32. In electronic authentication, which of the following is used to verify proof-of-possession of registered devices or identifiers?
a. Lookup secret token
b. Out-of-band token
c. Token lock-up feature
d. Physical security mechanism
33. In electronic authentication, which of the following are examples of weakly bound credentials?
1. Unencrypted password files
2. Signed password files
3. Unsigned public key certificates
4. Signed public key certificates
a. 1 only
b. 1 and 3
c. 1 and 4
d. 2 and 4
34. In electronic authentication, which of the following are examples of strongly bound credentials?
1. Unencrypted password files
2. Signed password files
3. Unsigned public key certificates
4. Signed public key certificates
a. 1 only
b. 1 and 3
c. 1 and 4
d. 2 and 4
35. In electronic authentication, which of the following can be used to derive, guess, or crack the value of the token secret or spoof the possession of the token?
a. Private credentials
b. Public credentials
c. Paper credentials
d. Electronic credentials
Public credentials are shared widely, do not lead to an exposure of the token secret, and have little or no confidentiality requirements. Paper credentials are documents that attest to the identity of an individual (e.g., passports, birth certificates, and employee identity cards) and are based on written signatures, seals, special papers, and special inks. Electronic credentials bind an individual’s name to a token with the use of X.509 certificates and Kerberos tickets.
36. Authorization controls are a part of which of the following?
a. Directive controls
b. Preventive controls
c. Detective controls
d. Corrective controls
Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented. Corrective controls are procedures to react to security incidents and to take remedial actions on a timely basis. Corrective controls require proper planning and preparation as they rely more on human judgment.