Chapter 8 - Physical Security and Authentication Models Flashcards
Which of the following is the verification of a person’s identity? A. Authorization B. Accountability C. Authentication D. Password
C. Authentication is the verification of a person’s identity. Authorization to specific resources cannot be accomplished without previous authentication of the user.
Which of the following would fall into the category of “something a person is”? A. Passwords B. Passphrases C. Fingerprints D. Smart cards
C. Fingerprints are an example of something a person is. The process of measuring that characteristic is known as biometrics.
Which of the following are good practices for tracking user identities? (Select the two best answers.) A. Video cameras B. Key card door access systems C. Sign-in sheets D. Security guards
A and B. Video cameras enable a person to view and visually identify users as they enter and traverse through a building. Key card access systems can be configured to identify a person as well, as long as the right person is carrying the key card!
What are two examples of common single sign-on authentication configurations? (Select the two best answers.) A. Biometrics-based B. Multifactor authentication C. Kerberos-based D. Smart card-based
C and D. Kerberos and smart card setups are common single sign-on configurations.
Which of the following is an example of two factor authentication? A. L2TP and IPSec B. Username and password C. Thumb print and key card D. Client and server
C. Two-factor authentication (or dual-factor) means that two pieces of identity are needed prior to authentication. A thumbprint and key card would fall into this category. L2TP and IPSec are protocols used to connect through a
VPN, which by default require only a username and password. Username and password is considered one-factor authentication. There is no client and server
authentication model.
What is the main purpose of a physical access log?
A. To enable authorized employee access
B. To show who exited the facility
C. To show who entered the facility
D. To prevent unauthorized employee access
C. A physical access log’s main purpose is to show who entered the facility and when. Different access control and authentication models will be used to permit or prevent employee access.
Which of the following is not a common criteria when authenticating users? A. Something you do B. Something you are C. Something you know D. Something you like
D. Common criteria when authenticating users includes something you do, something you are, something you know, and something you have. A person’s likes and dislikes are not common criteria; although, they may be asked as secondary questions when logging in to a system.
Of the following, what two authentication mechanisms require something you physically possess? (Select the two best answers.) A. Smart card B. Certificate C. USB flash drive D. Username and password
A and C. Two of the authentication mechanisms that require something you physically possess include smart cards and USB flash drives. Key fobs and cardkeys would also be part of this category. Certificates are granted from a server and are stored on a computer as software. The username/password
mechanism is a common authentication scheme, but they are something that you type and not something that you physically possess.
Which of the following is the final step a user needs to take before that user can access domain resources? A. Verification B. Validation C. Authorization D. Authentication
C. Before a user can gain access to domain resources, the final step is to be authorized to those resources. Previously the user should have provided identification to be authenticated.
To gain access to your network, users must provide a thumbprint and a username and password. What type of authentication model is this? A. Biometrics B. Domain logon C. Multifactor D. Single sign-on
C. Multifactor authentication means that the user must provide two different types of identification. The thumbprint is an example of biometrics. Username and password are examples of a domain logon. Single sign-on would only be one type of authentication that enables the user access to multiple resources.
The IT director has asked you to set up an authentication model in which users can enter their credentials one time, yet still access multiple server resources. What type of authentication model should you implement? A. Smart card and biometrics B. Three factor authentication C. SSO D. VPN
C. Single sign-on or SSO enables users to access multiple servers and multiple resources while entering their credentials only once. The type of authentication can vary but will generally be a username and password. Smart cards and
biometrics are an example of two-factor authentication. VPN is short for virtual private network.
Which of the following about authentication is false?
A. RADIUS is a client/server system that provides authentication, authorization, and accounting services.
B. PAP is insecure because usernames and passwords are sent as clear text.
C. MS-CHAPv1 is capable of mutual authentication of the client and server.
D. CHAP is more secure than PAP because it encrypts usernames and passwords.
C. MS-CHAPv1 is not capable of mutual authentication of the client and server. Mutual authentication is accomplished with Kerberos. All the other statements are true.
What types of technologies are used by external motion detectors? (Select the two best answers.) A. Infrared B. RFID C. Gamma rays D. Ultrasonic
A and D. Motion detectors often use infrared technology; heat would set them off. They also use ultrasonic technology; sounds in higher spectrums that humans cannot hear would set these detectors off.
In a secure environment, which authentication mechanism performs better?
A. RADIUS because it is a remote access authentication service.
B. RADIUS because it encrypts client/server passwords.
C. TACACS because it is a remote access authentication service.
D. TACACS because it encrypts client/server negotiation dialogues.
D. Unlike RADIUS, TACACS (Terminal Access Control or Access Control System) encrypts client/server negotiation dialogues. Both protocols are remote authentication protocols.
Which port number does the protocol LDAP use when it is secured? A. 389 B. 443 C. 636 D. 3389
C. Port 636 is the port used to secure LDAP. Port 389 is the standard LDAP port number. Port 443 is used by HTTPS (SSL/TLS), and Port 3389 is used by RDP.