyst;' reverses the subject and object. Only 'GRANT SELECT ON TABLE users TO analyst;' provides the correct structure for permission assignment.
How does using roles benefit authorization in Cassandra?
Explanation: Roles allow administrators to assign specific sets of permissions to groups of users, making access management more efficient. Data encryption and authentication are handled by other parts of the system, not by roles. Roles do not restrict access to a single user at a time; instead, they streamline managing permissions across many users.
Which command removes a previously granted MODIFY permission from a user called 'writer' on a table called 'records'?
Explanation: The correct command to remove an authorization in Cassandra is 'REVOKE MODIFY ON TABLE records FROM writer;'. The formats using 'REMOVE', 'DELETE', or 'DISABLE' are syntactically incorrect and would result in errors. Only the 'REVOKE' statement accurately expresses removing permission previously granted.
Why should strict access be enforced on system keyspaces in Cassandra?
Explanation: System keyspaces are critical for storing metadata and other core database information, so unauthorized changes could compromise stability or security. Restricting access does not affect search speed, user creation, or backup management. Ensuring only trusted users have access protects the data integrity and smooth functioning of the database.
Why is it advisable to force new users to change their temporary password upon initial login?
Explanation: Requiring users to change their temporary passwords reduces risk in case the initial password was shared or guessed. Changing the password does not impact query performance or permissions. It does not permit users to bypass authentication in the future, ensuring account security remains robust.
Which privilege must be granted to a user so they can read and view table data in Cassandra?
Explanation: The SELECT privilege allows users to read and view data in a table. MODIFY permits writing or updating, DROP allows deletion of tables, and ALTER is used for changing the table structure. Only the SELECT permission enables data retrieval without granting extra capabilities.