Ch 8 Authentication
What are good examples of two-factor authentication? Choose all that apply. A credit card and a photo ID A credit card and a security code A credit card and a signature A password followed by a security question A password followed by a PIN texted to your phone
- A credit card and security code - A credit card and signature - A password followed by a PIN texted to your phone A credit card and security code, a credit card and signature, and a password with proof of possessing your phone all are two-factor authentication.
Unlike LDAP, LDAPS ________? Choose all that apply. Includes SSL or TLS encryption Is compatible with Unix-based operating systems Is safe for use on the public internet Uses port 389 Uses port 636
- Includes SSL or TLS encryption - Uses port 636 LDAPS uses port 636 and encrypts traffic, but its still not considered very secure or internet use. Both are compatible with a wide range of operating systems.
You require your users to log on using a user name, password, and rolling 6-digit code sent to a key fob device. They are then allowed computer, network, and email access. What type of authentication have you implemented? Choose all that apply. Basic single-factor authentication Federated identity management Multi-factor authentication Principle of least privilege Single sign-on
- Multi-factor authentication - Single sign-on
A secure records room installed a new iris scanner, chosen for its low crossover error rate. What does that mean it has? Choose the best response. A high false acceptance rate and a high false rejection rate A high false acceptance rate and a low false rejection rate A low false acceptance rate and a high false rejection rate A low false acceptance rate and a low false rejection rate
A low false acceptance rate and a low false rejection rate The CER a calibration point where false rejection and false acceptance are equally unlikely, so if it is low then both of those factors must be low as well.
What AAA element specifies the exact resources a given principal is allowed to access? Choose the best response. Accounting Authentication Authorization Identification
Authentication Authorization determines resource access for an authenticated user.
Your remote access system currently uses RADIUS, but one administrator is proposing replacing it with TACACS+. What benefits might this provide?. Choose all that apply. Better able to support non-IP protocols Better suited to large networks Less complicated to administer More secure More focused on user authentication
Better able to support non-IP protocols TACAS+ supports non-IP protocols, scales better, and is more secure.
What authentication standard is used by active duty US military personnel? CAC PIV OTP SIM
CAC The Common Access Card is a smart card with human-readable identification, barcodes, a chip with strong cryptographic functions, and a magnetic stripe for local security systems.
Which protocol is more of a message framework than an authentication method in itself? Choose the best response. CHAP EAP MS-CHAP PAP
EAP Extensible Authentication Protocol supports a large number of different authentication methods as extensions.
Federated identity management allows authentication systems to be shared across multiple directly associated systems or networks. True or false?
False Federations don't need to be directly associated, only to share authentication standards.
Your company is developing a custom web app for the sales team. It should be able to access a list of Salesforce contacts, but for security reasons the app shouldn't be able to access the actual Salesforce account. What standard would allow this? Choose the best response. Kerberos OAuth OpenID Connect SAML
OAuth OAuth is designed around delegating partial authorization to an online service. OpenID Connect could be used to actually pass on the authentication credentials.
Your wireless network is configured in 802.1X mode. What kind of server does it most likely use as a back end? Choose the best response. KERBEROS RADIUS TACACS+ TKIP
Radius Most 802.1X implementations use RADIUS, though Diameter and TACAS+ among others are possible.
You've been asked to help consult for security on an application that's designed to interoperate with Google and Salesforce SSO systems. What protocol should you study first? Choose the best answer. Kerberos LDAP RADIUS SAML
SAML Kerberos is more often used for SSO on the intranet.