13.2.7 Authentication
Which of the following is the strongest form of multi-factor authentication?
A password, a biometric scan, and a token device A password, a biometric scan, and a token device together are the strongest form of multi-factor authentication listed here. Multi-factor authentication is any combination of two or more of the same or different authentication factors. The three common authentication factor types are something you know (such as a password), something you have (such as a smart card or a token device), or something you are (such as a biometric quality like a fingerprint).
Which of the following is an example of two-factor authentication?
A token device and a PIN
Which of the following actions typically involve the use of 802.1x authentication? (Select two.)
Controlling access through a switch. Controlling access through a wireless access point. 802.1x is an authentication method used on a LAN to allow or deny access based on port or network connection. 802.1x is used for port authentication on switches and authentication to wireless access points. It requires an authentication server for validating user credentials, which is typically a RADIUS server.
You are a contractor that has agreed to implement a new remote access solution based on a Windows Server 2016 system for a client. The customer wants to purchase and install a smart card system to provide a high level of security to the implementation. Which of the following authentication protocols are you MOST likely to recommend to the client?
EAP Of the protocols listed, only EAP (Extensible Authentication Protocol) provides support for smart card authentication.
Which EAP implementation is MOST secure?
EAP-TLS EAP-TLS uses Transport Layer Security (TLS) and is considered one of the most secure EAP standards available. A compromised password is not enough to break into EAP-TLS-enabled systems because the attacker must also have the client's private key.
Which of the following is a feature of MS-CHAPv2 that is not included in CHAP?
Mutual authentication MS-CHAPv2 allows for mutual authentication in which the server authenticates to the client.
Match the authentication factor types on the left with the appropriate authentication factor on the right. (You can use each authentication factor type more than once.)
PIN Something you know Smart card Something you have Password Something you know Retina scan Something you are Fingerprint scan Something you are Hardware token Something you have Username Something you know Voice recognition Something you are Wi-Fi triangulation Somewhere you are Typing behaviors Something you do
Which of the following is a mechanism for granting and validating certificates?
PKI Certificates are obtained from public-key infrastructure (PKI), which is a system that provides a trusted third party to vouch for user identities. PKI is made up of certificate authorities (CAs), which are entities trusted to issue, store, and revoke certificates.
Which of the following is a platform-independent authentication system that maintains a database of user accounts and passwords to centralize the maintenance of those accounts?
RADIUS Remote Authentication Dial-In User Service (RADIUS) is an authentication system that allows the centralization of remote user account management.
With Kerberos authentication, which of the following terms describes the token that verifies the user's identity to the target system?
Ticket The tokens used in Kerberos authentication are known as tickets. Tickets perform a number of functions, including notifying the network service of the user who has been granted access and authenticating the identity of the person when they attempt to use that network service.
