CompTIA Advanced Security Practitioner (CASP) Question 2

A company has created a policy to allow employees to use their personally owned devices. The Chief Information Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?

A. Disk encryption on the local drive
B. Group policy to enforce failed login lockout
C. Multifactor authentication
D. Implementation of email digital signatures

Correct Answer: A

CompTIA Security+ Question I-23

Which of the following security concepts can prevent a user from logging on from home during the weekends?

A. Time of day restrictions
B. Multifactor authentication
C. Implicit deny
D. Common access card

Answer: A

Explanation:
Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion.

CompTIA Security+ Question H-49

A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance?

A. MOTD challenge and PIN pad
B. Retina scanner and fingerprint reader
C. Voice recognition and one-time PIN token
D. One-time PIN token and proximity reader

Answer: C

Explanation:
Authentication systems or methods are based on one or more of these five factors: Something you know, such as a password or PIN Something you have, such as a smart card, token, or identification device Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)

Multifactor authentication is authentication that uses two of more of the authentication factors listed above.

In this question, we can use voice recognition (something you are) and a one-time PIN token (something you have) to provide two factors of authentication. The one-time PIN token is a small device that generates a one-time PIN to enable access.

CompTIA Security+ Question G-75

A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following?

A. Multifactor authentication
B. Single factor authentication
C. Separation of duties
D. Identification

Answer: B

Explanation:
Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server.

CompTIA Security+ Question G-28

Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?

A. Key escrow
B. Non-repudiation
C. Multifactor authentication
D. Hashing

Answer: B

Explanation:
Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean: A service that provides proof of the integrity and origin of data. An authentication that can be asserted to be genuine with high assurance.

CompTIA Security+ Question G-2

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication

Answer: D

Explanation:
Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second.

CompTIA Security+ Question F-78

The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?

A. Two-factor authentication
B. Single sign-on
C. Multifactor authentication
D. Single factor authentication

Answer: D

Explanation:
Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know.

CompTIA Security+ Question D-96

In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A. Identification
B. Authorization
C. Authentication
D. Multifactor authentication

Answer: C

Explanation:
An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process. When the client receives an authentication ticket, the client sends the ticket back to the server along with additional information verifying the client’s identity. The server then issues a service ticket and a session key (which includes a form of password), completing the authorization process for that session. In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger that hackers will be able to steal or crack the encrypted data and use it to compromise the system. Ideally, no authentication ticket remains valid for longer than the time an expert hacker would need to crack the encryption. Authentication tickets are session-specific, further improving the security of the system by ensuring that no authentication ticket remains valid after a given session is complete.

CompTIA Security+ Question C-84

Which of the following is an example of multifactor authentication?

A. Credit card and PIN
B. Username and password
C. Password and PIN
D. Fingerprint and retina scan

Answer: A

Explanation:
A credit card is a memory card that functions a type of two-factor authentication. The card is something you have, and its PIN is something you know. Multifactor authentication requires a user to provide two or more different types of authentication factors to prove their identity.

CompTIA Security+ Question C-66

Ann, the security administrator, wishes to implement multifactor security. Which of the following should be implemented in order to compliment password usage and smart cards?

A. Hard tokens
B. Fingerprint readers
C. Swipe badge readers
D. Passphrases

Answer: B

Explanation:
A multifactor authentication method uses two or more processes for logon. A twofactor method might use smart cards and biometrics for logon. For obvious reasons, the two or more factors employed should not be from the same category.