Podcast
Questions and Answers
What is the main goal of modern password-based authentication techniques?
What is the main goal of modern password-based authentication techniques?
- To encrypt passwords and store them in the database
- To use something derived from the passwords in order to protect them (correct)
- To add randomness to the password-based mechanism
- To use the password itself for authentication
What is the primary purpose of using authentication tokens?
What is the primary purpose of using authentication tokens?
- To use something derived from the passwords
- To store the password itself in the database
- To require the user to possess the tokens (correct)
- To add randomness to the password-based mechanism
What is the name of the infrastructure that can be used in conjunction with certificate-based authentication?
What is the name of the infrastructure that can be used in conjunction with certificate-based authentication?
- PKI (correct)
- SHA-1
- Smart Cards
- MD5
What is a characteristic of a good algorithm for deriving passwords?
What is a characteristic of a good algorithm for deriving passwords?
What is the name of the process that involves running an algorithm on a password to produce a derived password?
What is the name of the process that involves running an algorithm on a password to produce a derived password?
What type of authentication uses physiological and behavioral characteristics?
What type of authentication uses physiological and behavioral characteristics?
What is the purpose of the server decrypting the encrypted random challenge received from the user?
What is the purpose of the server decrypting the encrypted random challenge received from the user?
What is the role of the client in Internet applications?
What is the role of the client in Internet applications?
What is the purpose of the two encryption operations?
What is the purpose of the two encryption operations?
What is the purpose of an authentication token?
What is the purpose of an authentication token?
What is the difference between the two encryption operations?
What is the difference between the two encryption operations?
What is the purpose of SSL in Internet applications?
What is the purpose of SSL in Internet applications?
What is the primary function of the answer to reset (ATR) message in a smart card?
What is the primary function of the answer to reset (ATR) message in a smart card?
What is the purpose of the protocol type selection (PTS) command in a smart card?
What is the purpose of the protocol type selection (PTS) command in a smart card?
What is the role of the authentication server in creating an authentication token?
What is the role of the authentication server in creating an authentication token?
What is the purpose of the pseudorandom numbers generated by an authentication token?
What is the purpose of the pseudorandom numbers generated by an authentication token?
What is the relationship between the seed value and the one-time password generated by an authentication token?
What is the relationship between the seed value and the one-time password generated by an authentication token?
What happens when a smart card is inserted into a reader?
What happens when a smart card is inserted into a reader?
What is the primary benefit of federated login for users?
What is the primary benefit of federated login for users?
What is the role of the OpenID provider in the OpenID specification?
What is the role of the OpenID provider in the OpenID specification?
What is the purpose of the crypto-secured identifier in OpenID?
What is the purpose of the crypto-secured identifier in OpenID?
Which of the following is NOT a role defined in the OpenID specification?
Which of the following is NOT a role defined in the OpenID specification?
What is the outcome of the authentication process in OpenID?
What is the outcome of the authentication process in OpenID?
Which of the following companies sponsors OpenID?
Which of the following companies sponsors OpenID?
What is the primary function of OAuth Authorization framework?
What is the primary function of OAuth Authorization framework?
What is the purpose of OpenID Connect in the context of OAuth?
What is the purpose of OpenID Connect in the context of OAuth?
What is the term for the process of determining rights in access control?
What is the term for the process of determining rights in access control?
What is the purpose of labeling objects in Mandatory Access Control (MAC)?
What is the purpose of labeling objects in Mandatory Access Control (MAC)?
What is the term for the process of ensuring only authorized rights are exercised?
What is the term for the process of ensuring only authorized rights are exercised?
What is the broader context of access control related to?
What is the broader context of access control related to?