140. a. Least assurance is achieved when two authentication proofs of something that you have (e.g., card, key, and mobile ID device) are implemented because the card and the key can be lost or stolen. Consequently, multiple uses of something that you have offer lesser access control assurance than using a combination of multifactor authentication techniques. Equivalent assurance is neutral and does not require any further action.

141. Which of the following is achieved when two authentication proofs of something that you know are implemented?

a. Least assurance

b. Increased assurance

c. Maximum assurance

d. Equivalent assurance

141. b. Increased assurance is achieved when two authentication proofs of something that you know (e.g., using two different passwords with or without PINs) are implemented. Multiple proofs of something that you know offer greater assurance than does multiple proofs of something that you have. However, multiple uses of something that you know provide equivalent assurance to a combination of multifactor authentication techniques.

142. Which of the following is achieved when “two authentication proofs of something that you are” is implemented?

a. Least assurance

b. Increased assurance

c. Maximum assurance

d. Equivalent assurance

142. c. Maximum assurance is achieved when two authentication proofs of something that you are (e.g., personal recognition by a colleague, user, or guard, and a biometric verification check) are implemented. Multiple proofs of something that you are offer the greatest assurance than does multiple proofs of something that you have or something that you know, used either alone or combined. Equivalent assurance is neutral and does not require any further action.

143. For key functions of intrusion detection and prevention system (IDPS) technologies, which of the following is referred to when an IDPS configuration is altered?

a. Tuning

b. Evasion

c. Blocking

d. Normalization

143. a. Altering the configuration of an intrusion detection and prevention system (IDPS) to improve its detection accuracy is known as tuning. IDPS technologies cannot provide completely accurate detection at all times. Access to the targeted host is blocked from the offending user account or IP address.

Evasion is modifying the format or timing of malicious activity so that its appearance changes but its effect is the same. Attackers use evasion techniques to try to prevent intrusion detection and prevention system (IDPS) technologies from detecting their attacks. Most IDPS technologies can overcome common evasion techniques by duplicating special processing performed by the targeted host. If the IDPS configuration is same as the targeted host, then evasion techniques will be unsuccessful at hiding attacks.

Some intrusion prevention system (IPS) technologies can remove or replace malicious portions of an attack to make it benign. A complex example is an IPS that acts as a proxy and normalizes incoming requests, which means that the proxy repackages the payloads of the requests, discarding header information. This might cause certain attacks to be discarded as part of the normalization process.

144. A reuse of a user’s operating system password for preboot authentication should not be practiced in the deployment of which of the following storage encryption authentication products?

a. Full-disk encryption

b. Volume encryption

c. Virtual disk encryption

d. File/folder encryption

144. a. Reusing a user’ operating system password for preboot authentication in a full (whole) disk encryption deployment would allow an attacker to learn only a single password to gain full access to the device’s information. The password could be acquired through technical methods, such as infecting the device with malware, or through physical means, such as watching a user type in a password in a public location. The correct choice is risky compared to the incorrect choices because the latter do not deal with booting a computer or pre-boot authentication.

145. All the following storage encryption authentication products may use the operating system’s authentication for single sign-on except:

a. Full-disk encryption

b. Volume encryption

c. Vi rtual disk encryption

d. File/folder encryption

145. a. Products such as volume encryption, virtual disk encryption, or file/folder encryption may use the operating system’s authentication for single sign-on (SSO). After a user authenticates to the operating system at login time, the user can access the encrypted file without further authentication, which is risky. You should not use the same single-factor authenticator for multiple purposes. A full-disk encryption provides better security than the other three choices because the entire disk is encrypted, as opposed to part of it.

146. Which of the following security mechanisms for high-risk storage encryption authentication products provides protection against authentication-guessing attempts and favors security over functionality?

a. Alert consecutive failed login attempts.

b. Lock the computer for a specified period of time.

c. Increase the delay between attempts.

d. Delete the protected data from the device.

146. d. For high-security situations, storage encryption authentication products can be configured so that too many failed attempts cause the product to delete all the protected data from the device. This approach strongly favors security over functionality. The other three choices can be used for low-security situations.

147. Recovery mechanisms for storage encryption authentication solutions require which of the following?

a. A trade-off between confidentiality and security

b. A trade-off between integrity and security

c. A trade-off between availability and security

d. A trade-off between accountability and security

147. c. Recovery mechanisms increase the availability of the storage encryption authentication solutions for individual users, but they can also increase the likelihood that an attacker can gain unauthorized access to encrypted storage by abusing the recovery mechanism. Therefore, information security management should consider the trade-off between availability and security when selecting and planning recovery mechanisms. The other three choices do not provide recovery mechanisms.

148. For identity management, which of the following requires multifactor authentication?

a. User-to-host architecture

b. Peer-to-peer architecture

c. Client host-to-server architecture

d. Trusted third-party architecture

148. a. When a user logs onto a host computer or workstation, the user must be identified and authenticated before access to the host or network is granted. This process requires a mechanism to authenticate a real person to a machine. The best methods of doing this involve multiple forms of authentication with multiple factors, such as something you know (password), something you have (physical token), and something you are (biometric verification). The other three choices do not require multifactor authentication because they use different authentication methods.