30 Questions
What is the main goal of modern password-based authentication techniques?
To use something derived from the passwords in order to protect them
What is the primary purpose of using authentication tokens?
To require the user to possess the tokens
What is the name of the infrastructure that can be used in conjunction with certificate-based authentication?
PKI
What is a characteristic of a good algorithm for deriving passwords?
The output of the algorithm should be the same each time it is executed
What is the name of the process that involves running an algorithm on a password to produce a derived password?
Something Derived from Passwords
What type of authentication uses physiological and behavioral characteristics?
Biometrics
What is the purpose of the server decrypting the encrypted random challenge received from the user?
To verify the user's password
What is the role of the client in Internet applications?
To encrypt the password before transmission
What is the purpose of the two encryption operations?
To provide two layers of security
What is the purpose of an authentication token?
To generate a new random value for authentication
What is the difference between the two encryption operations?
They are in no way directly related to each other
What is the purpose of SSL in Internet applications?
To provide a secure connection
What is the primary function of the answer to reset (ATR) message in a smart card?
To define the parameters and protocols that the card can use
What is the purpose of the protocol type selection (PTS) command in a smart card?
To change the protocol used and other parameters on the card
What is the role of the authentication server in creating an authentication token?
To generate the random seed for the token
What is the purpose of the pseudorandom numbers generated by an authentication token?
To authenticate the user with the one-time password
What is the relationship between the seed value and the one-time password generated by an authentication token?
The seed value is used to generate the one-time password
What happens when a smart card is inserted into a reader?
The reader performs a reset function on the card
What is the primary benefit of federated login for users?
Freedom from setting up separate login accounts for different websites
What is the role of the OpenID provider in the OpenID specification?
Registering the OpenID URL and verifying the end user's identity
What is the purpose of the crypto-secured identifier in OpenID?
To enable the relying party to recognize the user across multiple sessions
Which of the following is NOT a role defined in the OpenID specification?
Resource provider
What is the outcome of the authentication process in OpenID?
The OpenID provider returns a crypto-secured identifier to the relying party
Which of the following companies sponsors OpenID?
Facebook, Microsoft, Google, PayPal, Ping Identity, Symantec, and Yahoo
What is the primary function of OAuth Authorization framework?
To determine what resources a user will be able to access
What is the purpose of OpenID Connect in the context of OAuth?
To handle single sign-on authentication
What is the term for the process of determining rights in access control?
Policy enforcement
What is the purpose of labeling objects in Mandatory Access Control (MAC)?
To limit operations based on security clearance levels
What is the term for the process of ensuring only authorized rights are exercised?
Authorization
What is the broader context of access control related to?
Policy enforcement and authorization
Test your knowledge of user authentication techniques, including password-based methods, authentication tokens, and more. Learn about different approaches to verify user identities.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free