Lesson 9 - Chapter 1: Authentication

Question 1

What is logical security? What does it apply?

Answer 1

applying software and technology-based measures to create a protected and secured environment for users, computers, and data

Question 2

What does the AAA model represent?

Answer 2

Represents the various facets of network and data security

Question 3

What are the 3 A’s of the AAA model?

Answer 3

1. Authentication
2. Authorization
3. Accounting

Question 4

What is authentication?

Answer 4

Verifying the identity of a user/system attempting to connect to (computing) resources

Question 5

What is Authorization?

Answer 5

Granting the appropriate permissions to the user or system

Question 6

What is Accounting?

Answer 6

Keeping records of all activities that can affect security (like authentication and authorization)

Question 7

What is it called when only one authentication factor is used? What does it contain?

Answer 7

Single-factor authentication (SFA)

typically only a user name and password

Question 8

What are the 4 key factors that can be used in a multifactor authentication scheme?

Answer 8

1. Something you have (physical)
2. Something you know (code, PIN)
3. Something you are (Biometrics, voice)
4. Somewhere you are (GPS)

Question 9

Multi-Factor Authentications are usually just how many factor authentications schemes?

Answer 9

MFAs are usually just 2FAs such as a bank card (something you have) and a PIN (something you know)

Question 10

What is CompTIA’s take on best password practices (Lesson 8 Password Management)? [3]

Answer 10

1. Always change default user names and passwords
2. Require your users to use strong passwords that expire
3. Password protect the BIOS/UEFI and screensaver

Question 11

What is a smart card? What does it look like?

Answer 11

it’s the size of a credit card that contains circuitry to identify the card’s bearer/identity

Question 12

Security tokens are commonly in what form?

Answer 12

key fob

(same function as a smart card)

Question 13

What is a key fob used for? What does it store?

Answer 13

a security token that stores digital certificates, passwords, biometric data, and more

(some generate passwords)

Question 14

What is a hard token?

Answer 14

a small physical device that can be used to provide a second factor (in MFA)

Question 15

What is a hard token also called?

Answer 15

RSA token or authentication token

Question 16

What are the 3 basic types of hard tokens?

Answer 16

1. Connected
2. Disconnected
3. Contactless

Question 17

How are Connected hard tokens used?

Answer 17

they’re inserted into a token reader that automatically transfers security/authentication information to a system

Question 18

What are Connected hard tokens commonly implemented as?

Answer 18

key fobs and USB tokens

Question 19

What are Disconnected hard tokens?

Answer 19

not physical; generates a one-time access code that is passed as a signal to a receiver

Question 20

What forms can Disconnected hard tokens take?

Answer 20

a physical device that generates the code or a smartphone app

Question 21

What is a Contactless hard token?

Answer 21

a proximity device that uses Bluetooth or a RF signal to pass authentication codes to the security system

Question 22

What is a token?

Answer 22

a device used by a user to verify their identity for the purpose of gaining access to resources

Question 23

What are soft tokens?

Answer 23

perform the same function as a token (handheld device) but through programs and apps instead

Question 24

What’s a common example of a soft token?

Answer 24

a code that is sent via SMS text message or email (OTP) that’s valid for a few minutes

Question 25

What are Authenticator Apps?

Answer 25

applies 2FA to the accounts you wish to protect beyond simple login

Question 26

How do authenticator applications work?

Answer 26

the user must enter a generated key value into the authenticator app to gain access to the account

Question 27

Where are you most likely to see smart cards in public?

Answer 27

mass transit systems to authenticate users

(uncommon in computers)

Question 28

What are security tokens?

Answer 28

devices that store unique information that the user carries with them (digital certificates, passwords, biometric ata)

Question 29

Security tokens may also store an RSA token. What are RSA tokens?

Answer 29

random number generators that are used with user names and passwords for extra security

Question 30

do you have to insert key fobs/smart cards into all computers or card readers?

Answer 30

No, some are made to use RFID to transmit the authentication info so no insertion is necessary

(Pivaris combines bio fingerprint with RFID tag, easy as opening a garage)