Review Questions
1. Determining what a user did on a system is called _____.
A. identification
B. authentication
C. authorization
D. accounting
2. Which of the following is NOT an authentication method?
A. what a user knows
B. what a user has
C. what a user discovers
D. what a user is
3. One-time passwords that utilize a token with an algorithm and synchronized time
setting is known as a(n) __________.
A. time-signature OTP
B. challenge-based OTP
C. time-synchronized OTP
D. token OTP
4. Which of the following is a difference between a time-synchronized OTP and a
challenge-based OTP?
A. Only time-synchronized OTPs use tokens.
B. The user must enter the challenge into the token with a challenge-based
OTP.
C. Challenge-based OTPs use authentication servers while time-synchronized OTPs
do not.
D. Time-synchronized OTPs cannot be used with Web accounts while challengebased OTPs can.
5. Keystroke dynamics is an example of what type of biometrics?
A. behavioral biometrics
B. cognitive biometrics
C. adaptive biometrics
D. resource biometrics
6. Creating a pattern of when and from where a user accesses a remote Web account
is an example of ________.
A. computer footprinting
B. Time-Location Resource Monitoring (TLRM)
C. cognitive biometrics
D. keystroke dynamics
7. _____ is a decentralized open source FIM that does not require specific software
to be installed on the desktop.
A. Windows CardSpace
B. OpenID
C. Windows Live ID
D. .NET Login
8. A RADIUS authentication server requires that the _____ must be authenticated
first.
A. supplicant
B. authenticator
C. authentication server
D. user
9. Each of the following make up the AAA elements in network security except
_______.
A. determining user need (analyzing)
B. controlling access to network resources (authentication)
C. enforcing security policies (authorization)
D. auditing usage (accounting)
10. Each of the following human characteristics can be used for biometric
identification except _______.
A. weight
B. fingerprint
C. retina
D. face
11. _____ biometrics is related to the perception, thought processes, and
understanding of the user.
A. Behavioral
B. Standard
C. Cognitive
D. Intelligence
12. Using one authentication to access multiple accounts or applications is known as
_______.
A. credentialization
B. identification authentication
C. federal login
D. single sign-on
13. With the development of IEEE 802.1x port security, the authentication server
_____ has seen even greater usage.
A. DAP
B. RADIUS
C. AAA
D. RDAP
14. A(n) _____ makes a request to join the network.
A. authenticator
B. Resource Allocation Entity (RAE)
C. applicant
D. supplicant
15. _____ is an authentication protocol available as a free download and runs on
Microsoft Windows Vista, Windows Server 2008, Apple Mac OS X, and Linux.
A. IEEE 802.1x
B. RADIUS
C. Kerberos
D. LDAP
16. The version of the X.500 standard that runs on a personal computer over TCP/IP
is_____.
A. DAP
B. LDAP
C. IEEE X.501
D. Lite RDAP
17. The management protocol of IEEE 802.1x that governs the interaction between
the system, authenticator, and RADIUS server is known as _____.
A. RADIUS Server Protocol
B. Authentication Protocol
C. Transmission Control Protocol (TCP)
D. Extensible Authentication Protocol (EAP)
18. Which of the following protocols is the strongest?
A. EAP with Transport Layer Security (EAP-TLS)
B. Password Authentication Protocol (PAP)
C. Challenge-Handshake Authentication Protocol (CHAP)
D. Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP)
19. A user-to-LAN virtual private network connection used by remote users is called
a(n) _____.
A. site-to-site VPN
B. remote –access VPN
C. endpoint VPN
D. concentration VPN
20. Endpoints that provide _____ capability require that a separate VPN client
application be installed on each device that connects to a VPN server.
A. built-in VPN
B. transparent endpoint VPN
C. pass-through VPN
D. concentration VPN