User Authentication Mechanisms

Questions and Answers

What is the main goal of modern password-based authentication techniques?

To encrypt passwords and store them in the database

To use something derived from the passwords in order to protect them (correct)

To add randomness to the password-based mechanism

To use the password itself for authentication

What is the primary purpose of using authentication tokens?

To use something derived from the passwords

To store the password itself in the database

To require the user to possess the tokens (correct)

To add randomness to the password-based mechanism

What is the name of the infrastructure that can be used in conjunction with certificate-based authentication?

PKI (correct)

SHA-1

Smart Cards

MD5

What is a characteristic of a good algorithm for deriving passwords?

The output of the algorithm should be the same each time it is executed

What is the name of the process that involves running an algorithm on a password to produce a derived password?

Something Derived from Passwords

What type of authentication uses physiological and behavioral characteristics?

Biometrics

What is the purpose of the server decrypting the encrypted random challenge received from the user?

To verify the user's password

What is the role of the client in Internet applications?

To encrypt the password before transmission

What is the purpose of the two encryption operations?

To provide two layers of security

What is the purpose of an authentication token?

To generate a new random value for authentication

What is the difference between the two encryption operations?

They are in no way directly related to each other

What is the purpose of SSL in Internet applications?

To provide a secure connection

What is the primary function of the answer to reset (ATR) message in a smart card?

To define the parameters and protocols that the card can use

What is the purpose of the protocol type selection (PTS) command in a smart card?

To change the protocol used and other parameters on the card

What is the role of the authentication server in creating an authentication token?

To generate the random seed for the token

What is the purpose of the pseudorandom numbers generated by an authentication token?

To authenticate the user with the one-time password

What is the relationship between the seed value and the one-time password generated by an authentication token?

The seed value is used to generate the one-time password

What happens when a smart card is inserted into a reader?

The reader performs a reset function on the card

What is the primary benefit of federated login for users?

Freedom from setting up separate login accounts for different websites

What is the role of the OpenID provider in the OpenID specification?

Registering the OpenID URL and verifying the end user's identity

What is the purpose of the crypto-secured identifier in OpenID?

To enable the relying party to recognize the user across multiple sessions

Which of the following is NOT a role defined in the OpenID specification?

Resource provider

What is the outcome of the authentication process in OpenID?

The OpenID provider returns a crypto-secured identifier to the relying party

Which of the following companies sponsors OpenID?

Facebook, Microsoft, Google, PayPal, Ping Identity, Symantec, and Yahoo

What is the primary function of OAuth Authorization framework?

To determine what resources a user will be able to access

What is the purpose of OpenID Connect in the context of OAuth?

To handle single sign-on authentication

What is the term for the process of determining rights in access control?

Policy enforcement

What is the purpose of labeling objects in Mandatory Access Control (MAC)?

To limit operations based on security clearance levels

What is the term for the process of ensuring only authorized rights are exercised?

Authorization

What is the broader context of access control related to?

Policy enforcement and authorization