2.4

Question 1

These are techniques or processes used to verify the identity of users or entities accessing a system or network. Examples include passwords, biometrics, tokens, and certificates.

Answer 1

Authentication methods

Question 2

Are centralized databases that store and manage information about users, devices, and resources within a network. They facilitate authentication, access control, and resource management.

Answer 2

Directory Services

Question 3

Defines policies, protocols, and practices to manage identities across systems and organizations.

Answer 3

Federation

Question 4

Is the supplying of proof or evidence of some fact.

Answer 4

Attestation

Question 5

Type of password algorithm that generates temporary authentication codes based on the current time and a shared secret. These codes expire after a short period, enhancing security compared to static passwords.

Answer 5

Time-based one-time password (TOTP)

Question 6

Type of password algorithm that uses a counter value and a shared secret to generate authentication codes. Each code is valid only once, providing an additional layer of security.

Answer 6

HMAC-based one-time password (HOTP)

Question 7

Are physical devices that carry a digital token used to identify the user.

Answer 7

Token key

Question 8

Codes that do not change or are static in nature.

Answer 8

Static codes

Question 9

Are messages sent from a server to a user’s device to prompt authentication or authorization actions.

Answer 9

Push notifications

Question 10

Involves using a physical card embedded with a microprocessor and cryptographic capabilities to authenticate users.

Answer 10

Smart card authentication

Question 11

Involves using unique physiological or behavioral characteristics, such as fingerprints, iris patterns, or voiceprints, to verify a person’s identity.

Answer 11

Biometrics

Question 12

Measure the effectiveness of authentication systems in accurately verifying users’ identities. They include metrics such as accuracy, speed, and user acceptance.

Answer 12

Efficacy rates

Question 13

Occurs when an authentication system incorrectly identifies an unauthorized user as an authorized one, granting access to protected resources.

Answer 13

False acceptance

Question 14

Occurs when an authentication system incorrectly denies access to an authorized user, typically due to errors or inconsistencies in the authentication process.

Answer 14

False rejection

Question 15

Is the point at which both acceptance and rejection error rates are equal.

Answer 15

Crossover error rate

Question 16

What you are, what you have, what you know, somewhere you are, and something you do.

Answer 16

Multifactor authentication (MFA) factors and attributes

Question 17

Is a framework for controlling access to resources and tracking user activities within a network. It encompasses authentication (verifying identities), authorization (granting or denying access), and accounting (logging and monitoring user actions).

Answer 17

Authentication, authorization, and accounting (AAA)