Network security authentication methods
Question 11
Question
Identity management and authentication are sometimes used interchangeably; however, they are distinct in this fundamental way:
A. Identity management is the enterprise version of authentication.
B. Authentication is a subset of identity management.
C. Identity management is a subset of authentication.
D. Digital identity is determined by authentication, not identity management.
Answer
B. Authentication is a subset of identity management.
Explanation
Identity management is the process of assigning access based on digital identity. Authentication is one of the methods used to accomplish this process, in addition to password management, identity analytics, and network and application access control. Identity management and authentication are both intrinsic to IAM programs.
Question 12
Question
Which network security authentication method may be either software- or hardware-based to be used in a single login session or transaction?
A. Single sign-on
B. Two-factor authentication
C. One-time password
D. Smart card
Answer
C. One-time password
Explanation
A one-time password is made up of automatically generated numeric or alphanumeric characters used to authenticate a user for a single transaction or login session.
Question 13
Question
Australian courts ruled in favor of a man who was fired after refusing to submit his fingerprints to his employer for biometric authentication because he was:
A. not accorded due consent processes.
B. not provided an alternative to biometrics.
C. not compliant with regulatory requirements.
D. both not accorded due consent processes and not provided an alternative to biometrics.
Answer
D. both not accorded due consent processes and not provided an alternative to biometrics.
Explanation
The man won his unfair dismissal case because the Fair Work Commission determined he was not accorded due consent processes and not provided a reasonable alternative to biometric authentication.
Question 14
Question
Though convenient for the user, single sign-on (SSO) authentication creates a single point of failure, which, if compromised, could threaten the entire organization’s security, as well as third-party application accounts.
A. True
B. False
Answer
A. True
Explanation
SSO provides users a convenient way to authenticate their identity without a username and password. However, it is also attractive to malicious actors. The problem with SSO is that it creates a single point of failure; thus, if compromised, it acts as a master key to access third-party data and applications.
Question 15
Question
Built-in cloud IAM program are _________ to implement for IT teams that manage on-premises applications, multiple cloud services, hybrid environments, distributed data stores and customized legacy systems than for organizations that run all operations on a single cloud platform.
A. more difficult
B. more simple
C. more rewarding
D. both more simple and more rewarding
Answer
A. more difficult
Explanation
Organizations with varied environments will not benefit as much from built-in IAM services from a cloud provider than organizations that run on a single cloud platform. They must either deploy multiple IAM products or find one IAM system that supports multiple environments.
Question 16
Question
The most prevailing standards used to send authorization messages between trusted partners include:
A. Open Authorization and OpenID Connect.
B. Security Assertion Markup Language and GDPR.
C. Open Authorization and Security Assertion Markup Language.
D. OpenID Connect and FIDO.
Answer
C. Open Authorization and Security Assertion Markup Language.
Explanation
Historically, Open Authorization (OAuth) and Security Assertion Markup Language (SAML) are the most commonly used standards to send authorization messages between trusted partners. However, as biometric data becomes invaluable, beware how these “trusted” partners vie for customer data and how they may introduce privacy concerns.
Question 17
Question
Which of the following categories is not used to describe authentication methods?
A. Something you like
B. Something you know
C. Something you possess
D. Something you are
Answer
A. Something you like
Explanation
According to Brett McDowell, former executive director at FIDO Alliance, authentication methods include the following three categories:
- something you know, such as a PIN or password;
- something you possess, such as a token or smart card; and
- something you are, including biometrics, such as voice or facial recognition.
Question 18
Question
The easiest method of implementing passwordless authentication in network security that still provides excellent security and user convenience is:
A. secure link via email.
B. logged-in users (Apple only).
C. one-time code via text or call.
D. facial recognition.
Answer
C. one-time code via text or call.
Explanation
The easiest passwordless authentication method to implement that is virtually hack-proof and still convenient for the user is the one-time code via text or call strategy. There is no need to enter a password, thus no password is stored on any device or server, and it only has a single-use lifetime of a few minutes.
Question 19
Question
From an architectural standpoint, the key differentiator between IAM and customer IAM (CIAM) is:
A. compliance.
B. scalability.
C. privacy.
D. price.
Answer
B. scalability.
Explanation
The most significant difference between IAM and CIAM is scalability. CIAM must be able to scale to accommodate customer traffic and spikes without sacrificing response time. If not incorporated into the CIAM architecture from the outset, this level of scalability is challenging to tack on after the fact.
Question 20
Question
Periodic IAM reviews and audits can determine an organization’s compliance with all of the following critical requirements, except:
A. U.S. Family Educational Rights and Privacy Act.
B. North American Electric Reliability Corporation.
C. GDPR.
D. Web Content Accessibility Guidelines.
Answer
D. Web Content Accessibility Guidelines.
Explanation
Audits and reviews can confirm IAM compliance with U.S. Family Educational Rights and Privacy Act and North American Electric Reliability Corporation, in addition to HIPAA, GDPR, Sarbanes-Oxley Act, ISACA, COBIT, NIST, PCI DSS and other critical requirements.
