One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?
A. File level encryption with alphanumeric passwords B. Biometric authentication and cloud storage C. Whole disk encryption with two-factor authentication D. BIOS passwords and two-factor authentication
Answer: C
Explanation: Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection.
A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?
A. Username and password B. Retina scan and fingerprint scan C. USB token and PIN D. Proximity badge and token
Answer: C
Explanation: Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors (“things only the user knows”), such as passwords possession factors (“things only the user has”), such as ATM cards inherence factors (“things only the user is”), such as biometrics
In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).
A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process?
A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset. C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password. D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
Answer: D
Explanation: People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer.
A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described?
A. Biometrics B. Kerberos C. Token D. Two-factor
Answer: D
Explanation: Two-factor authentication is when two different authentication factors are provided for authentication purposes. In this case, “something they know and something they are”.
Which of the following protocols provides for mutual authentication of the client and server?
A. Two-factor authentication B. Radius C. Secure LDAP D. Biometrics
Answer: C
Explanation: C: The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory. Because it is a client-server model it makes provision for mutual authentication between the two parties.
Peter, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?
A. SAML B. LDAP C. iSCSI D. Two-factor authentication
Answer: B
Explanation: Peter is able to manage the backup system by logging into the network. This is an example of Single Sign-on. A common usage of LDAP is to provide a “single sign on” where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.
The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?
A. Two-factor authentication B. Single sign-on C. Multifactor authentication D. Single factor authentication
Answer: D
Explanation: Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know.
Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?
A. Two factor authentication B. Identification and authorization C. Single sign-on D. Single factor authentication
Answer: A
Explanation: Two-factor authentication is when two different authentication factors are provided for authentication purposes. Speaking (Voice) – something they are. Passphrase – something they know.
Which of the following is an example of multifactor authentication?
A. Credit card and PIN B. Username and password C. Password and PIN D. Fingerprint and retina scan
Answer: A
Explanation: A credit card is a memory card that functions a type of two-factor authentication. The card is something you have, and its PIN is something you know. Multifactor authentication requires a user to provide two or more different types of authentication factors to prove their identity.
A company is implementing enhanced user authentication for system administrators accessing the company’s confidential servers. Which of the following would be the BEST example of two-factor authentication?
A. ID badge and keys B. Password and key fob C. fingerprint scanner and retina scan D. Username and password