2.4 Summarize authentication and authorization design concepts.

Question 1

Authentication is the act of proving a claimed identity using one or more authentication factors.

Answer 1

Authentication Methods

Question 2

A managed list of network resources. It is effectively a network index or network telephone book of the systems and their shared resources.

Answer 2

Directory Services

Question 3

Used to allow clients to interact with directory service resources. LDAP is based on x.500 and uses TCP ports 389 and 636. It uses a tree structure with a district root.

Answer 3

Lightweight Directory Access Protocol (LDAP) (Directory Services)

Question 4

Federation or federated identity is a means of linking a subject’s accounts from several sites, services, or entities in a single account.

Answer 4

Federation

Question 5

Attestation is proof or evidence of something. In some circumstances, attestation is when something is signed by a witness to prove its origin or veracity.

Answer 5

Attestation

Question 6

Tokens or synchronous dynamic password tokens that are devices or applications that generate passwords at fixed time intervals.

Answer 6

Time based-one on one - time password (T0TP) (Technologies)

Question 7

Tokens or asynchronous dynamic password tokens that are devices or applications that generate passwords based on a nonrepeating one-way function, such as a hash or HMAC operation.

Answer 7

HMAC - based one-time passwords

Question 8

Short message service (SMS) or texting can be used as a mechanism of two-step authentication.

Answer 8

Short message service (SMS)

Question 9

A form of authentication factor that is something you have. It’s usually a hardware device, but it can be implemented in software as a logical token.

Answer 9

Token (key)

Question 10

A static code is a value that does not change. It is the same value each time it is used, even when used by multiple subjects.

Answer 10

Static Code

Question 11

Authentication applications are software products that assist with logons. These can include credential managers as well as TOTP/ HOTP apps.

Answer 11

Authentication applications

Question 12

Occurs when a website or online service sends the customer/user a message through an installed mobile app that is then automatically displayed to the user.

Answer 12

Push Notifications

Question 13

An alternate authentication option that involves calling the user/customer either to provide them a code or passphrase or to answer questions.

Answer 13

Phone Call authentication

Question 14

Credit card–sized IDs, badges, or security passes with embedded integrated circuit chips. They can contain information about the authorized bearer that can be used for identification and/or authentication purposes.

Answer 14

Smart card(s) (authentication)

Question 15

The collection of physical attributes of the human body that can be used as authentication factors (something you are).

Answer 15

Biometrics

Question 16

These factors include fingerprints, palm scans, hand geometry, retinal scans, iris scans, facial recognition, voice recognition, vein recognition, gait analysis, signature dynamics, and keyboard dynamics.

Answer 16

Biometric Factors

Question 17

A scanner used to analyze the visible patterns of skin ridges on the fingers and thumbs of people. This scanner is thought to be unique to an individual and have been used for decades in physical security for identification, and they are now often used as an electronic authentication factor as well.

Answer 17

Fingerprints

Question 18

These scans focus on the pattern of blood vessels at the back of the eye. They are the most accurate form of biometric authentication and are able to differentiate between identical twins. However, they are the least acceptable biometric scanning method for employees because they can reveal medical conditions, such as high blood pressure and pregnancy. The patterns analyzed in these scans can also change as people age and retinas deteriorate.

Answer 18

Retina

Question 19

These scanners focus on the colored area around the pupil. They are the second most accurate form of biometric authentication. These scans are often recognized as having a longer useful authentication life span than other biometric factors because the iris remains relatively unchanged throughout a person’s life (barring eye damage or illness). These scans are considered more acceptable by general users than retina scans because they don’t reveal personal medical information.

Answer 19

Iris

Question 20

These scans are based on the geometric patterns of faces for detecting authorized individuals. These scans are used to identify and authenticate people before accessing secure spaces, such as a secure vault.

Answer 20

Facial

Question 21

This recognition software is a type of biometric authentication that relies on the characteristics of a person’s speaking voice, known as a voiceprint.

Answer 21

Voice

Question 22

Vein recognition or vascular biometrics measures the unique vein pattern through the use of near-infrared light to “see” through the skin. Vein recognition can be used on any part of the body, but common focuses are fingertips, back of hand, and cheek.

(Page 176).

Answer 22

Vein

Question 23

….

Answer 23

Gait analysis

Question 24

….

Answer 24

Efficacy rates

Question 25

….

Answer 25

False acceptance

Question 26

….

Answer 26

False rejectionn

Question 27

…..

Answer 27

Crossover error rate