Authentication Flashcards
Before accessing computer systems, a government agency requires users to swipe a card through a keyboard-embedded card reader and then provide a PIN. What is this an example of?
Bi-factor authentication
Location-based authentication
Multifactor authentication
Multifactor authentication
Multifactor authentication involves more than one item to authenticate to a system, such as something you have (a card), something you know (a PIN), something you are (a fingerprint), or something you do (handwriting)
Your traveling users require secure remote access to corporate database servers. What should you configure for them?
Modem
WLAN
VPN
VPN
A virtual private network (VPN) creates an encrypted tunnel between a remote access client and a private network over the Internet. This would allow access to corporate database servers
You are the network administrator for a national marketing firm. Employees have frequent lengthy telephone conference calls with colleagues from around the country. To reduce costs, you have been asked to recommend replacement telephony solutions. Which of the following might you suggest?
Modem
VoIP
Internet text chat
VoIP
Voice over Internet Protocol (VoIP) transmits digitized voice over a TCP/IP network such as the Internet. As such, the only cost to both parties is that of your Internet connection
You are an IT security consultant auditing a network. During your presentation of audit findings, one of your clients asks what can be used to prevent unauthorized LAN access. How do you answer the question?
NAC
Packet-filtering firewall
PKI
NAC
Network access control (NAC) technology can be a hardware or software solution that requires user or device authentication prior to gaining network access
What type of server authenticates users prior to allowing network access?
File server
Active Directory
RADIUS
RADIUS
Remote Authentication Dial-In User Service (RADIUS) servers are central user or device authentication points on the network. Authentication can occur in many ways, including Extensible Authentication Protocol (EAP) and Challenge Handshake Authentication Protocol (CHAP)
Which of the following are examples of RADIUS clients? (Choose two.)
VPN client
802.1x-capable switch
Wireless router
Windows 7 OS
Linux OS
802.1x-capable switch
Wireless router
RADIUS clients are network devices such as switches, wireless routers, or VPN concentrators that authenticate connecting devices or users to a RADIUS authentication server to grant network access
Which of the following are true regarding TACACS+? (Choose three.)
It is compatible with TACACS.
It is compatible with RADIUS.
It is a Cisco proprietary protocol.
It can be used as an alternative to RADIUS.
TACACS+ uses TCP.
It is a Cisco proprietary protocol.
It can be used as an alternative to RADIUS.
TACACS+ uses TCP.
Terminal Access Controller Access Control System (TACACS+) is a Cisco proprietary network access protocol that uses the reliable TCP transport mechanism. TACACS+ might be used instead of RADIUS because it encrypts the entire packet payload instead of only the password, as well as separates authentication, authorization, and accounting duties
You are the network administrator for a UNIX network. You are planning your network security. A secure protocol must be chosen to authenticate all users logging in. Which is a valid authentication protocol choice?
TCP
Telnet
Kerberos
Kerberos
Kerberos is an authentication protocol used by many vendors, including Microsoft with Active Directory services. Clients and servers must securely prove their identity to each other by way of a central third party referred to as a key distribution center (KDC)
A client asks you to evaluate the feasibility of a Linux client and server operating system environment. The primary concern is having a central database of user and computer accounts capable of secure authentication. What Linux options should you explore?
SSH
Samba
LDAP
LDAP
A central database that can securely authenticate users or computers sounds like a Lightweight Directory Access Protocol (LDAP)–compliant database. LDAP transmissions can be clear text (TCP port 389) or encrypted (TCP port 636), and the LDAP database can also be replicated among servers. Encrypted LDAP transmissions are referred to as Secured LDAP. Microsoft Active Directory Services and Novell eDirectory are LDAP compliant
You are configuring a Cisco network authentication appliance. During configuration, you are given a list of authentication choices. Which choice provides the best security and reliability?
RADIUS
TACACS
TACACS+
TACACS+
TACACS+ is a Cisco proprietary protocol that authenticates connecting users over TCP to a remote authentication server
A user enters her logon name to gain network access. To which of the following terms would this example apply?
Identification
Authorization
Auditing
Identification
Specifying a unique attribute of some kind (such as a logon name) is identification
A user enters a logon name and password to gain network access. Choose the best description to which this applies.
Single-factor authentication
Dual-factor authentication
Multifactor authentication
Single-factor authentication
The logon name and password combination is known as single-factor authentication (something you know). Higher security environments will either require additional factors (such as a physical card) or limit access when single-factor authentication is used
A corporation has invested heavily in the development of a much sought-after product. To protect its investment, the company would like to ensure that only specific personnel can enter a research facility. Which of the following is considered the most secure?
Voice scan
Fingerprint scanner
Retinal scanner
Retinal scanner
Retinal scanning is considered one of the most secure authentication methods. Retinal blood vessel patterns are unique to an individual and are extremely difficult to reproduce
Which of the following is considered three-factor authentication?
Building access card/username/password
Username/password/smartcard
Username/password/smartcard/PIN
Username/password/smartcard/PIN
Using a username and password combination (single-factor authentication), along with possessing a smartcard and entering a PIN to use the smartcard, results in a username/password/smartcard/PIN scan (or multifactor) authentication. Smartcard PINs that use the card’s security certificate are said to comply with the Personal Identifiable Verification (PIV) standard
To log on to a secured system, a user must enter a username, password, and passcode. The passcode is generated from a tiny handheld device and displayed on a tiny screen. What type of device is this?
Smartcard
PKI certificate
Key fob
Key fob
A key fob displays an authentication passcode that a user enters in addition to other data such as a username and password to gain access to a system or network resource