Week 3
40 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the difference between identification and authentication?

  • Identification verifies the user's identity, while authentication provides a proven assertion of identity. (correct)
  • Identification and authentication are the same concepts.
  • Identification checks the credentials, while authentication relies on biometric factors.
  • Identification provides a proven assertion of identity, while authentication verifies the user's identity.

    • Which of the following is an example of biometric authentication?

  • Fingerprint scan (correct)
  • Knowledge-based questions
  • Username and password combination
  • Possession of an access card

    • What does multi-factor authentication rely on?

  • At least two factors: knowledge-based, possession-based, or entity-based (correct)
  • At least three factors: possession-based, entity-based, and biometric
  • Single factor only
  • Biometric factor only

    • In terms of access controls, what does Single Sign-On (SSO) provide?

    <p>Centralized identity for multiple applications with session management</p> Signup and view all the answers

    Which of the following is not an authentication standard mentioned in the text?

    <p>IMAP</p> Signup and view all the answers

    What is the main advantage of Single Sign-On (SSO) in identity management?

    <p>Allows authentication once to access multiple systems</p> Signup and view all the answers

    Which authentication weakness arises if an intruder compromises a password in a Single Sign-On (SSO) environment?

    <p>Access to all participating systems</p> Signup and view all the answers

    What technology is NOT typically used for centralized management of access controls?

    <p>Two-factor authentication</p> Signup and view all the answers

    Which of the following is not a common issue related to password management?

    <p>Single Sign-On integration</p> Signup and view all the answers

    What is a potential drawback of Single Sign-On (SSO) implementation in practice?

    <p>It may be harder to achieve in practice due to integration issues</p> Signup and view all the answers

    Which authentication method relies on something the user has?

    <p>Fingerprint</p> Signup and view all the answers

    What type of assertion of identity is authentication?

    <p>Proven assertion</p> Signup and view all the answers

    Which factor of authentication does a token fall under?

    <p>Something the user has</p> Signup and view all the answers

    What does multi-factor authentication typically combine?

    <p>Various types of authentication factors</p> Signup and view all the answers

    Which standard is commonly associated with biometric authentication implementation?

    <p>Biometric Identification Protocol</p> Signup and view all the answers

    What is a common weakness of traditional userid + password authentication?

    <p>Easily guessed passwords</p> Signup and view all the answers

    Which of the following is an example of multi-factor authentication?

    <p>Iris scan</p> Signup and view all the answers

    What makes biometric authentication stronger than traditional userid + password authentication?

    <p>Measures a part of user's body</p> Signup and view all the answers

    Which type of authentication requires what the user knows and has?

    <p>Token-based authentication</p> Signup and view all the answers

    What is the purpose of multi-factor authentication in defeating password guessing/cracking?

    <p>To ensure the user has a second factor besides a password</p> Signup and view all the answers

    What is the purpose of hashing a user's password in the authentication process?

    <p>To compare the hash with the stored hash for user authentication</p> Signup and view all the answers

    Why is it recommended to store user passwords encrypted or hashed in a system?

    <p>To prevent unauthorized access to user passwords</p> Signup and view all the answers

    What security measure should be implemented for better protection against rainbow table attacks when storing passwords?

    <p>Using 'salting' in password hashing</p> Signup and view all the answers

    How does multi-factor authentication differ from traditional username and password authentication?

    <p>Multi-factor authentication requires multiple forms of verification</p> Signup and view all the answers

    In which scenario would using biometric authentication be most appropriate?

    <p>High-security facilities where physical access is restricted</p> Signup and view all the answers

    What is the main weakness associated with Reduced Sign-On compared to Single Sign-On (SSO)?

    <p>No inter-system session management</p> Signup and view all the answers

    Why is it recommended to combine Reduced Sign-On with two-factor authentication?

    <p>To enhance security by adding an extra layer beyond passwords</p> Signup and view all the answers

    What is a common issue that arises when access rights are not properly managed during internal transfers?

    <p>Accumulation of privileges</p> Signup and view all the answers

    Which of the following is a key step in the Access Requests and Provisioning process?

    <p>Conducting a periodic access review</p> Signup and view all the answers

    Why is two-factor authentication considered more secure than single-factor authentication?

    <p>It combines two different forms of identification</p> Signup and view all the answers

    Which type of attack method involves attempting to interfere with or gain control of a system using malicious code?

    <p>Buffer overflow</p> Signup and view all the answers

    What process includes activities such as access requests, internal transfers, terminations, periodic reviews, and audits?

    <p>Access management</p> Signup and view all the answers

    Which type of control aims to protect assets using various layers of security measures?

    <p>Defense in depth control</p> Signup and view all the answers

    What kind of testing is used to evaluate access controls through the examination of system vulnerabilities?

    <p>Application vulnerability testing</p> Signup and view all the answers

    Which method of attack aims to deceive individuals into disclosing sensitive information?

    <p>Phishing</p> Signup and view all the answers

    What principle advocates limiting user access rights to only what is essential for performing job functions?

    <p>Least privilege</p> Signup and view all the answers

    Which type of control is used to identify and respond to security incidents after they have occurred?

    <p>Corrective control</p> Signup and view all the answers

    What mechanism is employed to verify an individual's claimed identity using unique biological traits?

    <p>Biometric authentication</p> Signup and view all the answers

    'Separation of duties' in access controls refers to:

    <p>Dividing tasks between different employees</p> Signup and view all the answers

    Which type of authentication involves providing something you have (like an ID card) and something you know (like a password)?

    <p>Multi-factor authentication</p> Signup and view all the answers

    More Like This

    CISSP Domain 1: Security and Risk Management
    6 questions

    CISSP Domain 1: Security and Risk Management

    DauntlessSage avatar
    DauntlessSage
    CISSP Domain 1: Security and Risk Management
    10 questions

    CISSP Domain 1: Security and Risk Management

    RemarkableNarcissus avatar
    RemarkableNarcissus
    CISSP Security Domains - Part 1
    48 questions

    CISSP Security Domains - Part 1

    MagicJasper5520 avatar
    MagicJasper5520
    CISSP Security Domains Overview
    48 questions

    CISSP Security Domains Overview

    MagicJasper5520 avatar
    MagicJasper5520
    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser