Section 19 Authentication

Question 1

Use of two or more authentication factors to prove a user’s identity.

Answer 1

Multifactor Authentication

Question 2

A password is computed from a shared secret and current time.

Answer 2

Time based one time password (TOTP)

Question 3

A password is computed from a shared secret and is synchronized between the client and server.

Answer 3

HMAC based One Time Password (HOTP)

Question 4

Process to check the user’s or system’s attributes or characteristics prior to allowing it to connect.

Answer 4

Context Aware Authentication

Question 5

A default user profile for each user is created and linked with all of the resources needed.

Answer 5

Single Sign On (SSO)

Question 6

A single identity is created for a user and shared with all of the organizations in a federation.

Answer 6

Federated Identity Management (FIDM)

Question 7

Utilizes a web trust between organizations where each one certifies others in the federation.

Answer 7

Cross Certificaiton

Question 8

Organizations are able to place their trust in a single third party. (Also called a bridge model.)

Answer 8

Trusted Third Party

Question 9

Attestation model built upon XML used to share federated identity management information between systems.

Answer 9

Security Assertion Markup Language (SAML)

Question 10

An open standard and decentralized protocol that is used to authenticate users in a federated identity management system.

Answer 10

Open ID

Question 11

Standardized framework used for part based authentication on wired and wireless networks.

Answer 11

802.1x

Question 12

A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure.

Answer 12

Extensible Authentication Protocols (EAP)

Question 13

Provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication.

Answer 13

EAP FAST

Question 14

Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s passwords.

Answer 14

Protected EAP (PEAP)

Question 15

A database used to centralize information about clients and objects on the networks.

Answer 15

Lightweight Directory Access Protocol (LDAP)

Question 16

An authenticated protocol used by Windows to provide for two ways (mutual) authentication using a system of tickets.

Answer 16

Kerberos

Question 17

Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via GUI.

Answer 17

Remote Desktop Protocol (RDP)

Question 18

Cross platform version of the Remote Desktop Protocol for remote user GUI access.

Answer 18

Virtual Network Computing (VNC)

Question 19

Used to provide authentication but is not considered secure since its transmits the login credentials undecrypted (in the clear).

Answer 19

Password Authentication Protocol (PAP)

Question 20

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers.

Answer 20

Challenge Handshake Authentication Protocol (CHAP)

Question 21

Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network.

Answer 21

Virtual Private Network (VPN)

Question 22

Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers.

Answer 22

VPN Concentrator

Question 23

A remote workers machine diverts internal traffic over the VPN but external traffic over their own internet connection.

Answer 23

Split Tunneling

Question 24

Provides centralized administrator of dial up, VPN, and wireless authentication services for 802.1x and the Extensible.

Answer 24

Remote Authentication Dial In User Service (RADIUS)

Question 25

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords.

Answer 25

Password Spraying

Question 26

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Answer 26

Credential Stuffing

Question 27

A software vulnerability where the authentication mechanism allows an attacker to gain entry.

Answer 27

Broken Authentication