Week 8

Question 1

What does AAA stand for in ISM?

Answer 1

Authentication, Authorization, and Accountability.

Question 2

What is authentication in information security?

Answer 2

Verifying the truth of an entity’s claimed identity.

Question 3

What are the three main authentication factors?

Answer 3

Knowledge-based (e.g., password), Possession-based (e.g., smart card), Inherence-based (e.g., fingerprint).

Question 4

What is multi-factor authentication (MFA)?

Answer 4

Using two or more authentication factors to increase security.

Question 5

Give an example of MFA in a banking system.

Answer 5

Password + SMS OTP.

Question 6

What is context-based authentication?

Answer 6

Authentication that considers environmental factors like location or device behavior.

Question 7

What is risk-based authentication?

Answer 7

Authentication that adjusts based on perceived risk (e.g., high risk = MFA required).

Question 8

Why is password hashing important?

Answer 8

It prevents attackers from retrieving original passwords if the database is leaked.

Question 9

What does salting do in password storage?

Answer 9

Adds a random value to passwords before hashing to defend against rainbow table attacks.

Question 10

What is the most secure method of password storage?

Answer 10

Hashed + salted + key stretching (e.g., using bcrypt or Argon2).

Question 11

What are common user behaviors that weaken password security?

Answer 11

Reusing passwords, choosing weak passwords, writing them down.

Question 12

What are examples of possession-based authentication methods?

Answer 12

USB keys, smart cards, authenticator apps.

Question 13

What are the risks of biometric authentication?

Answer 13

Privacy issues and no fallback if compromised.

Question 14

What is the difference between authentication and authorization?

Answer 14

Authentication verifies identity; authorization defines what actions the identity can take.

Question 15

Name and describe the 4 access control models.

Answer 15

DAC: Object owner controls access (e.g., Google Drive).
MAC: Central authority assigns access based on labels (e.g., classified info).
RBAC: Based on roles in an organization (e.g., admin).
ABAC: Based on attributes like age or location (e.g., age-restricted sites).

Question 16

What’s the difference between entities and identities in identity management?

Answer 16

Entities are real users/devices; identities are their system representations.

Question 17

Why is identity management important in ISM?

Answer 17

It enables authentication, controls access, and supports accountability/auditing.