Chapter 13

Question 1

What includes knowledge based authentication and cognitive passwords that only the user will know ?

Answer 1

Identity Proofing

Question 2

How do you establish identity for a user as an HR person?

Answer 2

Through a passport, birth certificate, or driver’s license

Question 3

What provides accountability ?

Answer 3

Identification
Authentication
Auditing

Question 4

What happens after a user is identified in a system ?

Answer 4

Authentication

Question 5

What happens after a user is authenticated by a system?

Answer 5

Authorization

Question 6

What happens after a user is authorized by a system ?

Answer 6

Auditing

Question 7

What are the three primary factors of authentication ?

Answer 7

Something you know, have, and are

Question 8

What identifies the accuracy of a biometric method and shows where the FRR is equal to the FAR?

Answer 8

CER

Question 9

What provisions users accounts on third party sites the first time the user logs onto the site and reduces admin workload.

Answer 9

JIT Provisioning

Question 10

What helps prevent unauthorized access by closing unattended sessions ?

Answer 10

Session Management

Question 11

What helps developers easily store usernames and passwords and retrieve them when a user revisits a website.

Answer 11

Credential Management

Question 12

What NIST SP recommends users are only required to change their passwords if their current one is compromised ?

Answer 12

NIST SP 800-63B

Question 13

What password control can prevent users from rotating between two passwords ?

Answer 13

Password History

Question 14

What control can ensure users change their passwords regularly ?

Answer 14

Password Age

Question 15

What is active and is always the entity that receives information about, or data from, the object.

Answer 15

Subject

Question 16

What is always the entity that provides or hosts information or data?

Answer 16

Object

Question 17

What type of token generates and displays onetime passwords that are synchronized with an authentication server ?

Answer 17

Synchronous Tokens

Question 18

What token uses a challenge response process to generate the onetime password?

Answer 18

Asynchronous

Question 19

What does a lower CER indicate ?

Answer 19

A higher quality biometric device

Question 20

What does a higher CER indicate ?

Answer 20

A less accurate biometric device

Question 21

What is also called a Type I error and occurs when an authentication doesn’t recognize a valid subject.

Answer 21

False Rejection

Question 22

What is also called a Type II error and occurs when an authentication system incorrectly recognizes an invalid subject.

Answer 22

False Acceptance

Question 23

What are the fingerprint details/features?

Answer 23

Ridges
Bifurcations
Whorls

Question 24

What are required to support accountability ?

Answer 24

Identification
Authentication