Explore topic-wise InterviewSolutions in .

Right OPTION is (C) customData

Explanation: The system.users collection in the admin database STORES user authentication and authorization information.

Correct OPTION is (a) openssl

Explanation: You can use the openssl program to generate unique strings for use in passwords, as in the FOLLOWING COMMAND: openssl rand -base64 48

The CORRECT CHOICE is (B) changeAnyPassword

To elaborate: To CHANGE your own password, you must have the changeOwnPassword action on your database.

The CORRECT ANSWER is (C) rolesView

Easy explanation: db.getRole() wraps the rolesInfo COMMAND.

Correct ANSWER is (C) db.revokeRolesFromUser()

The BEST explanation: To specify a ROLE that exists in the same database where db.revokeRolesFromUser() runs, you can either specify the role with the NAME of the role.

Correct answer is (a) You must have the createUser action on a database to CREATE a NEW user on that database

The best explanation: You can use –noauth OPTION when starting mongod to GAIN full access the system.

The CORRECT answer is (d) All of the mentioned

For explanation I would say: A user assigned either the userAdmin role on the ADMIN DATABASE or the USERADMINANYDATABASE can grant itself any privilege in the system.

Right CHOICE is (B) db.grantRolesToUser()

EXPLANATION: If the user requires ADDITIONAL privileges, GRANT to the user the role, or roles, with the required set of privileges.

The correct OPTION is (c) enableTestCommands

To explain I WOULD say: enableTestCommands is only AVAILABLE when starting mongod and you cannot use setParameter to MODIFY this PARAMETER.

The correct answer is (d) All of the mentioned

The EXPLANATION is: As a result, when you LOG in as the USER administrator, you MAY see authentication errors from one or more commands.

Correct choice is (a) localhost

For explanation I WOULD say: The localhost exception ALLOWS you to enable AUTHORIZATION before creating the first user in the system.

The CORRECT answer is (b) rs.conf

The best EXPLANATION: rs.conf() RETURNS a document that contains the current replica SET configuration.

The CORRECT answer is (c) rs.initiate()

Best explanation: MONGODB initiates a set that consists of the current member and that uses the default REPLICA set configuration.

Right choice is (B) bind_ip

The explanation is: For a geographically distributed replica SETS, ensure that the majority of the set’s mongod INSTANCES RESIDE in the PRIMARY site.

Correct OPTION is (c) Authorization

For explanation: USING AUTHENTICATION and authorization is a key part of a complete SECURITY strategy.

The correct ANSWER is (B) authentication

For explanation I would say: KDC uses the client’s SECRET and the server’s secret to construct the ticket which allows the client and server to mutually AUTHENTICATE each other, while keeping the secrets hidden.

Right option is (b) kinit

The explanation is: Unlike on Linux SYSTEMS, mongod and mongos INSTANCES RUNNING on Windows do not require ACCESS to keytab files.

Correct answer is (b) TLS

Easy EXPLANATION: CREATE roles that DEFINE the EXACT access a SET of users needs.

Right choice is (c) keytab

Easy explanation: To keep keytab files secure, use FILE PERMISSIONS that RESTRICT ACCESS to only the user that runs the mongod or mongos process.

Right ANSWER is (b) serviceName

The best explanation: mongo shell or other clients may ALSO specify a DIFFERENT SERVICE principal name using serviceName.

Right option is (b) $external

The BEST I can explain: For EVERY user you want to authenticate using Kerberos, you must create a corresponding user in MONGODB in the $external DATABASE.

The CORRECT answer is (a) ticket

Best explanation: KDC USES the client’s secret and the server’s secret to construct the ticket which allows the client and server to MUTUALLY authenticate each other, while keeping the secrets HIDDEN.

The correct choice is (B) realm

For explanation I would say: Principals belong to administrative UNITS CALLED realms.

Correct OPTION is (b) syslog

For explanation: The auditing system will neither DETECT the truncation nor error upon its OCCURRENCE.

Correct choice is (C) bsondump

Best EXPLANATION: The following converts the AUDIT log into a human-readable FORM and output to the TERMINAL: bsondump data/db/auditLog.bson .

The correct OPTION is (b) Server

The best I can explain: PRINTING audit events to a file in JSON format DEGRADES server PERFORMANCE more than printing to a file in BSON format.

The CORRECT choice is (c) –auditDestination

For explanation I WOULD say: For sharded clusters, if you enable auditing on mongos instances, you must enable auditing on all mongod instances in the cluster, i.e. shards and CONFIG SERVERS.

The CORRECT CHOICE is (b) syslog

To explain: MONGODB provides an option to send output to the host’s syslog SYSTEM.

The correct OPTION is (c) config

Easiest explanation: Each production cluster has three config servers, INITIATED using the MONGOD –configsvr option.

Right choice is (B) 27019

Easiest EXPLANATION: You also can run a CONFIG server by USING the configsvr value for the clusterRole setting in a configuration file.

Right option is (b) REST

The best I can explain: The REST interface is disabled by DEFAULT, and is not RECOMMENDED for PRODUCTION use.

Correct answer is (a) 1000

Easiest EXPLANATION: By default, the HTTP interface port is 28017, but is INDIRECTLY set using the port OPTION which ALLOWS you to configure the primary mongod port.

Right choice is (a) Windows

Easiest EXPLANATION: On Linux and UNIX SYSTEMS, mongo READS the .mongorc.js file from $HOME/.mongorc.js.